Don't gather facts

Demonstrating the implementation without dependencies.

.ansible-lint

@@ -1,7 +1,10 @@
+profile: production
+
 skip_list:
     - galaxy[no-changelog]
-    - meta-runtime[unsupported-version]
 
 mock_roles:
     - slococo.playground.ssh_config
     - slococo.playground.local_accounts
+    - slococo.playground_nodeps.ssh_config
+    - slococo.playground_nodeps.local_accounts

.gitignore

@@ -1,4 +1,4 @@
 .vscode
-inventory
+/inventory
 ansible.cfg
 test.sh

.pre-commit-config.yaml

@@ -7,7 +7,7 @@ repos:
       - id: end-of-file-fixer
       - id: trailing-whitespace
   - repo: https://github.com/ansible/ansible-lint
-    rev: v6.20.0
+    rev: v24.2.2
     hooks:
       - id: ansible-lint
   - repo: https://github.com/psf/black

README.md

@@ -7,7 +7,7 @@ This collection includes tasks to configure SSH and add local user accounts. It
 ### 1. Install the Collection
 
 ```bash
-ansible-galaxy collection install git+https://git.slc.ar/slococo/ansible-playground.git#/slococo
+ansible-galaxy collection install https://git.slc.ar/slococo/ansible-playground/releases/download/v1.0.0/slococo-playground-1.0.0.tar.gz
 ```
 
 ### 2. Create an inventory file
@@ -54,3 +54,13 @@ Upon successful execution, the playbook will:
 - Expiry Date: The account should expire at the end of 2024.
 - Home Directory: `/home/local_log`
 - Groups: The user should only belong to its primary group.
+
+Moreover, since the second user has the passwordless option set to true, a key will be created in `/tmp/id_ed25519_local_log` on the Ansible control node. This key, once generated, allows for passwordless login as `local_log`. To initiate such login, simply execute the following command:
+
+```bash
+ssh local_log@<IP_ADDRESS_OR_HOSTNAME> -i /tmp/id_ed25519_local_log
+```
+
+## Additional note
+
+Within the `slococo` namespace, you will find two collections: `playground` and `playground_nodeps`. Both serve the same purpose, but the latter is intended for demonstrating how this could be achieved without using dependencies. However, it is not the primary one, as it makes the `local_accounts` role slightly less readable, in my opinion.

slococo/playground/README.md

@@ -26,7 +26,8 @@ This role configures multiple local user accounts on the target host as specifie
   - `groups`: List of groups the user belongs to (optional)
   - `passwordless`: Enable or disable passwordless authentication (optional)
 
-- `local_accounts_pk_path`: Path to the private key on the Ansible control node (optional)
+- `local_accounts_key_path`: Path to the private key on the Ansible control node (optional)
+- `local_accounts_key_type`: Type of the private key used for SSH authentication (optional)
 
 ### Usage
 

slococo/playground/meta/runtime.yml

@@ -1,2 +1,2 @@
 ---
-requires_ansible: ">=2.12.0"
+requires_ansible: ">=2.14.0"

slococo/playground/molecule/default/converge.yml

@@ -1,32 +0,0 @@
----
-- name: Converge
-  hosts: all
-  become: true
-
-  pre_tasks:
-    - name: Update the apt cache and install openssh packages
-      ansible.builtin.apt:
-        update_cache: true
-        name:
-          - openssh-server
-          - openssh-client
-        state: present
-
-    - name: Restart ssh service
-      ansible.builtin.service:
-        name: sshd
-        state: started
-
-  roles:
-    - role: slococo.playground.ssh_config
-    - role: slococo.playground.local_accounts
-      vars:
-        local_accounts_list:
-          - name: local_adm
-            shell: /bin/bash
-            userid: 38000087
-          - name: local_log
-            shell: /bin/sh
-            userid: 38000088
-            expiry_date: '2024-12-31'
-            passwordless: true

