feat(roles/sshd): add argument specs

2 files changed, 34 insertions, 2 deletions

diff --git a/roles/sshd/meta/main.yml b/roles/sshd/meta/main.yml
new file mode 100644
index 0000000..e0d60ee
--- /dev/null
+++ b/roles/sshd/meta/main.yml
@@ -0,0 +1,21 @@
+---
+
+argument_specs:
+  main:
+    short_description: sshd main entrypoint.
+    options:
+
+      sshd_configuration_file:
+        type: path
+        required: true
+        description: Sshd configuration file
+
+      sshd_listen_port:
+        type: int
+        required: true
+        description: Sshd listen port
+
+      sshd_enable_x11_forwarding:
+        type: bool
+        required: true
+        description: Enable X11 forwarding
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index b895958..6a622d2 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -9,15 +9,26 @@
 - name: generate sshd configuration
   ansible.builtin.template:
     src: sshd_config.j2
-    dest: /etc/ssh/sshd_config
+    dest: "{{ sshd_configuration_file }}"
     owner: 0
     group: 0
     mode: "0644"
+  register: sshd_result_generate_configuration
 
-- name: enable and restart sshd
+- name: lint sshd configuration
+  ansible.builtin.command: "sshd -tf {{ sshd_configuration_file }}"
+  register: sshd_result_lint
+  changed_when: false
+
+- name: restart sshd  # noqa: no-handler
   ansible.builtin.service:
     name: sshd
     state: restarted
+  when: sshd_result_generate_configuration.changed
+
+- name: enable sshd
+  ansible.builtin.service:
+    name: sshd
     enabled: true
 
 - name: check ssh connection