---
# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html#examples
- name: Update ssh key and login permissions
  strategy: free # dont wait for other hosts when executing
  hosts: all
  vars_prompt:
    - name: ssh_key_path
      prompt: enter the path to the ssh key to add
      private: false
    - name: ssh_key_comment
      prompt: enter the comment that should be saved in the authorized_keys file
      private: false
  tasks:

    - name: Add ssh key
      become: true
      async: 120 # Maximum execution time
      poll: 5 # polling interval in seconds
      ansible.posix.authorized_key:
        user: "{{ ansible_user_id }}"
        exclusive: false
        state: present
        key: "{{ lookup('file', ssh_key_path) }}"
        comment: "{{ (ssh_key_comment | length > 0) | ternary(ssh_key_comment, omit) }}"

    - name: Update sshd config
      become: true
      ansible.builtin.blockinfile:
        path: /etc/ssh/sshd_config
        insertbefore: BOF # Beginning of the file
        marker: "# {mark} ANSIBLE MANAGED BLOCK BY LINUX-ADMIN"
        block: |
          PermitRootLogin no
          PubkeyAuthentication yes
          AuthorizedKeysFile .ssh/authorized_keys
          PasswordAuthentication no
        backup: true
        validate: /usr/sbin/sshd -T -f %s

    - name: Restart SSHD
      become: true
      ansible.builtin.service:
        name: sshd
        state: restarted