Optimize sshd compatibility with other roles

[alexschomb]

Hi,

Thanks for your great Ansible role, which is really helpful in centralizing/backup the configuration of multiple PVE server hosts in cooperation with PBS for VM backups.

You already stated in the README that compatibility of the sshd_config rules could be conflicting with other Ansible roles or applications managing the same file. Turns out that this is especially true for the popular geerlingguy/ansible-role-security, which conflicts with the Match block created by your role. As a result, I made use of pve_manage_ssh: false and manually moved the initial Match block from /etc/ssh/sshd_config to /etc/ssh/sshd_config.d/proxmox-cluster.conf, making it fully compatible to geerlingguy`s and other applications changes to sshd_config. Wouldn't it be a better practice for your role to write changes to this (or a similar named) separate config file? Should be a simple fix here:

ansible-role-proxmox/tasks/ssh_cluster_config.yml

Line 42 in f3bcd26

dest: /etc/ssh/sshd_config

The conflicting tasks of geerlingguy/ansible-role-security can be found in /tasks/ssh.yml#L7

[lae]

I guess that would work. We'd need to change the task to a copy or template task, and probably also keep the blockinfile task but with state: absent for removing it from existing clusters.

(Sorry about the deleted message, was reading all over the place and missed one line)