vn-ansible/roles/debian-base/tasks/ssh.yml

- name: Set the SSH keys generated witness variable
  set_fact:
    ssh_keys_generated: "{{ vn_ini.witness.ssh_keys_generated | default(false) }}"
- when: vn_witness_checked and not ssh_keys_generated
  block:
  - name: Generate SSH key pairs
    openssh_keypair:
      path: "/etc/ssh/ssh_host_{{ item.type }}_key"
      type: "{{ item.type }}"
      force: yes
    loop:
      - { type: 'rsa' }
      - { type: 'ecdsa' }
      - { type: 'ed25519' }
    notify: restart sshd
  - name: Set SSH keys generated witness
    ini_file:
      path: /etc/vn.ini
      section: witness
      option: ssh_keys_generated
      value: true
- name: Configure sshd_config settings
  copy:
    dest: /etc/ssh/sshd_config.d/vn-listenipv4.conf
    content: |
      # Do not edit this file! Ansible will overwrite it.
      ListenAddress 0.0.0.0      
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: restart sshd