---
- import_tasks: install.yml

- name: Install SSH Banner
  become: true
  template:
    src: motd.j2
    dest: /etc/issue.net
    mode: 0644

- name: Set parameters in sshd config
  become: true
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "{{ item.match }}"
    line: "{{ item.set }}"
    state: present
  loop:
    - match: "#?PermitRootLogin (yes|no)"
      set: "PermitRootLogin no"
    - match: "#?Banner (none|/etc/issue.net)"
      set: "Banner /etc/issue.net"
    - match: "#?PasswordAuthentication (yes|no)"
      set: "PasswordAuthentication no"
    - match: "#?GSSAPIAuthentication (yes|no)"
      set: "GSSAPIAuthentication no"
    - match: "#?ChallengeResponseAuthentication (yes|no)"
      set: "ChallengeResponseAuthentication no"

- name: Restart sshd service
  become: true
  systemd:
    name: sshd
    state: "{{ 'restarted' if omni_restart_services == true else 'started' }}"
    enabled: "{{ omni_ssh_enabled }}"