slococo/playground/molecule/default/molecule.yml

@@ -1,13 +1,11 @@
 ---
 dependency:
   name: galaxy
-  ooptions:
-    ignore-errors: true
 driver:
   name: docker
 platforms:
   - name: instance
-    image: "docker.io/geerlingguy/docker-debian11-ansible:latest"
+    image: "slococo/dam-testing:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
@@ -20,4 +18,4 @@ provisioner:
     defaults:
       remote_tmp: /tmp
   playbooks:
-    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+    converge: ${MOLECULE_PLAYBOOK:-../../playbooks/main.yml}

slococo/playground/playbooks/main.yml

@@ -1,7 +1,7 @@
 - name: Configure SSH and add user accounts
   hosts: all
   become: true
-  gather_facts: true
+  gather_facts: false
 
   roles:
     - role: slococo.playground.ssh_config

slococo/playground/roles/local_accounts/README.md

@@ -23,7 +23,8 @@ local_accounts_list:
     groups:                # List of groups the local user belongs to (optional, default: its own group)
     passwordless:          # Boolean value indicating whether SSH key pairs should be generated for passwordless authentication (optional, default: false)
 
-local_accounts_pk_path:    # Path to the private key on the Ansible control node (optional, default: "/tmp")
+local_accounts_key_path:    # Path to the private and public keys on the Ansible control node (optional, default: "/tmp")
+local_accounts_key_type:    # Type of the private key used for SSH authentication (optional, default: "ed25519")
 ```
 
 Example Playbook

slococo/playground/roles/local_accounts/defaults/main.yml

@@ -1,2 +1,4 @@
 ---
 local_accounts_list: []
+local_accounts_key_path: "/tmp"
+local_accounts_key_type: "ed25519"

slococo/playground/roles/local_accounts/meta/argument_specs.yml

@@ -33,15 +33,20 @@ argument_specs:
           groups:
             type: list
             required: false
-            default: ""
+            default: "{{ name if name is defined else '' }}"
             description: The primary group for the local user.
           passwordless:
             type: bool
             required: false
             default: false
             description: Boolean value indicating whether SSH key pairs should be generated for passwordless authentication.
-      local_accounts_pk_path:
+      local_accounts_key_path:
         type: str
         required: false
         default: /tmp
-        description: "Path to the private key on the Ansible control node. If not provided, the default path will be /tmp."
+        description: "Path to the private and public keys on the Ansible control node."
+      local_accounts_key_type:
+        type: str
+        required: false
+        default: "ed25519"
+        description: "Type of the private key used for SSH authentication. Options include 'ed25519', 'rsa', etc."

slococo/playground/roles/local_accounts/tasks/main.yml

@@ -9,21 +9,25 @@
     groups: "{{ item.groups | default(omit) }}"
   loop: "{{ local_accounts_list }}"
 
-- name: Add home
+- name: Add key_path to the user accounts
   ansible.builtin.set_fact:
-    accounts_with_home: "{{ accounts_with_home | default([]) + [item | combine({'home': item.home | default('/home/' + item.name)})] }}"
+    local_accounts_list_agg: >-
+      {{
+      local_accounts_list_agg | default([]) + [
+        item | combine({
+          'home': item.home | default('/home/' + item.name),
+          'key_path': local_accounts_key_path | regex_replace('/$', '') + '/id_' + local_accounts_key_type + '_' + item.name
+        })
+      ]
+      }}
   loop: "{{ local_accounts_list }}"
-
-- name: Determine key path
-  ansible.builtin.set_fact:
-    key_path: "{{ (local_accounts_pk_path | default('/tmp')) | regex_replace('/$', '') }}/id_rsa"
+  when: item.passwordless | default(false) | bool
 
 - name: Generate SSH key pairs for local users
   community.crypto.openssh_keypair:
-    path: "{{ key_path }}_{{ item.name }}"
-    type: ed25519
-  loop: "{{ accounts_with_home }}"
-  when: item.passwordless | default(false) | bool
