---
- name: Gather OS specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
    - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version }}.yml"
    - "{{ ansible_distribution|lower }}.yml"
    - "{{ ansible_lsb.id|default('NotAvailable')|lower }}.yml"
    - "{{ (ansible_os_family|lower).split(' ')[0] }}.yml"
    - "default.yml"


- name: "Set «PermitRootLogin» to «without-password»"
  lineinfile:
    dest: '{{ sshd_config_path | default("/etc/ssh/sshd_config") }}'
    regexp: '^#? *PermitRootLogin'
    line: "PermitRootLogin without-password"
    backup: yes
  register: sshconfigchanged


- name: Restart sshd
  service:
    name: "{{ ssh_service_name }}"
    state: restarted
  when: sshconfigchanged is changed