Do not run SSH-related tasks unless enable_ssh is set

playbooks/init-credentials.yml

@@ -33,19 +33,13 @@
         dest: "{{ vars_dir }}/secrets.yml"
         state: link
 
-    # Generate the SSH CA.
     - name: Generate SSH CA
       local_action: sshca ca="{{ credentials_dir }}/ssh/key"
+      when: enable_ssh
 
-    # Generate the SSO ED25519 key pair.
     - name: Generate SSO credentials
       local_action: ed25519 privkey="{{ credentials_dir }}/sso/secret.key" pubkey="{{ credentials_dir }}/sso/public.key"
 
-    # Generate all the X509 service credentials. The first time this
-    # runs, the service CA will be initialized too.
-    #- name: Generate X509 credentials for all services
-    #  local_action: x509 ca_root="{{ credentials_dir }}/x509" ca_subject="{{ x509_ca_subject | default('') }}" domain="{{ domain }}"
-
     - name: Generate global DH params
       local_action: command openssl dhparam -out "{{ credentials_dir }}/x509/dhparam" "{{ dhparam_bits | default('2048') }}" creates="{{ credentials_dir }}/x509/dhparam"
 

roles/vagrant-compat/tasks/main.yml

@@ -9,3 +9,5 @@
   copy:
     dest: /etc/ssh/authorized_keys/vagrant
     content: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
+  when: enable_ssh
+