+    path: "{{ item.key_path }}"
+    type: "{{ local_accounts_key_type }}"
+  loop: "{{ local_accounts_list_agg | default([]) }}"
   delegate_to: localhost
   run_once: true
   become: false
@@ -35,15 +39,14 @@
     owner: "{{ item.name }}"
     group: "{{ item.name }}"
     mode: '0700'
-  loop: "{{ accounts_with_home }}"
-  when: item.passwordless | default(false) | bool
+  loop: "{{ local_accounts_list_agg | default([]) }}"
 
 - name: Copy public keys to authorized_keys for passwordless authentication
   ansible.builtin.copy:
-    content: "{{ lookup('file', key_path + '_' + item.name + '.pub') }}"
+    content: "{{ lookup('file', item.key_path + '.pub') }}"
     dest: "{{ item.home }}/.ssh/authorized_keys"
     owner: "{{ item.name }}"
     group: "{{ item.name }}"
     mode: '0600'
-  loop: "{{ accounts_with_home }}"
-  when: not ansible_check_mode and item.passwordless | default(false) | bool
+  loop: "{{ local_accounts_list_agg | default([]) }}"
+  when: not ansible_check_mode

slococo/playground/roles/local_accounts/tests/test.yml

@@ -16,6 +16,37 @@
         expiry_date: '2024-12-31'
         home: /home/test_user2_another
         groups: ['docker', 'root']
+        passwordless: true
 
   roles:
-    - role: slococo.playground.local_accounts
+    - slococo.playground.local_accounts
+
+  tasks:
+    - name: Ensure all the users are present with the correct values
+      ansible.builtin.user:
+        name: "{{ item.name }}"
+        shell: "{{ item.shell }}"
+        uid: "{{ item.userid }}"
+        expires: "{{ (((item.expiry_date + ' 00:00:00') | to_datetime).strftime('%s')) if item.expiry_date is defined else omit }}"
+        home: "{{ item.home | default('/home/' + item.name) }}"
+        groups: "{{ item.groups | default(omit) }}"
+        state: present
+      loop: "{{ local_accounts_list }}"
+
+    - name: Ensure SSH key pair was created for each user
+      ansible.builtin.file:
+        path: "{{ item.key_path }}"
+      loop: "{{ local_accounts_list_agg | default([]) }}"
+
+    - name: Test SSH connection for each user
+      ansible.builtin.shell: >
+        ssh -T -i {{ item.key_path }}
+          -o StrictHostKeyChecking=no
+          -o BatchMode=yes
+          -o ConnectTimeout=5
+          {{ item.name }}@localhost
+      loop: "{{ local_accounts_list_agg | default([]) }}"
+      ignore_errors: true
+      register: ssh_results
+      changed_when: false
+      failed_when: ssh_results.rc != 0

slococo/playground/roles/ssh_config/tests/test.yml

@@ -11,3 +11,20 @@
 
   roles:
     - role: slococo.playground.ssh_config
+
+  tasks:
+    - name: Check SSH daemon configuration
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: "^{{ item.key }}"
+        line: "{{ item.key }} {{ item.value }}"
+        state: present
+        mode: '0644'
+      loop: "{{ ssh_config_options | dict2items }}"
+      check_mode: true
+      register: ssh_config_result
+
+    - name: Fail if any change occurred
+      ansible.builtin.fail:
+        msg: "A change occurred in SSH daemon configuration."
+      when: ssh_config_result.changed and not ansible_check_mode

slococo/playground_nodeps/LICENSE.md

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Santiago Lo Coco.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

slococo/playground_nodeps/README.md

@@ -0,0 +1,103 @@
+# Ansible Collection - slococo.playground_nodeps
+
+## Overview
+
+This Ansible collection contains two roles: `local_accounts` and `ssh_config`. These roles are designed to automate the configuration of local user accounts and SSH daemon settings on target hosts.
+
+## Requirements
+
+- Ansible version supporting collections (`ansible-core` > 2.12)
+
+## Role: local_accounts
+
+### Description
+
+This role configures multiple local user accounts on the target host as specified in a list of dictionaries variable.
+
+### Variables
+
+- `local_users`: List of dictionaries defining each local user account with the following fields:
+  - `name`: Username
