---
- name: Ensure .ssh folder is present for user {{ user.username }}
  file:
    path: "{{ user.home }}/.ssh"
    state: directory
    owner: "{{ user.username }}"
    group: "{{ user.group|default(user.username) }}"
    mode: 0700

- name: Generate the keypair for user {{ user.username }}
  openssh_keypair:
    path: "{{ user.home }}/.ssh/key"
    type: ed25519
    state: present
    owner: "{{ user.username }}"
    group: "{{ user.group|default(user.username) }}"
    mode: 0600
    force: no

- name: Place key in user's authorized_keys
  copy:
    src: "{{ user.home }}/.ssh/key.pub"
    dest: "{{ user.home }}/.ssh/authorized_keys"
    remote_src: yes
    owner: "{{ user.username }}"
    group: "{{ user.group|default(user.username) }}"
    mode: 0600
    force: no

- name: Fetch private key of {{ user.username }}
  fetch:
    src: "{{ user.home }}/.ssh/key"
    dest: "/tmp/{{ user.username }}/"
    flat: yes