Add SSH configuration

Add default ssh configuration and curl vault keys.

playbooks/manjaro.yaml

@@ -8,6 +8,38 @@
     swap_file_size_mb: 4096
 
   tasks:
+  # SSH
+  - name: Ensure openssh installed
+    community.general.pacman:
+      name: openssh
+      state: present
+    become: yes
+  - name: Curl SSH trusted CA
+    get_url:
+      url: https://vault.ducoterra.net/v1/ssh-client-signer/public_key
+      dest: /etc/ssh/trusted-user-ca-keys.pem
+      mode: '0660'
+    become: yes
+  - name: Create sshd_config file
+    copy:
+      dest: "/etc/ssh/sshd_config"
+      content: |
+        AuthorizedKeysFile      .ssh/authorized_keys
+        PasswordAuthentication no
+        KbdInteractiveAuthentication no
+        UsePAM yes
+        PrintMotd no # pam does that
+        Subsystem       sftp    /usr/lib/ssh/sftp-server
+        TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
+    become: yes
+  - name: Ensure ssh service started
+    ansible.builtin.systemd:
+      name: sshd
+      state: restarted
+      daemon_reload: yes
+      enabled: yes
+    become: yes
+
   # System Tools
   - name: Ensure grub installed
     community.general.pacman: