---
# Tasks file for the SSH role

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020       Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

- name: Ensure SSH ports are opened.
  ansible.builtin.command: "firewall-cmd --permanent --service=ssh --add-port={{ item }}/tcp"
  become: true
  changed_when: 'ssh_firewalld_direct_result.stderr is defined and "ALREADY_ENABLED" not in ssh_firewalld_direct_result.stderr'
  with_items: "{{ ssh_server_ports }}"
  when:
    - ssh_server_ports is defined
    - ssh_open_ports
  register: ssh_firewalld_direct_result
  notify:
    - Reload firewalld

- name: Create users
  ansible.builtin.user:
    name: "{{ item.user }}"
    password: "{{ item.password | default(omit) }}"
  become: true
  with_items: "{{ ssh_authorized_keys }}"

- name: Install ssh keys for users
  ansible.posix.authorized_key:
    user: "{{ item.user }}"
    state: present
    key: "{{ lookup('file', item.ssh_key) }}"
    comment: "{{ item.owner }} - {{ item.comment }} | Managed by Ansible"
  with_items:
    - "{{ ssh_authorized_keys }}"
  become: true
  tags:
    - ssh