---
- name: "create {{ autossh_user }} user"
  user:
    name: "{{ autossh_user }}"
    comment: "{{ autossh_user_comment }}"
    password: "{{ autossh_user_password }}"
    #password_lock: yes
    shell: "{{ autossh_user_shell }}"
    generate_ssh_key: yes
    state: "{{ autossh_user_state }}"
    system: yes
    skeleton: /dev/null

- name: "manage keys {{ item }}"
  ansible.builtin.include_tasks: keys.yaml
  loop:
    - id_dsa
    - id_ecdsa
    - id_ed25519
    - id_rsa

- name: "create {{ autossh_etc_path }}"
  file:
    path: "{{ autossh_etc_path }}"
    owner: root
    group: root
    mode: 0755
    state: directory

- name: install package
  package:
    name: "{{ autossh_package_name }}"
    state: "{{ autossh_package_state }}"

- name: manage keys "{{ item }}"
  ansible.builtin.include_tasks: keys.yaml
  loop:
    - id_dsa
    - id_ecdsa
    - id_ed25519
    - id_rsa

- name: manage authorized keys
  authorized_key:
    user: "{{ autossh_user }}"
    key: "{{ item.key }}"
    comment: "{{ item.comment | default(omit) }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ autossh_authorized_keys | default([]) }}"

- name: configure systemd unit
  template:
    src: autossh.service.j2
    dest: "{{ autossh_systemd_unit_path }}"
    owner: root
    group: root
    mode: 0644
  notify:
    - reload autossh instances
    - autossh daemon-reload
  when: ansible_service_mgr == 'systemd'

- name: configure autossh tunnels
  template:
    src: autossh.j2
    dest: "{{ autossh_etc_path }}/{{ item.name }}"
    owner: root
    group: root
    mode: 0644
  loop: "{{ autossh_config | default([]) }}"
  notify: reload autossh instances

- name: manage services
  systemd:
    name: "autossh@{{ item.name }}.service"
    state: "{{ (item.state | default('present') == 'absent') | ternary('stopped', 'started') }}"
    enabled: "{{ item.state | default('present') != 'absent' }}"
    daemon_reload: true
  loop: "{{ autossh_config | default([]) }}"

- name: remove systemd unit
  file:
    path: "{{ autossh_systemd_unit_path }}"
    state: absent
  notify:
    - autossh daemon-reload
  when:
    - ansible_service_mgr == 'systemd'
    - autossh_systemd_unit_state == "absent"
  no_log: true

- name: configure autossh tunnels
  file:
    path: "{{ autossh_etc_path }}/{{ item.name }}"
    state: absent
  loop: "{{ autossh_config | default([]) }}"
  when:
    - ansible_service_mgr == 'systemd'
    - item.state is defined
    - item.state == "absent"