---
- set_fact:
    has_bastion: "{{ 'bastion' in groups['all'] }}"

- set_fact:
    bastion_ip: "{{ hostvars['bastion']['ansible_ssh_host'] }}"
  when: has_bastion

# As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly
# To figure out the real ssh user, we delegate this task to the bastion and store the ansible_ssh_user in real_user
- set_fact:
    real_user: "{{ ansible_ssh_user }}"
  delegate_to: bastion
  when: has_bastion

- name: create ssh bastion conf
  become: false
  template: src=ssh-bastion.conf dest="{{ playbook_dir }}/ssh-bastion.conf"