From 7a6d11c5487c060b01fbda3c8da76904b12852bb Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Tue, 27 Dec 2022 19:14:14 +0100
Subject: [PATCH] Use a handler to restart sshd

---
 roles/os_config/handlers/main.yml |  5 +++++
 roles/os_config/tasks/ssh.yml     | 14 +++-----------
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/roles/os_config/handlers/main.yml b/roles/os_config/handlers/main.yml
index 7fac077..662c7f5 100644
--- a/roles/os_config/handlers/main.yml
+++ b/roles/os_config/handlers/main.yml
@@ -5,3 +5,8 @@
     cmd: "echo 'topic={{ secrets.ntfy_topic }}' > .env && ./install.sh"
     stdin: 20
     chdir: "/home/{{ ansible_user }}/apt-update-push"
+
+- name: Restart sshd
+  service:
+    name: sshd
+    state: restarted
diff --git a/roles/os_config/tasks/ssh.yml b/roles/os_config/tasks/ssh.yml
index 5662da6..fb3a57a 100644
--- a/roles/os_config/tasks/ssh.yml
+++ b/roles/os_config/tasks/ssh.yml
@@ -11,26 +11,18 @@
     regexp: '^#?PubkeyAuthentication '
     line: PubkeyAuthentication yes
     dest: /etc/ssh/sshd_config
-  register: ssh_pubkey
+  notify: Restart sshd
 
 - name: Disallow SSH login with password
   lineinfile:
     regexp: '^#?PasswordAuthentication '
     line: PasswordAuthentication no
     dest: /etc/ssh/sshd_config
-  register: ssh_pw
+  notify: Restart sshd
 
 - name: Disallow root login over SSH
   lineinfile:
     regexp: '^#?PermitRootLogin '
     line: PermitRootLogin no
     dest: /etc/ssh/sshd_config
-  register: ssh_root
-
-- name: Restart sshd
-  service:
-    name: sshd
-    state: restarted
-  when: (ssh_pubkey is defined and ssh_pubkey.changed) or
-        (ssh_pw is defined and ssh_pw.changed) or
-        (ssh_root is defined and ssh_root.changed)
+  notify: Restart sshd