---
- name: Reconfigure old ssh to new config
  hosts: all
  user: root

  handlers:
    - name: restart ssh
      systemd:
        name: sshd
        state: restarted

  tasks:
    - name: Ensure root ssh directory exists
      file:
        path: /root/.ssh
        state: directory
        owner: root
        group: root
        mode: '0700'

    - name: Ensure authorized_keys file exists
      file:
        path: /root/.ssh/authorized_keys
        state: touch
        owner: root
        group: root
        mode: '0600'

    - name: Purge old authorized_keys file
      shell: "echo '' > /root/.ssh/authorized_keys"

    - name: Import new SSH keys
      authorized_key:
        user: root
        key: "{{ item }}"
        state: present
      loop: "{{ ssh_keys }}"

    - name: Enable Root Login
      lineinfile:
        dest: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: "PermitRootLogin prohibit-password"
        state: present
      notify:
        - restart ssh