--- - name: Ensure openssh-server is installed ansible.builtin.apt: name: openssh-server state: present update_cache: true - name: Render hardened sshd drop-in ansible.builtin.template: src: sshd_hardening.conf.j2 dest: /etc/ssh/sshd_config.d/10-boma.conf owner: root group: root mode: "0644" notify: reload sshd - name: Validate the full sshd config (drop-in included) ansible.builtin.command: sshd -t changed_when: false - name: Authorise control SSH keys for the ansible user ansible.posix.authorized_key: user: "{{ ansible_user | default('ansible') }}" key: "{{ base__ssh_authorised_keys | join('\n') }}" exclusive: true when: base__ssh_authorised_keys | length > 0