---
- name: ensure sshd_config.d directory exists
  become: true
  file:
    path: "/etc/ssh/sshd_config.d"
    state: directory
    owner: root
    group: root
    mode: "0755"

- name: deploy sshd config file
  become: true
  template:
    src: "00-sshd_config-hardening.conf.j2"
    dest: "/etc/ssh/sshd_config.d/00-sshd_config-hardening.conf"
    owner: root
    group: root
    mode: "0644"
    validate: "sshd -t -f %s"

- name: restart SSH service
  become: true
  service:
    name: ssh
    state: restarted