- name: setup sshguard
  gather_facts: yes
  hosts: servers
  become: "{{become}}"
  tasks:

  #- debug:
  #    msg:
  #      - "{{ansible_distribution}}"
  #      - "{{ansible_distribution_release}}"

  - name: config files for debian/ubuntu20-
    ansible.builtin.template:
      src: templates/sshguard_ubuntu20.conf.j2
      dest: /etc/sshguard/sshguard.conf
    notify: restart sshguard
    diff: true
    when: >
      ( ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'focal' )

  - name: config files for debian/ubuntu22+
    ansible.builtin.template:
      src: templates/sshguard_ubuntu22.conf.j2
      dest: /etc/sshguard/sshguard.conf
    notify: restart sshguard
    diff: true
    when: >
      ( ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'jammy' ) or
      ( ansible_distribution == 'Linux Mint' and ansible_distribution_release == 'vera' ) or
      ( ansible_distribution == 'Debian' and ansible_distribution_release == 'bookworm' )

  - name: config files for sbo package
    ansible.builtin.template:
      src: templates/sshguard_sbo.conf.j2
      dest: /etc/sshguard.conf
    notify: restart sshguard
    diff: true
    when: >
      ( ansible_distribution == 'Slackware' )

  - name: non-systemd init script
    ansible.builtin.copy:
      src: templates/rc.sshguard
      dest: /etc/rc.d/rc.sshguard
      mode: "755"
    when: >
      ( ansible_distribution == 'Slackware' )
    notify: restart sshguard
    diff: true

  handlers:

  - name: restart sshguard
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "[[ -x /lib/systemd/systemd ]] && systemctl restart sshguard.service || /etc/rc.d/rc.sshguard restart"