---
# This ansible-playbook prepares freshly initiated vagrant
# servers for work with ansible.
#
# It should be played as first thing after running `vagrant`
# on the remote host.
#
# The documentation for this playbook is in `README.vhosts.rst`.  Please read
# it! Do not run this playbook without having read the README.
#
- hosts: yet-untouched
  become: yes
  vars:
    # Enable root access via SSH? Set to false not before user
    # accounts are active.
    permit_ssh_root: false

  roles:
  - openssh

  handlers:
  - name: "Restart sshd"
    service:
      name="ssh"
      enabled=yes
      state=restarted

  tasks:
  - name: Disable SSH root access
    # make sure this is not run before you can log in otherwise!
    lineinfile:
      dest=/etc/ssh/sshd_config
      backrefs=yes
      line='PermitRootLogin no'
      regexp='^PermitRootLogin yes'
      state=present
    notify: "restart sshd"
    when: not permit_ssh_root