---
- name: Bootstrap local known_hosts from inventory
  hosts: localhost
  gather_facts: false

  tasks:
    - name: Ensure local ~/.ssh directory exists
      ansible.builtin.file:
        path: "{{ lookup('env', 'HOME') }}/.ssh"
        state: directory
        mode: "0700"

    - name: Add VM host keys to local known_hosts
      ansible.builtin.known_hosts:
        path: "{{ lookup('env', 'HOME') }}/.ssh/known_hosts"
        name: "{{ hostvars[item][\"ansible_host\"] }}"
        key: "{{ lookup('pipe', 'ssh-keyscan -H ' ~ hostvars[item][\"ansible_host\"]) }}"
        state: present
      loop: "{{ groups[\"proxmox_vms\"] }}"

- name: Add this client SSH public key to VM user
  hosts: proxmox_vms
  gather_facts: false

  vars:
    target_user: vrubel
    key_file: "{{ lookup('env', 'HOME') }}/.ssh/id_ed25519.pub"

  tasks:
    - name: Add public key to authorized_keys
      ansible.posix.authorized_key:
        user: "{{ target_user }}"
        state: present
        key: "{{ lookup('file', key_file) }}"