---
# tasks file for core
- name: Install os-specific packages
  include_tasks: "{{ ansible_os_family | lower }}.yml"

- name: Add identity key to authorized keys on host
  authorized_key:
    user: "{{ ssh_target_user }}"
    key: "{{ ssh_publickey }}"
  register: add_identity_key
  when: ssh_target_user is defined and ssh_publickey is defined

- name: Disable empty password login
  lineinfile:
    dest: "{{ sshd_configfilename }}"
    regexp: '^#?PermitEmptyPasswords'
    line: 'PermitEmptyPasswords no'
  notify: restart sshd

- name: Disable remote root login
  lineinfile:
    dest: "{{ sshd_configfilename }}"
    regexp: '^#?PermitRootLogin'
    line: 'PermitRootLogin no'
  notify: restart sshd

- name: Disable password login
  lineinfile:
    dest: "{{ sshd_configfilename }}"
    regexp: '^(#\s*)?PasswordAuthentication '
    line: 'PasswordAuthentication no'
  when:
    - add_identity_key is succeeded
    - not add_identity_key is skipped
  notify: restart sshd