+  - `shell`: Login shell for the user
+  - `userid`: User ID
+  - `expiry_date`: Expiry date for the account (optional)
+  - `home`: Path for the home directory (optional)
+  - `groups`: List of groups the user belongs to (optional)
+  - `passwordless`: Enable or disable passwordless authentication (optional)
+
+- `local_accounts_key_path`: Path to the private key on the Ansible control node (optional)
+- `local_accounts_key_type`: Type of the private key used for SSH authentication (optional)
+
+### Usage
+
+Include the `local_accounts` role in your playbook and define the `local_users` variable accordingly.
+
+```yaml
+- name: Configure local accounts
+  hosts: target_hosts
+  roles:
+    - role: slococo.playground_nodeps.local_accounts
+      vars:
+        local_accounts_list:
+          - name: local_adm
+            shell: /bin/bash
+            userid: 38000087
+          - name: local_log
+            shell: /bin/sh
+            userid: 38000088
+            expiry_date: "2024-12-31"
+```
+
+## Role: ssh_config
+
+### Description
+
+This role ensures the SSH daemon on the target host has specific options configured.
+
+### Variables
+
+- `ssh_config_options`: Dictionary containing SSH configuration options. Each option is a key-value pair where the key represents the SSH option as found in `/etc/ssh/sshd_config`, and the value represents the desired value for that option.
+
+Example:
+
+```yaml
+ssh_config_options:
+  PasswordAuthentication: 'yes'
+```
+
+### Usage
+
+Include the `ssh_config` role in your playbook.
+
+```yaml
+- name: Configure SSH
+  hosts: target_hosts
+  roles:
+    - role: slococo.playground_nodeps.ssh_config
+```
+
+### SSH Configuration
+
+The role ensures the following SSH options are configured with the specified values:
+
+- `PasswordAuthentication`: yes
+- `PermitEmptyPasswords`: no
+- `PermitRootLogin`: no
+
+## Molecule testing
+
+This collection includes Molecule tests to ensure the correctness of the roles. Molecule is a testing framework for Ansible roles.
+
+### Prerequisites
+
+Before running the Molecule tests, ensure that Molecule is installed. You can find installation instructions in the [official Molecule documentation](https://molecule.readthedocs.io/en/latest/installation.html).
+
+### Running tests
+
+Once Molecule is installed, you can run the tests by executing the following command in the root directory of the collection:
+
+```bash
+molecule test
+```
+
+This command will run both roles (`local_accounts` and `ssh_config`) in a Docker container, simulating real-world scenarios.

slococo/playground_nodeps/galaxy.yml

@@ -0,0 +1,22 @@
+namespace: slococo
+name: playground_nodeps
+version: 1.0.0
+readme: README.md
+
+authors:
+  - Santiago Lo Coco <slococo@slc.ar>
+
+description: This collection contains roles to manage SSH settings and create local user accounts.
+
+license:
+  - MIT
+license_file: LICENSE.md
+
+tags:
+  - users
+  - ssh
+  - config
+  - tools
+
+repository: https://git.slc.ar/slococo/ansible-playground
+issues: https://git.slc.ar/slococo/ansible-playground/issues

slococo/playground_nodeps/meta/runtime.yml

@@ -0,0 +1,2 @@
+---
+requires_ansible: ">=2.14.0"

slococo/playground_nodeps/molecule/default/molecule.yml

@@ -0,0 +1,21 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: "slococo/dam-testing:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      remote_tmp: /tmp
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-../../playbooks/main.yml}

slococo/playground_nodeps/playbooks/main.yml

@@ -0,0 +1,18 @@
+- name: Configure SSH and add user accounts
+  hosts: all
+  become: true
+  gather_facts: true
+
+  roles:
+    - role: slococo.playground_nodeps.ssh_config
+    - role: slococo.playground_nodeps.local_accounts
+      vars:
+        local_accounts_list:
+          - name: local_adm
+            shell: /bin/bash
+            userid: 38000087
+          - name: local_log
+            shell: /bin/sh
+            userid: 38000088
+            expiry_date: '2024-12-31'
