---

- name: Allow ssh on firewall
  ufw:
    rule: allow
    port: 22
    proto: tcp

- name: Create ssh configuration environment directory
  file:
    state: directory
    path: "{{ global_ssh_configuration_environment_directory }}"
    owner: root
    group: root
    mode: "u=rwx,g=rx,o=rx"

- name: Upload makefile to ssh configuration environment
  template:
    src: ssh_config.makefile
    dest: "{{ global_ssh_configuration_environment_directory }}/makefile"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"

- name: Create link in ssh configuration environment
  file:
    state: link
    src: "{{ global_ssh_configuration_directory }}"
    dest: "{{ global_ssh_configuration_link }}"

- name: Upload main sshd_config
  template:
    src: 0_main.sshd_config
    dest: "{{ global_ssh_configuration_environment_directory }}/0_main.sshd_config"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  notify: reassemble sshd config

- name: Collect ssh host keys
  command: "cat /etc/ssh/ssh_host_{{ item | quote }}_key.pub"
  loop: "{{ ssh_host_key_types }}"
  register: ssh_host_keys
  changed_when: False
  check_mode: no

- name: Create directory for host keys locally
  local_action:
    module: file
    path: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}"
    state: directory
    owner: "{{ global_local_user }}"
    group: "{{ global_local_user }}"
    mode: "u=rwx,g=rx,o=rx"

- name: Store ssh host keys locally
  local_action:
    module: copy
    content: "{{ item.stdout }}\n"
    dest: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}/{{ item.item }}"
    owner: "{{ global_local_user }}"
    group: "{{ global_local_user }}"
    mode: "u=rw,g=r,o=r"
  loop: "{{ ssh_host_keys.results }}"
  loop_control:
    label: "{{ item.item }}"

- name: Generate ssh host key dns fingerprints locally
  local_action:
    module: make
    chdir: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}"
    file: "{{ playbook_dir }}/helpers/ssh_dns_fingerprints.makefile"
    target: dns