---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# found within the "vars/" path. If no OS files are found the task will skip.
- name: Gather variables for each operating system
  include_vars: "{{ item }}"
  with_first_found:
    - skip: true
      files:
        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
        - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
        - "{{ ansible_distribution | lower }}.yml"
        - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
        - "{{ ansible_os_family | lower }}.yml"
  tags:
    - always

- name: Run sshd tasks as root
  become: true
  block:
    - name: Install the OpenSSH server
      package:
        name: "{{ tripleo_sshd_packages }}"
        state: "{{ tripleo_sshd_package_state }}"
      notify:
        - Restart sshd

    - name: force systemd to reread configs
      meta: flush_handlers

    - name: Adjust ssh server configuration
      blockinfile:
        dest: /etc/ssh/sshd_config
        state: present
        marker: "# {mark} MANAGED BY TRIPLEO-ANSIBLE"
        insertafter: "EOF"
        validate: '/usr/sbin/sshd -T -f %s'
        block: "{{ lookup('template', 'sshd_config_block.j2') }}"
      notify:
        - Restart sshd

    - name: Configure the banner text
      copy:
        content: "{{ tripleo_sshd_banner_text }}"
        dest: /etc/issue
      when:
        - tripleo_sshd_banner_enabled | bool

    - name: Configure the motd banner
      copy:
        content: "{{ tripleo_sshd_message_of_the_day }}"
        dest: /etc/motd
      when:
        - tripleo_sshd_motd_enabled | bool