split crypto.yml in several playbooks

preserve the version ordering of defaults and group all tasks according
to base configuration variable (cipthers, hostkeys, kex and macs)

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

Author: schurzi

tasks/crypto.yml

@@ -1,80 +1,12 @@
 ---
-- name: set hostkeys to default
+- include_tasks: crypto_hostkeys.yml
   when: not ssh_host_key_files
-  block:
-    - name: set hostkeys according to openssh-version if openssh >= 5.3
-      set_fact:
-        ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key']
-      when: sshd_version is version('5.3', '>=')
 
-    - name: set hostkeys according to openssh-version if openssh >= 6.0
-      set_fact:
-        ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']
-      when: sshd_version is version('6.0', '>=')
-
-    - name: set hostkeys according to openssh-version if openssh >= 6.3
-      set_fact:
-        ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']
-      when: sshd_version is version('6.3', '>=')
-
-- name: set macs to default
+- include_tasks: crypto_macs.yml
   when: not ssh_macs
-  block:
-    - name: set macs according to openssh-version if openssh >= 5.3
-      set_fact:
-        ssh_macs: '{{ ssh_macs_53_default }}'
-      when: sshd_version is version('5.3', '>=')
-
-    - name: set macs for Enterprise Linux >= 6.5 (openssh 5.3 with backports)
-      set_fact:
-        ssh_macs: '{{ ssh_macs_53_el_6_5_default }}'
-      when:
-        - ansible_facts.distribution in ['CentOS', 'OracleLinux', 'RedHat']
-        - ansible_facts.distribution_version is version('6.5', '>=')
-
-    - name: set macs according to openssh-version if openssh >= 5.9
-      set_fact:
-        ssh_macs: '{{ ssh_macs_59_default }}'
-      when: sshd_version is version('5.9', '>=')
-
-    - name: set macs according to openssh-version if openssh >= 6.6
-      set_fact:
-        ssh_macs: '{{ ssh_macs_66_default }}'
-      when: sshd_version is version('6.6', '>=')
 
-    - name: set macs according to openssh-version if openssh >= 7.6
-      set_fact:
-        ssh_macs: '{{ ssh_macs_76_default }}'
-      when: sshd_version is version('7.6', '>=')
-
-
-- name: set ciphers to default
+- include_tasks: crypto_ciphers.yml
   when: not ssh_ciphers
-  block:
-    - name: set ciphers according to openssh-version if openssh >= 5.3
-      set_fact:
-        ssh_ciphers: '{{ ssh_ciphers_53_default }}'
-      when: sshd_version is version('5.3', '>=')
-
-    - name: set ciphers according to openssh-version if openssh >= 6.6
-      set_fact:
-        ssh_ciphers: '{{ ssh_ciphers_66_default }}'
-      when: sshd_version is version('6.6', '>=')
 
-- name: set kex to default
+- include_tasks: crypto_kex.yml
   when: not ssh_kex
-  block:
-    - name: set kex according to openssh-version if openssh >= 5.9
-      set_fact:
-        ssh_kex: '{{ ssh_kex_59_default }}'
-      when: sshd_version is version('5.9', '>=')
-
-    - name: set kex according to openssh-version if openssh >= 6.6
-      set_fact:
-        ssh_kex: '{{ ssh_kex_66_default }}'
-      when: sshd_version is version('6.6', '>=')
-
-    - name: set kex according to openssh-version if openssh >= 8.0
-      set_fact:
-        ssh_kex: '{{ ssh_kex_80_default }}'
-      when: sshd_version is version('8.0', '>=')

tasks/crypto_ciphers.yml

@@ -0,0 +1,10 @@
+---
+- name: set ciphers according to openssh-version if openssh >= 5.3
+  set_fact:
+    ssh_ciphers: '{{ ssh_ciphers_53_default }}'
+  when: sshd_version is version('5.3', '>=')
+
+- name: set ciphers according to openssh-version if openssh >= 6.6
+  set_fact:
+    ssh_ciphers: '{{ ssh_ciphers_66_default }}'
+  when: sshd_version is version('6.6', '>=')

tasks/crypto_hostkeys.yml

@@ -0,0 +1,15 @@
+---
+- name: set hostkeys according to openssh-version if openssh >= 5.3
+  set_fact:
+    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key']
+  when: sshd_version is version('5.3', '>=')
+
+- name: set hostkeys according to openssh-version if openssh >= 6.0
+  set_fact:
+    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']
+  when: sshd_version is version('6.0', '>=')
+
+- name: set hostkeys according to openssh-version if openssh >= 6.3
+  set_fact:
+    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']
+  when: sshd_version is version('6.3', '>=')

tasks/crypto_kex.yml

@@ -0,0 +1,15 @@
+---
+- name: set kex according to openssh-version if openssh >= 5.9
+  set_fact:
+    ssh_kex: '{{ ssh_kex_59_default }}'
+  when: sshd_version is version('5.9', '>=')
+
+- name: set kex according to openssh-version if openssh >= 6.6
+  set_fact:
+    ssh_kex: '{{ ssh_kex_66_default }}'
+  when: sshd_version is version('6.6', '>=')
+
+- name: set kex according to openssh-version if openssh >= 8.0
+  set_fact:
+    ssh_kex: '{{ ssh_kex_80_default }}'
+  when: sshd_version is version('8.0', '>=')

tasks/crypto_macs.yml

@@ -0,0 +1,27 @@
+---
+- name: set macs according to openssh-version if openssh >= 5.3
+  set_fact:
+    ssh_macs: '{{ ssh_macs_53_default }}'
+  when: sshd_version is version('5.3', '>=')
+
+- name: set macs for Enterprise Linux >= 6.5 (openssh 5.3 with backports)
+  set_fact:
+    ssh_macs: '{{ ssh_macs_53_el_6_5_default }}'
+  when:
+    - ansible_facts.distribution in ['CentOS', 'OracleLinux', 'RedHat']
+    - ansible_facts.distribution_version is version('6.5', '>=')
+
+- name: set macs according to openssh-version if openssh >= 5.9
+  set_fact:
+    ssh_macs: '{{ ssh_macs_59_default }}'
+  when: sshd_version is version('5.9', '>=')
+
+- name: set macs according to openssh-version if openssh >= 6.6
+  set_fact:
+    ssh_macs: '{{ ssh_macs_66_default }}'
+  when: sshd_version is version('6.6', '>=')
+
+- name: set macs according to openssh-version if openssh >= 7.6
+  set_fact:
+    ssh_macs: '{{ ssh_macs_76_default }}'
+  when: sshd_version is version('7.6', '>=')