---
- name: Initialize SSH host keys
  block:
    - name: Generate SSH host keypair
      ansible.builtin.command:
        argv:
        - ssh-keygen
        - -f
        - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
        - -t
        - ed25519
        - -C
        - "{{ vm_fqdn }}"
        - -N
        - ""
        creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"

    - name: Evaluate certificate
      ansible.builtin.stat:
        path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
        get_attributes: no
      register: stat_ssh_cert

#    - name: Sign SSH host key
#      ansible.builtin.command:
#        argv:
#        - ssh-keygen
#        - -s
#        - "{{ ssh_ca_path }}/{{ tenant }}"
#        - -I
#        - "{{ ssh_ca_prefix }} - {{ vm_fqdn }}"
#        - -hn
#        - "{{ vm_fqdn }}"
#        - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub"
#        creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"

    - name: Sign SSH host key
      ansible.builtin.expect:
        command: ssh-keygen -s "{{ ssh_ca_path }}/{{ tenant }}" -I "{{ ssh_ca_prefix }} - {{ vm_fqdn }}" -hn "{{ vm_fqdn }}" "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub"
        responses:
          Enter passphrase: "{{ ca_pp }}"
        timeout: 3
        creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"

    - name: Evaluate public key
      ansible.builtin.stat:
        path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
        get_attributes: no
      register: stat_ssh_spk

  delegate_to: localhost
  tags:
    - init_ssh