From d13e23587970989fcdb4de6a1c0431ae5cdd4dd9 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Tue, 11 Oct 2022 23:51:42 -0400
Subject: [PATCH] Start an sshd role.

---
 .../environments/home/host_vars/homeserver    |  1 +
 ansible/playbook.yaml                         |  1 +
 ansible/roles/sshd/defaults/main.yaml         |  1 +
 ansible/roles/sshd/meta/main.yaml             |  2 ++
 ansible/roles/sshd/tasks/common.yaml          | 14 +++++++++
 ansible/roles/sshd/tasks/freebsd.yaml         |  0
 ansible/roles/sshd/tasks/linux.yaml           |  0
 ansible/roles/sshd/tasks/main.yaml            |  2 ++
 ansible/roles/sshd/tasks/peruser.yaml         | 29 +++++++++++++++++++
 ansible/roles/sshd/tasks/peruser_freebsd.yaml |  0
 ansible/roles/sshd/tasks/peruser_linux.yaml   |  0
 11 files changed, 50 insertions(+)
 create mode 100644 ansible/roles/sshd/defaults/main.yaml
 create mode 100644 ansible/roles/sshd/meta/main.yaml
 create mode 100644 ansible/roles/sshd/tasks/common.yaml
 create mode 100644 ansible/roles/sshd/tasks/freebsd.yaml
 create mode 100644 ansible/roles/sshd/tasks/linux.yaml
 create mode 100644 ansible/roles/sshd/tasks/main.yaml
 create mode 100644 ansible/roles/sshd/tasks/peruser.yaml
 create mode 100644 ansible/roles/sshd/tasks/peruser_freebsd.yaml
 create mode 100644 ansible/roles/sshd/tasks/peruser_linux.yaml

diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver
index d29acc3..dced660 100644
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@@ -1,3 +1,4 @@
 os_flavor: "freebsd"
 zfs_snapshot_datasets:
   - zroot/freebsd/computer/be/default
+sshd_enabled: true
diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index d766097..2dafcac 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -6,4 +6,5 @@
     - users
     - zrepl
     - zsh
+    - sshd
     - base
diff --git a/ansible/roles/sshd/defaults/main.yaml b/ansible/roles/sshd/defaults/main.yaml
new file mode 100644
index 0000000..3e4387c
--- /dev/null
+++ b/ansible/roles/sshd/defaults/main.yaml
@@ -0,0 +1 @@
+sshd_enabled: false
diff --git a/ansible/roles/sshd/meta/main.yaml b/ansible/roles/sshd/meta/main.yaml
new file mode 100644
index 0000000..655446a
--- /dev/null
+++ b/ansible/roles/sshd/meta/main.yaml
@@ -0,0 +1,2 @@
+dependencies:
+  - users
diff --git a/ansible/roles/sshd/tasks/common.yaml b/ansible/roles/sshd/tasks/common.yaml
new file mode 100644
index 0000000..d7c1735
--- /dev/null
+++ b/ansible/roles/sshd/tasks/common.yaml
@@ -0,0 +1,14 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
diff --git a/ansible/roles/sshd/tasks/freebsd.yaml b/ansible/roles/sshd/tasks/freebsd.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/sshd/tasks/linux.yaml b/ansible/roles/sshd/tasks/linux.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/sshd/tasks/main.yaml b/ansible/roles/sshd/tasks/main.yaml
new file mode 100644
index 0000000..5249f89
--- /dev/null
+++ b/ansible/roles/sshd/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  when: sshd_enabled
diff --git a/ansible/roles/sshd/tasks/peruser.yaml b/ansible/roles/sshd/tasks/peruser.yaml
new file mode 100644
index 0000000..111e886
--- /dev/null
+++ b/ansible/roles/sshd/tasks/peruser.yaml
@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
diff --git a/ansible/roles/sshd/tasks/peruser_freebsd.yaml b/ansible/roles/sshd/tasks/peruser_freebsd.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/sshd/tasks/peruser_linux.yaml b/ansible/roles/sshd/tasks/peruser_linux.yaml
new file mode 100644
index 0000000..e69de29