# TODO: create second virsh network interface
# for now we will just run the second ssh instance on port 23

- name: copy ssh daemon configs
  copy:
    src: "{{ role_path }}/templates/{{ item }}"
    dest: "/etc/ssh/{{ item }}"
    owner: root
    group: root
    mode: "0644"
  loop:
    - sshd_config
    - sshd_mirror_config

- name: copy ssh-mirror.service
  copy:
    src: "{{ role_path }}/templates/ssh-mirror.service"
    dest: "/etc/systemd/system/ssh-mirror.service"
    owner: root
    group: root
    mode: "0644"
    
- name: generate keys for sshd
  # is ssh_host_dsa_key or ssh_host_ecdsa_key used anywhere?
  command: 
    cmd: >
      ssh-keygen -q
      -t {{ item.type }}
      -f /etc/ssh/{{ item.file }}
      -N ""
    creates: /etc/ssh/{{ item.file }}
  loop:
    - { file: ssh_host_dsa_key,             type: dsa }
    - { file: ssh_host_ecdsa_key,           type: ecdsa }
    - { file: ssh_host_ed25519_key,         type: ed25519 }
    - { file: ssh_host_rsa_key,             type: rsa }
    - { file: ssh_mirror_host_ed25519_key,  type: ed25519 }
    - { file: ssh_mirror_host_rsa_key,      type: rsa }

- name: create .ssh for mirror and push
  file:
    path: "/home/{{ item }}/.ssh"
    owner: "{{ item }}"
    group: "{{ item }}"
    mode: "0700"
    state: directory
  loop:
    - mirror
    - push

- name: create authorized_keys files for mirror and push
  copy:
    content: ""
    dest: "/home/{{ item }}/.ssh/authorized_keys"
    owner: "{{ item }}"
    group: "{{ item }}"
    mode: "0644"
    force: no
  loop:
    - mirror
    - push

- name: generate key for mirror user
  command:
    cmd: >
      ssh-keygen -q
      -t rsa
      -f /home/mirror/.ssh/id_rsa
      -N ""
    creates: /home/mirror/.ssh/id_rsa

- name: start and enable ssh-mirror
  systemd:
    name: ssh-mirror
    state: started
    enabled: yes

- name: restart ssh
  systemd:
    name: ssh
    state: restarted