Still play with vars precedence and try backrefs for lineinfile

Choux.yml

@@ -2,12 +2,12 @@
 - hosts: localhost
   connection: local
 
+  vars:
+    - deploy_public_key: files/id_ed25519_home.pub
+
   vars_files:
     - vars/common.yml
 
-  extra_vars:
-    - deploy_public_key: files/id_ed25519_home.pub
-
   tasks:
     - include: tasks/arch_CLI_packages.yml
     - include: tasks/zsh.yml

tasks/ssh.yml

@@ -1,20 +1,22 @@
 ---
-- name: Copy sshd_config
-  template:
-    src: files/sshd_config
-    dest: /etc/ssh/sshd_config
+# - name: Copy sshd_config
+#   template:
+#     src: files/sshd_config
+#     dest: /etc/ssh/sshd_config
 
 - name: Disable empty password login
   lineinfile: 
     dest: /etc/ssh/sshd_config
     regexp: "^#?PermitEmptyPasswords"
     line: "PermitEmptyPasswords no"
+    backrefs: yes
 
 - name: Disable remote root login
   lineinfile: 
     dest: /etc/ssh/sshd_config 
     regexp: "^#?PermitRootLogin" 
     line: "PermitRootLogin no"
+    backrefs: yes
 
 - name: debug
   debug:
@@ -33,6 +35,7 @@
     dest: /etc/ssh/sshd_config
     regexp: "^#?PasswordAuthentication" 
     line: "PasswordAuthentication no"
+    backrefs: yes
   when: add_identity_key is success and not add_identity_key is skipped
   notify: restart sshd