---

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
# Copyright (C) 2020       Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

- hosts: ssh
  pre_tasks:
    - name: Ensure SSH ports are opened.
      command: "firewall-cmd --permanent --service=ssh --add-port={{ item }}/tcp"
      register: firewalld_direct_result
      become: true
      changed_when: 'firewalld_direct_result.stderr is defined and "ALREADY_ENABLED" not in firewalld_direct_result.stderr'
      with_items: "{{ ssh_server_ports }}"
      when: ssh_server_ports is defined

    - name: Reload firewalld if needed.
      command: "firewall-cmd --reload"
      become: true
      when: firewalld_direct_result.changed
  roles:
    - role: ssh
    - role: dev-sec.ssh-hardening
      become: true
    - role: fail2ban