---
- name: Ensure SSH server is installed
  ansible.builtin.package:
    name: openssh-server
    state: present

- name: Ensure SSH daemon is enabled
  ansible.builtin.service:
    name: sshd
    enabled: true

# TODO: Prepare for /etc/ssh/sshd_config.d/* style of configuration
- name: SSH daemon configuration - global
  block:
    - name: SSH daemon configuration - base
      ansible.builtin.template:
        src: "etc/ssh/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-sshd_config.j2"
        dest: "/etc/ssh/sshd_config"
        owner: root
        group: root
        mode: '0600'
        validate: /usr/sbin/sshd -t -f %s
        backup: true
      notify: restart_sshd
  rescue:
    - name: Print errors for configuration and validation
      debug:
        msg: "Error in SSH daemon configuration or template"

- name: SSH banner
  ansible.builtin.copy:
    src: "etc/rockybanner"
    dest: "/etc/rockybanner"
    owner: root
    group: root
    mode: '0644'
  notify: restart_sshd

- name: Remove DSA keys
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  with_items:
    - /etc/ssh/ssh_host_dsa_key.pub
    - /etc/ssh/ssh_host_dsa_key
...