---

- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
  stat:
    path: /etc/ssh/sshd_config.ORIG
  register: etc_sshd_sshd_config_ORIG
  tags:
    - sshd-config

- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
  command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
  when: etc_sshd_sshd_config_ORIG.stat.exists == False
  tags:
    - sshd-config

- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
  template:
    src: etc/ssh/sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: 0644
    validate: 'sshd -f %s -T'
    #backup: yes
  notify: "Restart ssh"
  tags:
    - sshd-config