---
- hosts: all
  name: Update ssh keys on all devices
  tasks:
    - import_tasks: tasks/users-preprocessing.yml

    - name: Install public keys
      tags: users_keys
      become: true
      block:
        - name: Ensure SSH directory exists
          file:
            state: directory
            path: /home/{{ item.name }}/.ssh
          loop: "{{ local_users | difference([None]) }}"

        - name: Put keys on remote
          when: item.keys != []
          authorized_key:
            user: "{{ item.name }}"
            key: "{{ item.sshkeys | join('\n') }}"
            state: present
            exclusive: yes
          loop: "{{ local_users | difference([None]) }}"

- hosts: all
  name: Disable SSH password authentication
  tags:
    - always
  tasks:
    - import_tasks: tasks/sshd/disable-password-auth.yml
      when: enable_ssh_password_auth|bool == false