+            passwordless: true

slococo/playground_nodeps/roles/local_accounts/README.md

@@ -0,0 +1,47 @@
+local_accounts
+=========
+
+An Ansible Role to create local user accounts.
+
+Requirements
+------------
+
+- Ansible 2.12.0 or later
+- This role requires elevated privileges. Make sure to set `become: true` when using this role.
+
+Role Variables
+--------------
+
+```yaml
+local_accounts_list:
+  - name:                  # Username for the local user (required)
+    shell:                 # Shell for the local user (required)
+    userid:                # User ID for the local user (required)
+    expiry_date:           # Expiry date for the local user in the format 'YYYY-MM-DD' (optional, default: never)
+    home:                  # Home directory path for the local user (optional, default: "/home/{{ name }}")
+    groups:                # List of groups the local user belongs to (optional, default: its own group)
+    passwordless:          # Boolean value indicating whether SSH key pairs should be generated for passwordless authentication (optional, default: false)
+
+local_accounts_key_path:    # Path to the private and public keys on the Ansible control node (optional, default: "/tmp")
+local_accounts_key_type:    # Type of the private key used for SSH authentication (optional, default: "ed25519")
+```
+
+Example Playbook
+----------------
+
+```yaml
+    - hosts: servers
+      vars:
+        local_accounts_list:
+          - name: test_user1
+            shell: /bin/bash
+            userid: 1001
+
+      roles:
+         - { role: slococo.playground_nodeps.local_accounts, become: true }
+```
+
+License
+-------
+
+MIT

slococo/playground_nodeps/roles/local_accounts/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+local_accounts_list: []
+local_accounts_key_path: "/tmp"
+local_accounts_key_type: "ed25519"

slococo/playground_nodeps/roles/local_accounts/handlers/main.yml

@@ -0,0 +1 @@
+---

slococo/playground_nodeps/roles/local_accounts/meta/argument_specs.yml

@@ -0,0 +1,52 @@
+---
+argument_specs:
+  main:
+    short_description: Ansible Role to create local users
+    options:
+      local_accounts_list:
+        type: list
+        required: true
+        elements: dict
+        description: List of dictionaries containing details of local users.
+        options:
+          name:
+            type: str
+            required: true
+            description: The username for the local user.
+          shell:
+            type: str
+            required: true
+            description: The shell for the local user.
+          userid:
+            type: int
+            required: true
+            description: The user ID for the local user.
+          expiry_date:
+            type: str
+            required: false
+            description: The expiry date for the local user (in '%Y-%m-%d', e.g. 2024-12-31).
+          home:
+            type: path
+            required: false
+            default: "{{ '/home/' + name if name is defined else '' }}"
+            description: The home directory path for the local user.
+          groups:
+            type: list
+            required: false
+            default: "{{ name if name is defined else '' }}"
+            description: The primary group for the local user.
+          passwordless:
+            type: bool
+            required: false
+            default: false
+            description: Boolean value indicating whether SSH key pairs should be generated for passwordless authentication.
+      local_accounts_key_path:
+        type: str
+        required: false
+        default: /tmp
+        description: "Path to the private and public keys on the Ansible control node."
+      local_accounts_key_type:
+        type: str
+        required: false
+        default: "ed25519"
+        description: "Type of the private key used for SSH authentication. Options include 'ed25519', 'rsa', etc."

slococo/playground_nodeps/roles/local_accounts/meta/main.yml

@@ -0,0 +1,9 @@
+galaxy_info:
