trying to get this one working

ansible.cfg

@@ -681,6 +681,9 @@ collections_path=/home/aeth/.ansible/collections:/usr/share/ansible/collections
 # Useful when you want to avoid conversion into lists or dictionaries for JSON strings, for example.
 ;dont_type_filters=string, to_json, to_nice_json, to_yaml, to_nice_yaml, ppretty, json
 
+[ssh_connection]
+ssh_args = -o ForwardAgent=yes
+
 
 [tags]
 # (list) default list of tags to run in your plays, Skip Tags has precedence.

files/config/sshd_config

@@ -0,0 +1,121 @@
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+UsePAM yes
+
+AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

files/packages.txt

@@ -1,4 +1,6 @@
 zsh
 zplug
 curl
+vim
+sudo
 

inventory

@@ -2,16 +2,17 @@
 workstations:
   hosts:
     voodoo-box.void:
-    BLACKMESA.void:
     spit-wizard.void:
 containers:
   hosts:
     horus-ctn01.void:
     horus-ns01.void:
     horus-ns02.void:
-dns_servers:
+build:
   hosts:
-    minas-tirith.void:
+    horus-fdroid01.void:
+#    horus-harbor01.void:
+dns_servers:
 webservers:
   hosts:
     aetherial.dev:

playbook_configure_virt_server.yml

@@ -1,19 +1,30 @@
 ---
 - name: "Configuring container servers"
-  hosts: "containers"
+  hosts: "build"
   pre_tasks:
     - name: "00: Gather facts"
       ansible.builtin.gather_facts:
 
+    - name: "10: Set System User"
+      ansible.builtin.set_fact:
+        system_user: "aeth"
+
   tasks:
-    - name: "10: INSTALL PACKAGES"
+    - name: "00: INSTALL PACKAGES"
       ansible.builtin.include_tasks: "tasks/tasks_install_packages.yml"
 
-    - name: "00: PRE-TASK clone dotfiles"
+    - name: "10: SYSTEM CONFIGURATION NONSENSE"
+      ansible.builtin.include_tasks: "tasks/tasks_machine_configuration.yml"
+
+    - name: "20: PRE-TASK clone dotfiles"
       ansible.builtin.include_tasks: "tasks/tasks_clone_dotfiles.yml"
     
-    - name: "00: Install vim plug manager"
+    - name: "30: Install vim plug manager"
       ansible.builtin.include_tasks: "tasks/tasks_install_vimplug.yml"
 
-    - name: "20: SYSTEM CONFIGURATION NONSENSE"
-      ansible.builtin.include_tasks: "tasks/tasks_machine_configuration.yml"
+  handlers:
+    - name: restart ssh
+      service:
+        name: ssh
+        state: restarted
+

tasks/tasks_clone_dotfiles.yml

@@ -1,8 +1,15 @@
 ---
+- name: "00: Set Dotfile Repo"
+  ansible.builtin.set_fact:
+    dotfile_repo: "git@git.aetherial.dev:aeth/dotfiles.git"
+
 - name: "00: Clone the dotfiles"
+  become: True
+  become_user: "{{ system_user }}"
   ansible.builtin.git:
     repo: "{{ dotfile_repo }}"
     dest: "/home/{{ system_user }}/.config/dotfiles"
+    version: "master"
 
 - name: "05: Set fact for dotfile home"
   ansible.builtin.set_fact:
@@ -36,12 +43,6 @@
     dest: "/home/{{ system_user }}/.vimrc"
     backup: True
 
-- name: "50: move wallpaper"
-  ansible.builtin.copy:
-    remote_src: "yes"
-    src: "{{ dotfiles }}/_dark_disco.jpeg"
-    dest: "/home/{{ system_user }}/Pictures/wallpapers/"
-
 - name: "60: Move environment file into etc"
   become: True
   ansible.builtin.copy:

tasks/tasks_machine_configuration.yml

@@ -4,5 +4,6 @@
   with_first_found:
     - "tasks/tasks_machine_configuration/{{ machine_type }}/{{ machine_relationship }}/configuration.yml"
     - "tasks/tasks_machine_configuration/{{ machine_type }}/configuration.yml"
+    - "tasks/tasks_machine_configuration/configuration.yml"
   loop_control:
     loop_var: "_tasks"

tasks/tasks_machine_configuration/configuration.yml

@@ -0,0 +1,14 @@
+---
+- name: "00: Set default shell to ZSH"
+  become: True
+  ansible.builtin.command: "chsh -s /usr/bin/zsh {{ system_user }}"
+
+- name: "10: Copy SSH configuration"
+  become: True
+  ansible.builtin.copy:
+    src: "../../files/config/sshd_config"
+    dest: "/etc/ssh/sshd_config"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart ssh

tasks/tasks_machine_configuration/containers/configuration.yml

@@ -1,5 +0,0 @@
----
-- name: "00: Set default shell to ZSH"
-  become: True
-  ansible.builtin.command: "chsh -s /usr/bin/zsh {{ system_user }}"
-