From fad2dc0217b54e02be7f077c0e93735a7a0323f8 Mon Sep 17 00:00:00 2001
From: Bertrand Benjamin <benjamin.bertrand@opytex.org>
Date: Fri, 24 Aug 2018 11:22:07 +0200
Subject: [PATCH] Still play with vars precedence and try backrefs for
 lineinfile

---
 Choux.yml     |  6 +++---
 tasks/ssh.yml | 11 +++++++----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/Choux.yml b/Choux.yml
index 6a884d2..b32022e 100644
--- a/Choux.yml
+++ b/Choux.yml
@@ -2,12 +2,12 @@
 - hosts: localhost
   connection: local
 
+  vars:
+    - deploy_public_key: files/id_ed25519_home.pub
+
   vars_files:
     - vars/common.yml
 
-  extra_vars:
-    - deploy_public_key: files/id_ed25519_home.pub
-
   tasks:
     - include: tasks/arch_CLI_packages.yml
     - include: tasks/zsh.yml
diff --git a/tasks/ssh.yml b/tasks/ssh.yml
index 56a80fe..0347c90 100644
--- a/tasks/ssh.yml
+++ b/tasks/ssh.yml
@@ -1,20 +1,22 @@
 ---
-- name: Copy sshd_config
-  template:
-    src: files/sshd_config
-    dest: /etc/ssh/sshd_config
+# - name: Copy sshd_config
+#   template:
+#     src: files/sshd_config
+#     dest: /etc/ssh/sshd_config
 
 - name: Disable empty password login
   lineinfile: 
     dest: /etc/ssh/sshd_config
     regexp: "^#?PermitEmptyPasswords"
     line: "PermitEmptyPasswords no"
+    backrefs: yes
 
 - name: Disable remote root login
   lineinfile: 
     dest: /etc/ssh/sshd_config 
     regexp: "^#?PermitRootLogin" 
     line: "PermitRootLogin no"
+    backrefs: yes
 
 - name: debug
   debug:
@@ -33,6 +35,7 @@
     dest: /etc/ssh/sshd_config
     regexp: "^#?PasswordAuthentication" 
     line: "PasswordAuthentication no"
+    backrefs: yes
   when: add_identity_key is success and not add_identity_key is skipped
   notify: restart sshd