- name: Enable SSH root login in sshd_config
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PermitRootLogin'
    line: 'PermitRootLogin prohibit-password'
    state: present
  notify: restart sshd

- name: Set up authorized_keys file for root
  file:
    path: /root/.ssh
    state: directory
    mode: '0700'
    owner: root
    group: root

- name: Ensure authorized_keys keys
  copy:
    dest: /root/.ssh/authorized_keys
    content: "{{ vars.ssh_keys | join('\n') }}"
    owner: root
    group: root
    mode: '0600'

- name: Ensure ssh service is started and enabled
  systemd:
    name: ssh
    enabled: yes
    state: started
  when: ansible_os_family == 'Debian'

- name: Ensure sshd service is started and enabled
  systemd:
    name: sshd
    enabled: yes
    state: started
  when: ansible_os_family == 'Archlinux'