---
- name: 'Moduli: Check if "moduli.not-hardened" already exists'
  stat:
    path: "{{ ssh_hardening_moduli_backup }}"
  register: ssh_hardening_moduli_backup_file


- name: 'Moduli: Backup "moduli.not-hardened"'
  shell: 'cp -a {{ ssh_hardening_moduli }} {{ ssh_hardening_moduli_backup }}'
  when: not ssh_hardening_moduli_backup_file.stat.exists


- name: 'Moduli: Check for small Diffie-Hellman moduli'
  shell: "grep -Ec ' 1535 | 2047 ' {{ ssh_hardening_moduli }} || true"
  changed_when: False
  register: ssh_hardening_moduli_small


- name: 'Moduli: Remove small Diffie-Hellman moduli'
  shell: "TMPF=$(mktemp) && awk '$5 >= 3071' {{ ssh_hardening_moduli }} >${TMPF} && mv ${TMPF} {{ ssh_hardening_moduli }}"
  when: ssh_hardening_moduli_small.stdout|int > 0