Fix variable precedence for sshd_hostkey_* variables

This worked fine with the new include_role: invocation, but not with
the old roles: invocation.

defaults/main.yml

@@ -61,9 +61,9 @@ sshd_sftp_server: /usr/lib/openssh/sftp-server
 # configuration or restarting), we make sure the keys exist and have correct
 # permissions. To disable this check, set sshd_verify_hostkeys to false
 sshd_verify_hostkeys: "auto"
-sshd_hostkey_owner: root
-sshd_hostkey_group: root
-sshd_hostkey_mode: "0600"
+sshd_hostkey_owner: "{{ __sshd_hostkey_owner | default('root') }}"
+sshd_hostkey_group: "{{ __sshd_hostkey_group | default('root') }}"
+sshd_hostkey_mode: "{{ __sshd_hostkey_mode | default('0600') }}"
 
 # instead of replacing the whole configuration file, just append a specified
 # snippet

vars/Fedora.yml

@@ -9,5 +9,5 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server
 sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
 __sshd_defaults:
 __sshd_os_supported: yes
-sshd_hostkey_group: ssh_keys
-sshd_hostkey_mode: "0640"
+__sshd_hostkey_group: ssh_keys
+__sshd_hostkey_mode: "0640"

vars/Fedora_31.yml

@@ -24,5 +24,5 @@ __sshd_defaults:
   Subsystem: "sftp {{ sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_sysconfig_supports_crypto_policy: true
-sshd_hostkey_group: ssh_keys
-sshd_hostkey_mode: "0640"
+__sshd_hostkey_group: ssh_keys
+__sshd_hostkey_mode: "0640"

vars/RedHat_7.yml

@@ -27,5 +27,5 @@ __sshd_defaults:
   Subsystem: "sftp {{ sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_sysconfig_supports_use_strong_rng: true
-sshd_hostkey_group: ssh_keys
-sshd_hostkey_mode: "0640"
+__sshd_hostkey_group: ssh_keys
+__sshd_hostkey_mode: "0640"

vars/RedHat_8.yml

@@ -29,5 +29,5 @@ __sshd_defaults:
 __sshd_os_supported: yes
 __sshd_sysconfig_supports_use_strong_rng: true
 __sshd_sysconfig_supports_crypto_policy: true
-sshd_hostkey_group: ssh_keys
-sshd_hostkey_mode: "0640"
+__sshd_hostkey_group: ssh_keys
+__sshd_hostkey_mode: "0640"