---

- name: Allow ssh on firewall
  ufw:
    rule: allow
    port: 22
    proto: tcp

- name: Disable password authentication on ssh
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^PasswordAuthentication "
    line: "PasswordAuthentication no"
  notify: restart ssh

# TODO Collect SSH Host Keys