+  author: Santiago Lo Coco
+  description: Ansible Role to create local users
+  company: cloudWerkstatt
+  license: MIT
+  min_ansible_version: 2.12.0
+  galaxy_tags: ['users', 'creation']
+
+dependencies: []

slococo/playground_nodeps/roles/local_accounts/tasks/main.yml

@@ -0,0 +1,65 @@
+---
+- name: Create local user accounts
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    shell: "{{ item.shell }}"
+    uid: "{{ item.userid }}"
+    expires: "{{ (((item.expiry_date + ' 00:00:00') | to_datetime).strftime('%s')) if item.expiry_date is defined else omit }}"
+    home: "{{ item.home | default(omit) }}"
+    groups: "{{ item.groups | default(omit) }}"
+    generate_ssh_key: "{{ item.passwordless | default(false) }}"
+    ssh_key_type: "{{ local_accounts_key_type if item.passwordless is defined else omit }}"
+  loop: "{{ local_accounts_list }}"
+
+- name: Add some variables to the user accounts
+  ansible.builtin.set_fact:
+    local_accounts_list_agg: >-
+      {{
+      local_accounts_list_agg | default([]) + [
+        item | combine({
+          'home': item.home | default('/home/' + item.name),
+          'local_key_path': local_accounts_key_path | regex_replace('/$', '') + '/id_' + local_accounts_key_type + '_' + item.name,
+          'remote_key_path': item.home + '/.ssh/id_' + local_accounts_key_type
+        })
+      ]
+      }}
+  loop: "{{ local_accounts_list }}"
+  when: item.passwordless | default(false) | bool
+
+- name: Read generated public SSH keys
+  ansible.builtin.slurp:
+    src: "{{ remote_key_path }}.pub"
+  loop: "{{ local_accounts_list_agg | default([]) }}"
+  register: public_keys
+  when: not ansible_check_mode
+
+- name: Read generated private SSH keys
+  ansible.builtin.slurp:
+    src: "{{ remote_key_path }}"
+  loop: "{{ local_accounts_list_agg | default([]) }}"
+  register: private_keys
+  when: not ansible_check_mode
+
+- name: Add public keys to authorized_keys for passwordless authentication
+  ansible.builtin.lineinfile:
+    path: "{{ item.item.home }}/.ssh/authorized_keys"
+    regexp: "^{{ item.content | b64decode }}"
+    line: "{{ item.content | b64decode }}"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: '0600'
+    state: present
+    create: true
+  loop: "{{ public_keys.results | default([]) }}"
+  when: not ansible_check_mode
+
+- name: Copy private keys to control node
+  ansible.builtin.copy:
+    content: "{{ item.content | b64decode }}"
+    dest: "{{ item.item.local_key_path }}"
+    mode: '0600'
+  loop: "{{ private_keys.results | default([]) }}"
+  delegate_to: localhost
+  run_once: true
+  become: false
+  when: not ansible_check_mode

slococo/playground_nodeps/roles/local_accounts/tests/inventory

@@ -0,0 +1 @@
+localhost

slococo/playground_nodeps/roles/local_accounts/tests/test.yml

@@ -0,0 +1,52 @@
+---
+- name: Test the local_accounts role
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  become: true
+
+  vars:
+    local_accounts_list:
+      - name: test_user1
+        shell: /bin/bash
+        userid: 1001
+      - name: test_user2
+        shell: /bin/zsh
+        userid: 1002
+        expiry_date: '2024-12-31'
+        home: /home/test_user2_another
+        groups: ['docker', 'root']
+        passwordless: true
+
+  roles:
+    - slococo.playground_nodeps.local_accounts
+
+  tasks:
+    - name: Ensure all the users are present with the correct values
+      ansible.builtin.user:
+        name: "{{ item.name }}"
+        shell: "{{ item.shell }}"
+        uid: "{{ item.userid }}"
+        expires: "{{ (((item.expiry_date + ' 00:00:00') | to_datetime).strftime('%s')) if item.expiry_date is defined else omit }}"
+        home: "{{ item.home | default('/home/' + item.name) }}"
+        groups: "{{ item.groups | default(omit) }}"
+        state: present
+      loop: "{{ local_accounts_list }}"
+
+    - name: Ensure SSH key pair was created for each user
+      ansible.builtin.file:
+        path: "{{ item.remote_key_path }}"
+      loop: "{{ local_accounts_list_agg | default([]) }}"
