---
- name: find systemctl service for openssh-server
  ansible.builtin.shell:
    cmd: |-
      incus exec {{ lte_container_name }} -- \
          systemctl status ssh.service
  register: ssh_service
  changed_when: false
  failed_when: false
- name: set fact ssh_service_exists
  ansible.builtin.set_fact:
    ssh_service_exists: '{{ ssh_service.rc == 0 }}'
- name: install system package openssh-server
  ansible.builtin.shell:
    cmd: |-
      incus exec {{ lte_container_name }} -- \
          apt install -y openssh-server
  register: ssh_pkg
  when: not ssh_service_exists
- name: check openssh server configuration for root access
  ansible.builtin.shell:
    cmd: |-
      incus exec {{ lte_container_name }} -- \
          grep -e "^PermitRootLogin yes$" /etc/ssh/sshd_config
  register: root_access
  changed_when: false
  failed_when: false
- name: set fact ssh_root_login_allowed
  ansible.builtin.set_fact:
    ssh_root_login_allowed: '{{ root_access.rc == 0 }}'
- name: configure openssh server to allow root access via ssh
  ansible.builtin.shell:
    cmd: |-
      incus exec {{ lte_container_name }} -- \
          sed -i "$ a PermitRootLogin yes" /etc/ssh/sshd_config
  register: sshd_config
  when: not ssh_root_login_allowed
- name: set fact ssh_server_installed
  ansible.builtin.set_fact:
    ssh_pkg_installed: '{{ ssh_pkg.changed and ssh_pkg.rc == 0 }}'
- name: enable openssh server systemd service
  ansible.builtin.shell:
    cmd: |-
      incus exec {{ lte_container_name }} -- \
          systemctl enable --now ssh.service
  when: ssh_pkg_installed
- name: set fact sshd_config_touched
  ansible.builtin.set_fact:
    sshd_config_touched: '{{ sshd_config.changed and sshd_config.rc == 0 }}'
- name: restart openssh server systemd service
  ansible.builtin.shell:
    cmd: |-
      incus exec {{ lte_container_name }} -- \
          systemctl restart ssh.service
  when: sshd_config_touched
- name: find container ip address
  ansible.builtin.command: incus ls -c=4 -f=compact {{ lte_container_name }}
  register: ipv4
  changed_when: false
  when: sshd_config_touched
- name: set fact ipv4
  ansible.builtin.set_fact:
    ipv4: '{{ ipv4.stdout_lines[1] }}'
  when: sshd_config_touched
- name: extract ipv4 address of the linux container
  ansible.builtin.set_fact:
    ipv4: "{{ ipv4 | regex_search('([0-9]+.[0-9]+.[0-9]+.[0-9]+)') }}"
  when: sshd_config_touched
- name: ssh-copy-id from server on the Edge to linux container
  ansible.builtin.shell:
    cmd: |-
      sshpass -p {{ lte_container_root_pwd }} \
          ssh-copy-id -o StrictHostKeyChecking=no root@{{ ipv4 }}
  when: sshd_config_touched