roles/debian-base/tasks/main.yml

@@ -6,8 +6,8 @@
   tags: resolv
 - import_tasks: timesync.yml
   tags: timesync
-- import_tasks: ssh.yml
-  tags: ssh
+- import_tasks: sshd_configure.yml
+  tags: sshd_configure
 - import_tasks: defuser.yml
   tags: defuser
 - import_tasks: install.yml

roles/debian-base/tasks/sshd_configure.yml

@@ -0,0 +1,17 @@
+- name: Configure sshd_config settings
+  copy:
+    dest: /etc/ssh/sshd_config.d/vn-listenipv4.conf
+    content: |
+      # Do not edit this file! Ansible will overwrite it.
+      ListenAddress 0.0.0.0
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify: restart sshd
+- name: Deploy custom authorized_keys for root
+  copy:
+    dest: /root/.ssh/authorized_keys2
+    content: "{{ public_keys }}"
+    owner: root
+    group: root
+    mode: u=rw,g=,o=

roles/debian-guest/handlers/main.yml

@@ -2,3 +2,7 @@
   service:
     name: nslcd
     state: restarted
+- name: restart-ssh
+  systemd:
+    name: ssh
+    state: restarted

roles/debian-guest/tasks/main.yml

@@ -2,3 +2,5 @@
   tags: auth
 - import_tasks: sudoers.yml
   tags: sudoers
+- import_tasks: ssh_keys.yml
+  tags: ssh_keys

roles/debian-guest/tasks/ssh_keys.yml

@@ -18,14 +18,4 @@
       path: /etc/vn.ini
       section: witness
       option: ssh_keys_generated
-      value: true
-- name: Configure sshd_config settings
-  copy:
-    dest: /etc/ssh/sshd_config.d/vn-listenipv4.conf
-    content: |
-      # Do not edit this file! Ansible will overwrite it.
-      ListenAddress 0.0.0.0
-    owner: root
-    group: root
-    mode: u=rw,g=r,o=r
-  notify: restart sshd
+      value: true