roles/common: Move sshd tasks to their own playbook

Signed-off-by: Alan Orth <alan.orth@gmail.com>

roles/common/tasks/main.yml

@@ -16,21 +16,7 @@
   when: ansible_os_family == 'Debian'
   tags: firewall
 
-- name: Reconfigure /etc/ssh/sshd_config
+- include: sshd.yml
-  template: src=sshd_config_{{ansible_distribution}}-{{ansible_distribution_version}}.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0600
-  notify:
-    - restart sshd
-  tags: sshd
-
-- name: Remove DSA and ECDSA host keys
-  file: name=/etc/ssh/{{ item }} state=absent
-  with_items:
-    - ssh_host_dsa_key
-    - ssh_host_dsa_key.pub
-    - ssh_host_ecdsa_key
-    - ssh_host_ecdsa_key.pub
-  notify:
-    - restart sshd
   tags: sshd
 
 - name: Reconfigure /etc/sysctl.conf

roles/common/tasks/sshd.yml

@@ -0,0 +1,25 @@
+---
+
+# SSH configs don't change in Debian / CentOS minor versions
+- name: Reconfigure /etc/ssh/sshd_config
+  template: src=sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0600
+  when: (ansible_distribution == 'Debian' or ansible_distribution == 'CentOS')
+  notify: reload sshd
+
+# Ubuntu is the only distro we have where SSH version is very different from 14.04 -> 14.10,
+# ie with new ciphers supported etc.
+- name: Reconfigure /etc/ssh/sshd_config
+  template: src=sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_version }}.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0600
+  when: ansible_distribution == 'Ubuntu'
+  notify: reload sshd
+
+- name: Remove DSA and ECDSA host keys
+  file: name=/etc/ssh/{{ item }} state=absent
+  with_items:
+    - ssh_host_dsa_key
+    - ssh_host_dsa_key.pub
+    - ssh_host_ecdsa_key
+    - ssh_host_ecdsa_key.pub
+  notify: reload sshd
+
+# vim: set sw=2 ts=2: