- name: Update/install OpenSSH via apt
  when: ansible_os_family == "Debian"
  ansible.builtin.apt:
    name: openssh-server
    state: latest
- name: Add 'bhays' user
  when: ansible_os_family == "Debian"
  ansible.builtin.user:
    name: bhays
    groups: sudo,adm
    append: true
    shell: /bin/bash
    comment: Benjamin Hays
- name: Update/install Sudo
  when: ansible_os_family == "Debian"
  ansible.builtin.apt:
    name: sudo
    state: latest
- name: Ensure .ssh user folder exists
  when: ansible_os_family == "Debian"
  ansible.builtin.file:
    path: "/home/bhays/.ssh/"
    owner: bhays
    mode: "0770"
    state: directory
- name: Ensure .ssh user folder exists (macOS)
  when: ansible_os_family == "Darwin"
  ansible.builtin.file:
    path: "/Users/bhays/.ssh/"
    owner: bhays
    mode: "0770"
    state: directory
- name: Copy public key
  when: ansible_os_family == "Debian"
  ansible.builtin.copy:
    owner: bhays
    mode: "0600"
    src: ../../config/ssh/authorized_keys
    dest: /home/bhays/.ssh/authorized_keys
- name: Copy public key (macOS)
  when: ansible_os_family == "Darwin"
  ansible.builtin.copy:
    owner: bhays
    mode: "0600"
    src: ../../config/ssh/authorized_keys
    dest: /Users/bhays/.ssh/authorized_keys
- name: Copy secure login banner
  ansible.builtin.copy:
    owner: root
    mode: "0644"
    src: ../../config/ssh/login_banner
    dest: /etc/login_banner
- name: Copy Secure Configuration File
  ansible.builtin.copy:
    owner: bhays
    mode: "0600"
    src: ../../config/ssh/sshd_config
    dest: /etc/ssh/sshd_config
- name: Restart OpenSSH
  when: ansible_os_family == "Debian"
  ansible.builtin.systemd:
    name: ssh
    state: restarted
  changed_when: false