---
- name: Update SSH configuration for better security
  become: true
  template:
    src: '../templates/sshd_config.j2'
    dest: '/etc/ssh/sshd_config'
    owner: root
    mode: '0600'
    validate: '/usr/sbin/sshd -t -f %s'
  notify: Restart sshd daemon

- name: Find all existing SSH host keys
  find:
    paths: '/etc/ssh'
    patterns: "ssh_host_*_key*"
  register: existing_ssh_host_keys
  when: regenerate_ssh_host_keys | bool

- name: Delete previous existing SSH host keys
  become: true
  file:
    path: "{{ item.path }}"
    state: absent
  loop: "{{ existing_ssh_host_keys.files }}"
  when: regenerate_ssh_host_keys | bool

- name: Generate new SSH host keys
  become: true
  command: ssh-keygen -A
  changed_when: true
  when: regenerate_ssh_host_keys | bool
  notify: Restart sshd daemon