From 3e55768c4952a750b7ac1c325557d6d7ecf460bc Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Sat, 14 Oct 2023 07:20:57 +0200
Subject: [PATCH] evolinux-base: replace value if present

---
 evolinux-base/tasks/root.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/evolinux-base/tasks/root.yml b/evolinux-base/tasks/root.yml
index 8910b5fa..a3b51f5d 100644
--- a/evolinux-base/tasks/root.yml
+++ b/evolinux-base/tasks/root.yml
@@ -90,7 +90,7 @@
     - "set shiftwidth=4"
   when: evolinux_root_vim_conf | bool
 
-- name: disable SSH access for root
+- name: disable SSH access for root (Debian < 12)
   ansible.builtin.replace:
     dest: /etc/ssh/sshd_config
     regexp: '^#?PermitRootLogin (yes|without-password|prohibit-password)'
@@ -115,6 +115,7 @@
   ansible.builtin.lineinfile:
     path: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
     line: "PermitRootLogin no"
+    regexp: "^#?PermitRootLogin "
     create: yes
     mode: "0644"
     validate: '/usr/sbin/sshd -t -f %s'