- name: Ensure SSH directory exists
  file:
    path: /etc/ssh
    state: directory
    mode: '0755'

- name: Configure SSH server
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^{{ item.key }}"
    line: "{{ item.key }} {{ item.value }}"
    create: yes
    state: present
  loop:
    - { key: "Port", value: "22" }
    - { key: "PubkeyAuthentication", value: "yes" }
    - { key: "X11Forwarding", value: "yes" }
    - { key: "PrintMotd", value: "no" }
    - { key: "UsePAM", value: "yes" }
  notify: Restart SSH

- name: Ensure SSH service is enabled and running
  service:
    name: sshd
    state: started
    enabled: yes