#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
---
# Preambulatory system configuration
- hosts: all
  tasks:
    - name: collect service facts
      ansible.builtin.service_facts:
      tags: [ always ]
  roles:
    - role: common
      tags: [ common ]
    - role: adminuser
      tags: [ adminuser, common ]
    - role: willshersystems.sshd
      vars:
        sshd:
          AcceptEnv: "LANG LC_*"
          ChallengeResponseAuthentication: no
          Compression: yes
          PasswordAuthentication: no
          PermitRootLogin: no
          PrintMotd: no
          PubkeyAuthentication: yes
          Subsystem: "sftp  /usr/lib/openssh/sftp-server"
          UsePAM: yes
          X11Forwarding: no
      # We avoid running on "atomic_container" distros since they already ship
      # sshd and since this role doesn't support them
      when: not ansible_pkg_mgr == "atomic_container"
      tags: [ sshd, common ]
- hosts: all:!tags_no-docker
  roles:
    - role: geerlingguy.docker
      tags: [ docker, common, skip-pull ]