---
# file: tasks/ssh.yml

- name: ssh - add keys to file ~/.ssh/authorized_keys
  authorized_key: user="root" key=https://github.com/{{item}}.keys
  with_items: "{{hosts_ssh_users|default([])}}"
  become: yes

- name: ssh - copy ssh private keys
  with_items: "{{hosts_ssh_private_keys|default([])}}"
  copy: src={{item}} dest=~/.ssh/ mode=0400
  become: yes

- name: ssh - add public hosts keys to known_hosts
  with_items: "{{hosts_ssh_public_hosts_keys|default([])}}"
  known_hosts:
    name: "{{item.name}}"
    key: "{{ lookup('file', '{{item.key}}') }}"
  become: yes

- name: ssh - define configuration
  set_fact:
    sshd_config:
    - dest: /etc/conf.d/dropbear
      line: 'DROPBEAR_OPTS="\1 -b /etc/issue.net"'
      regex: '^DROPBEAR_OPTS="((?!.*-b /etc/issue.net).*)"$'
    - dest: /etc/ssh/sshd_config
      line: Banner /etc/issue.net
      regex: ^#?Banner

- name: ssh - stat configuration file
  changed_when: false
  register: sshd_config_stat
  stat:
    path: '{{item.dest}}'
  with_items: '{{sshd_config|default([])}}'

- name: ssh - configure sshd
  become: yes
  lineinfile:
    backrefs: true
    dest: '{{item.0.dest}}'
    line: '{{item.0.line}}'
    regex: '{{item.0.regex}}'
  with_together:
  - '{{sshd_config|default([])}}'
  - '{{sshd_config_stat.results}}'
  when: item.1.stat.exists