- name: Ensure SSH instalation
  become: true
  ansible.builtin.package:
    name: '{{ system_ssh_package }}'
    state: present


- name: Ensure key directory exist
  become: true
  ansible.builtin.file:
    state: directory
    path: '{{ item.keyfile | dirname }}'
    owner: '{{ item.user }}'
    mode: 0700
  with_items: '{{ privatekeytodeploy }}'

- name: Install ssh private key
  become: true
  ansible.builtin.copy:
    content: '{{ item.privatekey }}'
    dest: '{{ item.keyfile }}'
    mode: 0600
    owner: '{{ item.user }}'
  with_items: '{{ privatekeytodeploy }}'


- name: Les connexions par mot de passe sont désactivées
  become: true
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^#?PasswordAuthentication'
    line: 'PasswordAuthentication no'
    state: present
  notify: Restart sshd

- name: Remove root SSH access
  become: true
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin no'
    state: present
  notify: Restart sshd