Use a handler to restart sshd

roles/os_config/handlers/main.yml

@@ -5,3 +5,8 @@
     cmd: "echo 'topic={{ secrets.ntfy_topic }}' > .env && ./install.sh"
     stdin: 20
     chdir: "/home/{{ ansible_user }}/apt-update-push"
+
+- name: Restart sshd
+  service:
+    name: sshd
+    state: restarted

roles/os_config/tasks/ssh.yml

@@ -11,26 +11,18 @@
     regexp: '^#?PubkeyAuthentication '
     line: PubkeyAuthentication yes
     dest: /etc/ssh/sshd_config
-  register: ssh_pubkey
+  notify: Restart sshd
 
 - name: Disallow SSH login with password
   lineinfile:
     regexp: '^#?PasswordAuthentication '
     line: PasswordAuthentication no
     dest: /etc/ssh/sshd_config
-  register: ssh_pw
+  notify: Restart sshd
 
 - name: Disallow root login over SSH
   lineinfile:
     regexp: '^#?PermitRootLogin '
     line: PermitRootLogin no
     dest: /etc/ssh/sshd_config
-  register: ssh_root
+  notify: Restart sshd
-
-- name: Restart sshd
-  service:
-    name: sshd
-    state: restarted
-  when: (ssh_pubkey is defined and ssh_pubkey.changed) or
-        (ssh_pw is defined and ssh_pw.changed) or
-        (ssh_root is defined and ssh_root.changed)