---
# tasks file for base

  - name: "Check if all variable is here"
    assert:
      that:
        - root_password is defined
        
  - name: Change root password
    user: 
      name: root
      password: "{{ root_password | string | password_hash('sha512') }}"
      update_password: "always"
    no_log: "{{ no_log | default(true) }}"
  
  - name: Generate SSH key
    community.crypto.openssh_keypair:
      path: /root/.ssh/id_ed25519
      type: ed25519
      mode: "0600"
      comment: "root@{{ inventory_hostname }}"
      force: "{{ force_ssh_key_regen | default(false) }}"

  - name: Get Public Keys
    ansible.builtin.fetch:
      src: /root/.ssh/id_ed25519.pub
      flat: true
      dest: "public_keys/{{ inventory_hostname }}/"
  
  - name: Merge authorized_key list
    set_fact:
       ssh_pub_keys: "{{ default_ssh_pub_keys + (extra_ssh_pub_keys | default([])) }}"


  - name: Add authorized key
    ansible.posix.authorized_key:
      user: root
      key: "{{ ssh_pub_keys | join('\n') }}"
      exclusive: true