---
- name: add sftp user
  user:
    name: "{{ sftpuser }}"
    group: "{{ sftpgroup }}"
    password: "{{ ftphash }}"
  become: true

- name: Make sure password authentification is enabled
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^PasswordAuthentication"
    line: "PasswordAuthentication yes"
    state: present
  become: true

- name: Add sftp config to sshd_config
  blockinfile:
    path: /etc/ssh/sshd_config
    block: |
      Match User {{ sftpuser }}
        ForceCommand internal-sftp
        PasswordAuthentication yes
        PermitTunnel no
        AllowAgentForwarding no
        AllowTcpForwarding no
        X11Forwarding no
  become: true

- name: restart sshd-server
  service:
    name: sshd
    state: restarted
  become: true
  when: ansible_distribution == "Ubuntu" and (ansible_facts['distribution_version'] == "22.04" or ansible_facts['distribution_version'] == "20.04")

- name: restart ssh-server
  service:
    name: ssh
    state: restarted
  become: true
  when: ansible_distribution == "Ubuntu" and ansible_facts['distribution_version'] == "24.04"