From acb8b4fb7735753ed0438c7541470614e4b5fac3 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 31 Jul 2022 17:39:15 +0300
Subject: ssh-dev: use sshd role from debian-ansible

Sponsored-by: author
---
 ansible/ssh-dev.yml | 68 ++---------------------------------------------------
 1 file changed, 2 insertions(+), 66 deletions(-)

diff --git a/ansible/ssh-dev.yml b/ansible/ssh-dev.yml
index d05cca4..8f3bf17 100644
--- a/ansible/ssh-dev.yml
+++ b/ansible/ssh-dev.yml
@@ -4,71 +4,7 @@
   roles:
     - role: sane_debian_system
     - role: unix_users
-  tasks:
-    - name: "Set SSH host identity"
-      when: sshd_host_key is defined and sshd_host_cert is defined
-      copy:
-        content: |
-          {{ sshd_host_key }}
-        dest: /etc/ssh/ssh_host_key
-        owner: root
-        group: root
-        mode: 0600
-      notify: sshd_restart
-
-    - name: "Set SSH host certificate"
-      when: sshd_host_key is defined and sshd_host_cert is defined
-      copy:
-        content: |
-          {{ sshd_host_cert }}
-        dest: /etc/ssh/ssh_host_key-cert.pub
-      notify: sshd_restart
-
-    - name: "Configure SSH server host key"
-      when: sshd_host_key is defined and sshd_host_cert is defined
-      copy:
-        content: |
-          HostKeyAlgorithms ssh-ed25519
-          HostKey /etc/ssh/ssh_host_key
-          HostCertificate /etc/ssh/ssh_host_key-cert.pub
-        dest: /etc/ssh/sshd_config.d/host_id.conf
-      notify: sshd_restart
-
-    - name: "Remove obsolete SSH host keys and certificates"
-      when: sshd_host_key is defined and sshd_host_cert is defined
-      shell: |
-        find /etc/ssh -maxdepth 1 -type f -name "ssh_host_*_key*" -delete
-      notify: sshd_restart
-
-    - name: "Configure SSH server port"
-      when: sshd_port is defined
-      copy:
-        content: |
-          Port {{ sshd_port }}
-        dest: /etc/ssh/sshd_config.d/port.conf
-      notify: sshd_restart
-
-    - name: "Configure user CA for SSH server"
-      when: sshd_user_ca_pub is defined
-      copy:
-        content: |
-          {{ sshd_user_ca_pub }}
-        dest: /etc/ssh/user_ca_pubs
-      notify: sshd_restart
-
-    - name: "Configure SSH server to accept user CA"
-      when: sshd_user_ca_pub is defined
-      copy:
-        content: |
-          TrustedUserCAKeys /etc/ssh/user_ca_pubs
-        dest: /etc/ssh/sshd_config.d/user_ca.conf
-      notify: sshd_restart
-
-  handlers:
-    - name: sshd_restart
-      systemd:
-        name: ssh
-        state: restarted
+    - role: sshd
   vars:
     ansible_python_interpreter: /usr/bin/python3
 
@@ -81,9 +17,9 @@
     unix_users:
       - username: liw
 
+    sshd_version: 1
     sshd_port: 22
     sshd_user_ca_pub: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdSnGI91exKItWsZi0XFVQWluS0FUdd12FLjuQk1FxG liw User CA v1
-
     sshd_host_key: |
       -----BEGIN OPENSSH PRIVATE KEY-----
       b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-- 
cgit v1.2.1