#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2024 by someone <someone@somenet.org>
#
---
- name: install sshd
  apt:
    pkg:
    - openssh-server
    state: present
    policy_rc_d: 101
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


- name: copy sshd config
  copy:
    src: "{{item}}"
    dest: "/etc/ssh/sshd_config"
    mode: 0644
    owner: "root"
    group: "root"
    validate: /usr/sbin/sshd -t -f %s
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sshd_config"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sshd_config"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sshd_config"
    - "default/sshd_config"
  notify: restart sshd.service


- name: ensure group sudo exists - sudoers can use pw to login
  group:
    name: sudo
    system: yes
    state: present


- name: enable and start ssh.service
  include_role: name="base/systemd/enable-and-start"
  vars:
    service_name: ssh.service