servers/roles/windows/tasks/main.yml

- include_tasks: interface.yml
  loop: "{{ interfaces }}"
  loop_control:
    label: "{{ interface.name }}"
    loop_var: interface

- name: Disable SSH password authentication
  win_lineinfile:
    path: c:\ProgramData\ssh\sshd_config
    regexp: '^#?{{ item.key }}'
    line: "{{ item.key }} {{ item.value }}"
  loop:
    - key: "PasswordAuthentication"
      value: "no"
    - key: "PermitRootLogin"
      value: "prohibit-password"
  notify: restart sshd

- name: Set default shell to powershell
  win_regedit:
    path: HKLM:\SOFTWARE\OpenSSH
    name: DefaultShell
    data: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  notify: restart sshd

- name: Set authorized SSH keys
  win_copy:
    dest: C:\ProgramData\ssh\administrators_authorized_keys
    content: "{{ ssh_keys | join('\n') }}"

- name: Enable ssh
  win_service:
    name: sshd
    start_mode: auto
    state: started