+
+    - name: Test SSH connection for each user
+      ansible.builtin.shell: >
+        ssh -T -i {{ item.local_key_path }}
+          -o StrictHostKeyChecking=no
+          -o BatchMode=yes
+          -o ConnectTimeout=5
+          {{ item.name }}@localhost
+      loop: "{{ local_accounts_list_agg | default([]) }}"
+      ignore_errors: true
+      register: ssh_results
+      changed_when: false
+      failed_when: ssh_results.rc != 0

slococo/playground_nodeps/roles/local_accounts/vars/main.yml

@@ -0,0 +1 @@
+---

slococo/playground_nodeps/roles/ssh_config/README.md

@@ -0,0 +1,37 @@
+ssh_config
+=========
+
+An Ansible Role to manage SSH configuration on Linux systems.
+
+## Requirements
+
+- Ansible 2.12.0 or later
+- This role requires elevated privileges. Make sure to set `become: true` when using this role.
+
+## Role Variables
+
+```yaml
+ssh_config_options:
+  PasswordAuthentication: 'yes'       # Allow password authentication (default: yes)
+  PermitEmptyPasswords: 'no'          # Permit users to have empty passwords (default: no)
+  PermitRootLogin: 'no'               # Permit root login (default: no)
+  # Add more SSH options as needed
+```
+
+Example Playbook
+----------------
+
+```yaml
+    - hosts: servers
+      vars:
+        sshd_options:
+          PasswordAuthentication: 'no'
+
+      roles:
+         - { role: slococo.playground_nodeps.ssh_config, become: true }
+```
+
+License
+-------
+
+MIT

slococo/playground_nodeps/roles/ssh_config/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+ssh_config_options:
+  PasswordAuthentication: 'yes'
+  PermitEmptyPasswords: 'no'
+  PermitRootLogin: 'no'

slococo/playground_nodeps/roles/ssh_config/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart SSH service
+  ansible.builtin.service:
+    name: sshd
+    state: restarted

slococo/playground_nodeps/roles/ssh_config/meta/argument_specs.yml

@@ -0,0 +1,13 @@
+---
+argument_specs:
+  main:
+    short_description: Ansible Role to manage SSH configuration
+    options:
+      ssh_config_options:
+        type: dict
+        required: false
+        default:
+          PasswordAuthentication: 'yes'
+          PermitEmptyPasswords: 'no'
+          PermitRootLogin: 'no'
+        description: Dictionary containing SSH configuration options to be set.

slococo/playground_nodeps/roles/ssh_config/meta/main.yml

@@ -0,0 +1,9 @@
+galaxy_info:
+  author: Santiago Lo Coco
+  description: Ansible Role to manage SSH configuration
+  company: cloudWerkstatt
+  license: MIT
+  min_ansible_version: 2.12.0
+  galaxy_tags: ['ssh', 'config']
+
+dependencies: []

slococo/playground_nodeps/roles/ssh_config/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Check SSH daemon configuration
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^{{ item.key }}"
+    line: "{{ item.key }} {{ item.value }}"
+    state: present
+    validate: "sshd -t -f %s"
+    mode: '0644'
+  loop: "{{ ssh_config_options | dict2items }}"
+  notify: Restart SSH service

slococo/playground_nodeps/roles/ssh_config/tests/inventory

@@ -0,0 +1 @@
+localhost

slococo/playground_nodeps/roles/ssh_config/tests/test.yml

@@ -0,0 +1,30 @@
+---
+- name: Test the ssh_config role
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  become: true
+
+  vars:
+    ssh_config_options:
+      PasswordAuthentication: 'no'
+
+  roles:
+    - role: slococo.playground_nodeps.ssh_config
+
+  tasks:
+    - name: Check SSH daemon configuration
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: "^{{ item.key }}"
+        line: "{{ item.key }} {{ item.value }}"
+        state: present
+        mode: '0644'
+      loop: "{{ ssh_config_options | dict2items }}"
+      check_mode: true
+      register: ssh_config_result
+
+    - name: Fail if any change occurred
+      ansible.builtin.fail:
+        msg: "A change occurred in SSH daemon configuration."
+      when: ssh_config_result.changed and not ansible_check_mode

slococo/playground_nodeps/roles/ssh_config/vars/main.yml

@@ -0,0 +1 @@
+---