---
- name: Get sshd version
  ansible.builtin.command:
    cmd: "/usr/bin/ssh -V"
  register: _sshd_version_cmd
  changed_when: false

- name: Strip sshd output to Version
  ansible.builtin.set_fact:
    _sshd_version: "{{ _sshd_version_cmd.stderr.split('_')[1].split(',')[0].split('p')[0] }}"

- name: Show detected ssh version (optional)
  ansible.builtin.debug:
    msg: "SSH Version: {{ _sshd_version }}"
    verbosity: 1

- name: Show detected ssh version is > 8.0 (optional)
  ansible.builtin.debug:
    msg: "SSH Version: {{ _sshd_version }} is > 8.0"
    verbosity: 1
  when: _sshd_version | default(7.0) | float > 8.0

- name: Create SSHD configuration
  become: true
  ansible.builtin.template:
    src: 'templates/sshd_config.j2'
    dest: '/etc/ssh/sshd_config'
    owner: 'root'
    group: 'root'
    mode: 'u=rw,g=r,o=r'
    validate: '/usr/sbin/sshd -t -f %s'
    backup: true
  notify:
    - 'systemctl restart sshd'