---

 - name: SSH
   become: yes
   package:
     name:
       - bash
       - sudo

 - name: SSH Config
   become: yes
   copy: 
       src: ssh_config
       dest: /etc/ssh/ssh_config

 - name: SSHD Config
   become: yes
   copy: 
       src: sshd_config
       dest: /etc/ssh/sshd_config

 - name: Mark SSH keys as immutable
   become: yes
   file:
       path: "{{ item }}" 
       attributes: i
   loop: 
       - /etc/ssh/ssh_host_ed25519_key
       - /etc/ssh/ssh_host_ed25519_key.pub
       - /etc/ssh/ssh_host_rsa_key
       - /etc/ssh/ssh_host_rsa_key.pub

 - name: Add SSH control groups
   become: yes
   group: 
       name: "{{ item }}"
       state: present
   loop: 
       - ssh-allow
       - ssh-forward
       - sftp-home-jail

 - name: Add SSH user to ssh-allow
   become: yes
   user: 
       name: "{{ ansible_user_id }}"
       groups: ssh-allow
       append: yes