---
- name: perform versionscheck
  ansible.builtin.include_tasks: versioncheck.yml
  when: submodules_versioncheck|bool

- name: load sshd_service variable
  ansible.builtin.include_vars: "{{ lookup('first_found', sshd__service_var_path) }}"

- name: install packages
  ansible.builtin.include_tasks: packages.yml

- name: Collect all users and groups allowed to login via ssh
  set_fact:
    sshd__allowed_users:  '{{ sshd__allowed_users + users.keys() | default({}) | sort }}'
    sshd__allowed_groups: '{{ sshd__allowed_groups + users.keys() | default({}) | sort }}'

- name: "try to get {{ sshd__package }} version"
  when: sshd__version_is_above_eight is not defined
  block:
    - name: Gather the package facts
      ansible.builtin.package_facts:
        manager: auto

    - name: "get package version of {{ sshd__package }}"
      ansible.builtin.debug:
        msg: "{{ ansible_facts.packages[sshd__package][0].version }}"

    - name: set fact sshd__version_is_above_eight
      ansible.builtin.set_fact:
        sshd__version_is_above_eight: true
      when: ansible_facts.packages[sshd__package][0].version is version('8.0', '>=')
  rescue:
    - ansible.builtin.debug:
        msg: "Failed to detect ssh version. Set sshd__version_is_above_eight to true if you want to experience new config features from sshd version 8"

- name: manage ssh host keys
  ansible.builtin.include_tasks: keys.yml

- name: Create sshd configuration
  become: true
  ansible.builtin.template:
    src: 'templates/sshd_config.j2'
    dest: '/etc/ssh/sshd_config'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
    validate: /usr/sbin/sshd -t -f %s
    backup: true
  notify:
    - systemctl restart ssh