---
- hosts: all
  gather_facts: false
  tasks:
    - name: ensure SSH login with password is disabled
      lineinfile:
        dest: /etc/ssh/sshd_config
        regexp: "^#?PasswordAuthentication"
        line: PasswordAuthentication no
        state: present
      become: yes
      notify:
      - restart ssh

    - name: Set authorized key taken from file
      ansible.posix.authorized_key:
        user: "{{ ansible_ssh_user }}"
        state: present
        key: "{{ lookup('file', item) }}"
      with_items:
        - keys/bbrown.pub
        - keys/bclough.pub
        - keys/dbotting.pub
        - keys/gperkins.pub
        - keys/palvarez.pub

  handlers:
    - name: restart ssh
      service:
        name: ssh
        state: restarted
      become: yes