infrastructure/roles/sshd/tasks/main.yml

- name: Install openssh
  pacman: name=openssh state=present

- name: Configure sshd
  template: src=sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0644 validate='/usr/sbin/sshd -t -f %s'
  notify:
    - Restart sshd

- name: Install motd
  template: src=motd.j2 dest=/etc/motd owner=root group=root mode=0644

- name: Create the includes dir
  file: path="{{ sshd_includes_dir }}" state=directory mode=0755
  when: sshd_enable_includes

- name: Start and enable sshd
  service: name=sshd enabled=yes state=started

- name: Open firewall holes
  ansible.posix.firewalld: service={{ 'ssh' if ansible_port is not defined else omit }} port={{ "%d/tcp" | format(ansible_port) if ansible_port is defined else omit }} permanent=true state=enabled immediate=yes
  when: configure_firewall is defined and configure_firewall
  tags:
    - firewall