---
# - name: ssh -- Copy sshd_config
#   template:
#     src: files/sshd_config
#     dest: /etc/ssh/sshd_config

- name: ssh -- Disable empty password login
  lineinfile: 
    dest: /etc/ssh/sshd_config
    regexp: "^#?PermitEmptyPasswords"
    line: "PermitEmptyPasswords no"
    backrefs: yes
  tags:
    - first_deployement

- name: ssh -- Disable remote root login
  lineinfile: 
    dest: /etc/ssh/sshd_config 
    regexp: "^#?PermitRootLogin" 
    line: "PermitRootLogin no"
    backrefs: yes
  tags:
    - first_deployement

- name: ssh -- Disable password login
  lineinfile: 
    dest: /etc/ssh/sshd_config
    regexp: "^#?PasswordAuthentication" 
    line: "PasswordAuthentication no"
    backrefs: yes
  when: add_identity_key is succeeded and not add_identity_key is skipped
  notify: restart sshd
  tags:
    - first_deployement

- name: ssh -- Enable SSH daemon (not Debian)
  service: 
    name: sshd
    state: started
    enabled: yes
  tags:
    - first_deployement
  when: ansible_distribution != 'Debian'

- name: ssh -- Enable SSH daemon (Debian)
  service: 
    name: ssh
    state: started
    enabled: yes
  when: ansible_distribution == 'Debian'