---

- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
  stat:
    path: /etc/ssh/sshd_config.ORIG
  register: etc_sshd_sshd_config_ORIG
  tags:
    - sshd-config

- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
  command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
  when: etc_sshd_sshd_config_ORIG.stat.exists == False
  tags:
    - sshd-config

- name: (sshd.yml) Create/Update new sshd_config from template sshd_config.j2
  template:
    src: etc/ssh/sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: 0644
    validate: 'sshd -f %s -T'
  notify: "Restart ssh"
  when:
    - create_sftp_group is defined and not create_sftp_group
  tags:
    - sshd-config

- name: (sshd.yml) Create/Update sshd_config for chrooted sftp_group from template sshd_config.j2
  template:
    src: etc/ssh/sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: 0644
    validate: 'sshd -f %s -T -C user=sftp_users'
  notify: "Restart ssh"
  when:
    - create_sftp_group is defined and create_sftp_group
  tags:
    - sshd-config