- name: Configure SSH
  hosts: athelas
  tasks:

  - name: Generate RSA4096 SSH key
    community.crypto.openssh_keypair:
      path: "~/ssh_key"
      size: 4096

  - name: Get SSH Key
    ansible.builtin.fetch:
      dest: "~/ansible/keys"
      src: "~/ssh_key"

  - name: Copy new SSH configuration
    ansible.builtin.template:
      src: "templates/sshd_config.j2"
      dest: "/etc/ssh/sshd_config"

  - name: Generate password
    ansible.builtin.command: openssl rand -base64 12
    register: rand

  - name: Create new user
    ansible.builtin.user:
      name: "test"
      groups: "sudo"
      append: true
      password: "{{ rand.stdout | password_hash('sha512') }}"
    become: true

  - name: Display new user's password
    ansible.builtin.debug:
      msg: "New password is {{ rand.stdout }}"

  - name: Add SSH public key to remote host
    ansible.builtin.authorized_key:
      user: "test"
      key: "{{ lookup('file', '~/ssh_key') }}"
    become: true