---
- name: Create directory for versionscheck
  become: true
  file:
    path: '/etc/ansible-version'
    state: directory
    mode: 0755
  when: submodules_versioncheck

- name: check playbook version
  become: true
  slurp:
    src: "{{ playbook_version_path }}"
  register: playbook_version 
  when: submodules_versioncheck
  ignore_errors: yes

- name: Print version
  debug:
    msg: "Remote playbook version: '{{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}'. Local playbook version: '{{ playbook_version_number|string }}'."
  when: submodules_versioncheck

- name: Check if your version is outdated
  fail:
    msg: "Your current ansible module has the version '{{ playbook_version_number }}' and is outdated. Please update it at least to version '{{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode }}'!"
  when: 
    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck 

- name: write new version to remote disk
  become: true
  copy:
    content: "{{ playbook_version_number }}"
    dest: "{{ playbook_version_path }}"
  when: submodules_versioncheck

- name: register os-specific variables
  include_vars: default.yml
  when: 
   - ansible_distribution != 'Fedora'
   - ansible_distribution != 'Archlinux'

- name: register os-specific variables
  include_vars: "{{ ansible_distribution }}.yml"
  when: 
   - ansible_distribution == 'Fedora'
   - ansible_distribution == 'Archlinux'

- name: Collect all users and groups allowed to login via ssh
  set_fact:
    sshd_allow_users:  '{{ sshd_default_allowed_users + users.keys() | default({}) | sort }}'
    sshd_allow_groups: '{{ sshd_default_allowed_groups + users.keys() | default({}) | sort }}'

- name: Copy sshd configuration
  become: yes
  template:
    src: sshd_config.j2
    dest: '/etc/ssh/sshd_config'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
    validate: /usr/sbin/sshd -t -f %s
  notify:
    - restart ssh

- name: Generate new ecdsa ssh host key pair if necessary
  become: yes
  command: ssh-keygen -t ecdsa -f 'ssh_host_ecdsa_key' -P '' -q
  args:
    chdir: '/etc/ssh/'
    creates: 'ssh_host_ecdsa_key.pub'
  notify:
    - restart ssh
  when: generate_ecdsa_too

- name: Generate new ed25519 ssh host key pair if necessary
  become: yes
  command: ssh-keygen -t ed25519 -f 'ssh_host_ed25519_key' -P '' -q
  args:
    chdir: '/etc/ssh/'
    creates: 'ssh_host_ed25519_key.pub'
  notify:
    - restart ssh

- name: Remove unwanted host keys
  become: yes
  file:
    path: '/etc/ssh/ssh_host_{{ item }}_key'
    state: absent
  with_items:
    - rsa
    - dsa
  notify:
    - restart ssh
  when: generate_ecdsa_too 

- name: Remove unwanted host keys
  become: yes
  file:
    path: '/etc/ssh/ssh_host_{{ item }}_key'
    state: absent
  with_items:
    - ecdsa
    - rsa
    - dsa
  notify:
    - restart ssh
  when: generate_ecdsa_too == false

- file:
    path: '/etc/ssh/ssh_host_{{ item }}_key.pub'
    state: absent
  become: yes
  with_items:
    - ecdsa
    - rsa
    - dsa
  notify:
    - restart ssh
  when: generate_ecdsa_too == false

- file:
    path: '/etc/ssh/ssh_host_{{ item }}_key.pub'
    state: absent
  become: yes
  with_items:
    - rsa
    - dsa
  notify:
    - restart ssh
  when: generate_ecdsa_too