Common: Configure sshd

coreos-config/plays/common.yaml

@@ -1,3 +1,54 @@
+- name: Setup SSH Config
+  hosts: all
+  become: true
+  become_user: root
+  tags:
+    - setup_ssh
+    - setup
+  tasks:
+    - name: Authorized_keys dir present
+      ansible.builtin.file:
+        state: directory
+        path: /etc/ssh/authorized_keys
+        owner: root
+        group: root
+        mode: '0755'
+    - name: Deploy CI SSH-Key
+      ansible.posix.authorized_key:
+        user: "{{ ansible_user }}"
+        state: present
+        manage_dir: false
+        path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
+        key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/2H7n27J7/xFAyQpE7r29UxTP5jttLRe6RhAC/Ndam drone-deploy"
+    - name: Deploy Common SSH-Keys
+      ansible.posix.authorized_key:
+        user: "{{ ansible_user }}"
+        state: present
+        manage_dir: false
+        path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
+        key: "{{ item }}"
+      loop: "{{ common.ssh.authorized_keys }}"
+    - name: Ensure authorized_keys ownership
+      ansible.builtin.file:
+        state: directory
+        path: /etc/ssh/authorized_keys
+        owner: root
+        group: root
+        mode: "u=rwX,g=rX,o=rX"
+        recurse: true
+    - name: Configure sshd
+      ansible.builtin.template:
+        src: 'sshd_config.j2'
+        dest: '/etc/ssh/sshd_config.d/99-override.conf'
+        owner: root
+        group: root
+        mode: '0600'
+    - name: Remove Keys Config
+      ansible.builtin.file:
+        state: absent
+        path: /etc/ssh/ssh_config.d/40-ssh-key-dir.conf
+
+
 - name: Backup
   hosts: backup
   become: true
@@ -135,6 +186,7 @@
   tags:
     - never
     - setup_monitoring
+    - setup
   tasks:
     - name: Login to Kuma
       delegate_to: localhost

coreos-config/plays/templates/sshd_config.j2

@@ -0,0 +1 @@
+AuthorizedKeysFile /etc/ssh/authorized_keys/%u