Moves internal non-overridable variables out of defaults

defaults/main.yml

@@ -37,7 +37,6 @@ sshd_sysconfig_override_crypto_policy: false
 # generator
 sshd_sysconfig_use_strong_rng: 0
 
-
 # Empty dicts to avoid errors
 sshd: {}
 
@@ -47,7 +46,9 @@ sshd_config_file: "{{ __sshd_config_file }}"
 
 ### VARS DEFAULTS
 ### The following are defaults for OS specific configuration in var files in
-### this role. They should not be set directly by role users.
+### this role. They should not be set directly by role users, unless they know
+### what they are doing, e.g. installing extra packages or installing an
+### alternative SystemD service file
 sshd_packages: "{{ __sshd_packages }}"
 sshd_config_owner: "{{ __sshd_config_owner }}"
 sshd_config_group: "{{ __sshd_config_group }}"
@@ -62,10 +63,7 @@ sshd_sftp_server: "{{ __sshd_sftp_server }}"
 # configuration or restarting), we make sure the keys exist and have correct
 # permissions. To disable this check, set sshd_verify_hostkeys to false
 sshd_verify_hostkeys: "auto"
-# The list of hostkeys to check when there are none listed in configuration file.
+
-# This is usually the case when the selection is up to the OpenSSH defaults or
-# drop-in directory is used.
-__sshd_verify_hostkeys_default: []
 sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
 sshd_hostkey_group: "{{ __sshd_hostkey_group }}"
 sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
@@ -73,19 +71,3 @@ sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
 # instead of replacing the whole configuration file, just add a specified
 # snippet
 sshd_config_namespace: null
-
-### These variables are used by role internals and should not be used.
-__sshd_defaults: {}
-__sshd_os_supported: no
-__sshd_sysconfig_supports_crypto_policy: false
-__sshd_sysconfig_supports_use_strong_rng: false
-
-__sshd_runtime_directory: false
-__sshd_runtime_directory_mode: "0755"
-
-# If the system supports drop-in directory, it is configured in this variable. It is used
-# to distinguish if we are writing a configuration snippet or we should write defaults.
-__sshd_drop_in_dir: false
-# this is the path to the main sshd_config which is checked for Include directive when
-# drop-in directory is used
-__sshd_main_config_file: false

tasks/set_common_vars.yml

@@ -1,9 +0,0 @@
----
-- name: Ensure ansible_facts used by role
-  ansible.builtin.setup:
-    gather_subset: min
-  when: not ansible_facts.keys() | list |
-    intersect(__sshd_required_facts) == __sshd_required_facts
-
-- name: Include common vars
-  ansible.builtin.include_vars: vars/common.yml

tasks/sshd.yml

@@ -1,7 +1,4 @@
 ---
-- name: Set common variables and ensure basic facts are gathered
-  ansible.builtin.include_tasks: set_common_vars.yml
-
 - name: Set platform/version specific variables
   ansible.builtin.include_tasks: variables.yml
 

tasks/variables.yml

@@ -1,6 +1,9 @@
 ---
-- name: Set common vars
+- name: Ensure ansible_facts used by role
-  ansible.builtin.include_vars: vars/common.yml
+  ansible.builtin.setup:
+    gather_subset: min
+  when: not ansible_facts.keys() | list |
+    intersect(__sshd_required_facts) == __sshd_required_facts
 
 - name: Set OS dependent variables
   ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
@@ -24,7 +27,7 @@
         - "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
         - "{{ ansible_distribution }}.yml"
         - "{{ ansible_os_family }}.yml"
-        - default.yml
+        - main.yml  # fallback, vars/main.yml is always loaded by Ansible
       paths:
         - "{{ role_path }}/vars"
         - "{{ playbook_dir }}/vars"

tests/tasks/restore.yml

@@ -26,10 +26,8 @@
     - __sshd_test_backup.path is defined
 
 - name: Include common variables
-  ansible.builtin.include_role:
+  ansible.builtin.include_vars:
-    name: ansible-sshd
+    file: ../../vars/main.yml
-    tasks_from: set_common_vars.yml
-    public: true
 
 - name: Restart sshd service
   ansible.builtin.service:

vars/common.yml

@@ -1,10 +0,0 @@
-__sshd_skip_virt_env:
-  - docker
-  - podman
-  - container
-  - containerd
-  - VirtualPC
-
-__sshd_binary: /usr/sbin/sshd
-__sshd_service: sshd
-__sshd_sftp_server: /usr/lib/openssh/sftp-server

vars/default.yml

@@ -1 +0,0 @@
----

vars/main.yml

@@ -14,3 +14,34 @@ __sshd_required_facts:
   - distribution
   - distribution_major_version
   - os_family
+
+__sshd_skip_virt_env:
+  - docker
+  - podman
+  - container
+  - containerd
+  - VirtualPC
+
+__sshd_binary: /usr/sbin/sshd
+__sshd_service: sshd
+__sshd_sftp_server: /usr/lib/openssh/sftp-server
+
+__sshd_defaults: {}
+__sshd_os_supported: no
+__sshd_sysconfig_supports_crypto_policy: false
+__sshd_sysconfig_supports_use_strong_rng: false
+
+__sshd_runtime_directory: false
+__sshd_runtime_directory_mode: "0755"
+
+# If the system supports drop-in directory, it is configured in this variable. It is used
+# to distinguish if we are writing a configuration snippet or we should write defaults.
+__sshd_drop_in_dir: false
+# this is the path to the main sshd_config which is checked for Include directive when
+# drop-in directory is used
+__sshd_main_config_file: false
+
+# The list of hostkeys to check when there are none listed in configuration file.
+# This is usually the case when the selection is up to the OpenSSH defaults or
+# drop-in directory is used.
+__sshd_verify_hostkeys_default: []