---
# tasks file for ssh-key-rotation
- name: Generate New ssh Keys
  command:
    ssh-keygen
      -t rsa
      -b {{ ssh_key_bits }}
      -N "{{ passphrase }}" -q
      -f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
      -C {{ ssh_key_comment }}
  when: inventory_hostname == play_hosts[0]
  args:
    creates: "{{ lookup('env','HOME')}}/{{ ssh_key_path }}"
  delegate_to: localhost

- name: Store then value of the ssh key path
  set_fact: key_path={{ lookup('env','HOME')}}/{{ ssh_key_path }}

- name: Set Authorized key(s) to the authorized keys file
  become: yes
  become_user: root
  authorized_key:
    exclusive: '{{ is_exclusive }}'
    user: '{{ ssh_host_user }}'
    state: present
    path: '{{ authorized_keys_path }}'
    manage_dir: '{{ should_manage_dir }}'
    key: "{{ lookup('file', key_path + '.pub') }}"

- name: Test if the new ssh key is allowed to make connections
  shell: ssh {{ssh_host_user }}@{{ inventory_hostname }} "echo success"
  delegate_to: localhost