---
- name: openssh - install
  package: name=openssh-server
  when: ansible_os_family == "Debian"

- name: openssh - install
  package: name=openssh
  when: ansible_os_family != "Debian"

- name: openssh - start and enable
  service: name=ssh state=started enabled=yes
  when: ansible_os_family == "Debian"

- name: openssh - start and enable
  service: name=sshd state=started enabled=yes
  when: ansible_os_family != "Debian"

- name: openssh - config
  template:
    dest: /etc/ssh/sshd_config
    src: sshd_config.j2
    owner: root
    group: root
    mode: 0644
    validate: '/usr/sbin/sshd -T -f %s'
  notify: restart openssh

- name: openssh - root keys
  authorized_key: "user=root key={{ item.key }} state={{ item.state | default('present') }}"
  with_items: "{{ common_openssh_keys_root }}"
  when: common_openssh_keys_root
  tags: 'ssh-keys'

- name: openssh - host keys
  copy: src=known_hosts dest=/etc/ssh/ssh_known_hosts
  failed_when: false

- name: openssh - truncate /etc/motd
  copy: dest=/etc/motd content='' force=yes

- name: openssh - set shell to bash
  user: name=root shell=/bin/bash