---
- name: wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings
  hosts: localhost
  pre_tasks:
    - name: use python3
      set_fact:
        ansible_python_interpreter: /usr/bin/python3
      when: ansible_facts.distribution == 'Fedora'

    - yum:
        name:
          - openssh-clients
          - openssh-server
          - libselinux-python
        state: present
        update_cache: true
      ignore_errors: true

    - dnf:
        name:
          - openssh-clients
          - openssh-server
          - procps-ng
        state: present
        update_cache: true
      ignore_errors: true

    - apt:
        name:
          - openssh-client
          - openssh-server
        state: present
        update_cache: true
      ignore_errors: true

    - file:
        path: "/var/run/sshd"
        state: directory

    - pacman:
        name:
          - "openssh"
          - "awk"
        state: present
        update_cache: true
      ignore_errors: true

    - name: create ssh host keys
      command: "ssh-keygen -A"
      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or
            ansible_facts.distribution == "Fedora" or
            ansible_facts.distribution == "Amazon"
  roles:
    - ansible-ssh-hardening