---
- name: Configure SSH server
  block:
    - name: Switch user
      set_fact:
        ansible_user_original: "{{ lookup('env', 'USER') }}"
        ansible_ssh_private_key_file_original: "{{ ansible_ssh_private_key_file }}"
        ansible_user: install
        ansible_ssh_private_key_file: "{{ installkey }}"
    
    - name: Test 1
      ansible.builtin.raw: whoami
      vars:
        - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
    
    - name: Install SSH host certificate
      ansible.builtin.copy:
        checksum: "{{ stat_ssh_cert.stat.checksum }}"
        dest: "/etc/ssh/{{ vm_name }}"
        group: root
        local_follow: no
        mode: 0400
        owner: root
        src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
      become: yes
      become_method: sudo
      become_user: root
      vars:
        - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
   
    - name: Install SSH host key
      ansible.builtin.copy:
        checksum: "{{ stat_ssh_spk.stat.checksum }}"
        dest: "/etc/ssh/{{ vm_name }}-cert.pub"
        group: root
        local_follow: no
        mode: 0444
        owner: root
        src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
      become: yes
      become_method: sudo
      become_user: root
      vars:
        - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
 
    - name: Install sshd configuration
      ansible.builtin.script:
        cmd: "../shell/configure_sshd.sh '{{ ca_pk }}'"
      become: yes
      become_method: sudo
      become_user: root
      vars:
        - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
  
    - name: Switch user
      set_fact:
        ansible_user: "{{ ansible_user_original }}"
        ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file_original }}"
    
    - name: Test 2
      ansible.builtin.raw: whoami
    
  tags:
    - init_ssh