From bc3b1182ea1079b5b80451e9d580d14cb1da27ed Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 20 Apr 2018 10:25:06 +0200
Subject: [PATCH] evolinux-users: default to AllowGroups (for SSH) in Debian 10

---
 evolinux-users/tasks/ssh.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml
index ff7cf85a..70570c63 100644
--- a/evolinux-users/tasks/ssh.yml
+++ b/evolinux-users/tasks/ssh.yml
@@ -27,10 +27,10 @@
     msg: "We can't deal with AllowUsers and AllowGroups at the same time"
 
 - set_fact:
-    # If "AllowGroups is present" or "AllowUsers is absent and Debian 9+",
-    ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version | version_compare('9', '>='))) }}"
-    # If "AllowGroups is absent" and "AllowUsers is absent or Debian <9"
-    ssh_allowusers:  "{{ (grep_allowusers_ssh.rc == 0) or (grep_allowgroups_ssh.rc != 0 and (ansible_distribution_major_version | version_compare('9', '<'))) }}"
+    # If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
+    ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version | version_compare('10', '>='))) }}"
+    # If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"
+    ssh_allowusers:  "{{ (grep_allowusers_ssh.rc == 0) or (grep_allowgroups_ssh.rc != 0 and (ansible_distribution_major_version | version_compare('10', '<'))) }}"
 
 - debug:
     var: ssh_allowgroups