---
# - name: Copy sshd_config
#   template:
#     src: files/sshd_config
#     dest: /etc/ssh/sshd_config

- name: Disable empty password login
  lineinfile: 
    dest: /etc/ssh/sshd_config
    regexp: "^#?PermitEmptyPasswords"
    line: "PermitEmptyPasswords no"
    backrefs: yes
  tags:
    - first_deployement

- name: Disable remote root login
  lineinfile: 
    dest: /etc/ssh/sshd_config 
    regexp: "^#?PermitRootLogin" 
    line: "PermitRootLogin no"
    backrefs: yes
  tags:
    - first_deployement

- name: Add public key for deploy user
  authorized_key: 
    user: "{{ item.username }}" 
    key: "{{ lookup('file', 'sshpubs/' + deploy_public_key) }}"
    state: present
  with_items: "{{ deploy_users }}"
  register: add_identity_key
  tags:
    - first_deployement

- name: Disable password login
  lineinfile: 
    dest: /etc/ssh/sshd_config
    regexp: "^#?PasswordAuthentication" 
    line: "PasswordAuthentication no"
    backrefs: yes
  when: add_identity_key is succeeded and not add_identity_key is skipped
  notify: restart sshd
  tags:
    - first_deployement

- name: Enable SSH daemon
  service: 
    name: sshd
    state: started
    enabled: yes
  tags:
    - first_deployement