feat: move ssh password auth to dedicated task (#3)

## What ❔
Move task for disabling SSH password auth to dedicated task

## Why ❔
For more transparency

## Checklist

<!-- Check your PR fulfills the following items. -->
<!-- For draft PRs check the boxes as you complete them. -->

- [x] PR title corresponds to the body of PR (we generate changelog
entries from PRs).
- [x] Documentation comments have been added / updated.

tasks/firewall.yml

@@ -65,16 +65,3 @@
     ip_version: ipv6
     state: saved
     path: /etc/iptables/rules.v6
-
-- name: Disable SSH password authentication
-  when: disable_ssh_password_auth
-  ansible.builtin.lineinfile:
-    path: /etc/ssh/sshd_config
-    regexp: '^#PasswordAuthentication yes'
-    line: 'PasswordAuthentication no'
-
-- name: Restart ssh
-  when: disable_ssh_password_auth
-  ansible.builtin.service:
-    name: ssh
-    state: restarted

tasks/main.yml

@@ -3,5 +3,9 @@
   ansible.builtin.include_tasks: firewall.yml
   when: use_predefined_iptables
 
+- name: Disable SSH password auth
+  ansible.builtin.include_tasks: ssh-config.yml
+  when: disable_ssh_password_auth
+
 - name: Prepare configs
   ansible.builtin.include_tasks: provision.yml

tasks/ssh-config.yml

@@ -0,0 +1,11 @@
+---
+- name: Disable SSH password authentication
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#PasswordAuthentication yes'
+    line: 'PasswordAuthentication no'
+
+- name: Restart ssh
+  ansible.builtin.service:
+    name: ssh
+    state: restarted