---
#- name: Disallow root SSH access
#  lineinfile:
#    dest: /etc/ssh/sshd_config 
#    regexp: "^PermitRootLogin"
#    line: "PermitRootLogin no"
#    state: present
#  notify: Restart ssh


# untested on debian/ubuntu
- name: disable services
  service:
    name: "{{ item }}"
    state: stopped
    enabled: no
  with_items:
    - postfix
    - rpcbind
    - rsyncd.service
    - rsyncd.socket
  ignore_errors: true

- name: disable password auth
  lineinfile:
    dest: /etc/ssh/sshd_config 
    regexp: "^PasswordAuthentication" 
    line: "PasswordAuthentication no"
    state: present
  notify: restart sshd