Document internal __sshd_runtime_directory variable and use it in the service files

templates/sshd.service.j2

@@ -1,7 +1,9 @@
 [Unit]
 Description=OpenBSD Secure Shell server
+Documentation=man:sshd(8) man:sshd_config(5)
 
 [Service]
+Type=notify
 ExecStartPre={{ sshd_binary }} -t
 ExecStart={{ sshd_binary }} -D -f {{ sshd_config_file }}
 ExecReload={{ sshd_binary }} -t
@@ -9,9 +11,8 @@ ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
 RestartPreventExitStatus=255
-Type=notify
+RuntimeDirectory={{ __sshd_runtime_directory }}
-RuntimeDirectory={{ sshd_binary | basename }}
+RuntimeDirectoryMode={{ __sshd_runtime_directory_mode }}
-RuntimeDirectoryMode=0755
 
 [Install]
 WantedBy=multi-user.target

templates/sshd.socket.j2

@@ -1,7 +1,8 @@
 [Unit]
 Description=OpenBSD Secure Shell server socket
+Documentation=man:sshd(8) man:sshd_config(5)
 Before={{ sshd_service }}.service
-Conflicts={{sshd_service }}.service
+Conflicts={{ sshd_service }}.service
 
 [Socket]
 ListenStream=22

templates/sshd@.service.j2

@@ -1,9 +1,10 @@
 [Unit]
 Description=OpenBSD Secure Shell server per-connection daemon
+Documentation=man:sshd(8) man:sshd_config(5)
 After=auditd.service
 
 [Service]
 ExecStart=-{{ sshd_binary }} -i -f {{ sshd_config_file }}
 StandardInput=socket
-RuntimeDirectory={{ sshd_binary }}
+RuntimeDirectory={{ __sshd_runtime_directory }}
-RuntimeDirectoryMode=0755
+RuntimeDirectoryMode={{ __sshd_runtime_directory_mode }}

vars/main.yml

@@ -31,6 +31,9 @@ __sshd_os_supported: no
 __sshd_sysconfig_supports_crypto_policy: false
 __sshd_sysconfig_supports_use_strong_rng: false
 
+# The runtime directory is used by systemd to provide termoporary directory for the service
+# This is used as a RuntimeDirectory= option in the service file and it needs to exist
+# before running sshd for example in the validate mode.
 __sshd_runtime_directory: ~
 __sshd_runtime_directory_mode: "0755"