---
- name: Packages
  ansible.builtin.include_tasks: install.yml
  tags: install

- name: Set sshd systemd unit for Ubuntu
  ansible.builtin.set_fact:
    system_sshd_unit: ssh
  when: ansible_distribution == "Ubuntu"

- name: Set sshd systemd unit for co-Ubuntu
  ansible.builtin.set_fact:
    system_sshd_unit: sshd
  when: ansible_distribution != "Ubuntu"

- name: Enable SSH server
  ansible.builtin.service:
    name: "{{ system_sshd_unit }}"
    enabled: true

- name: Harden the SSH config
  ansible.builtin.template:
    src: templates/10-harden.conf
    dest: /etc/ssh/sshd_config.d/10-harden.conf
    mode: 0600
    owner: root
    group: root
  notify: "Restart SSH server"

- name: Set trusted CA
  ansible.builtin.include_tasks: trusted_ca.yml
  when: system_sshd_auth_trusted_ca