---
- name: Deploy SSH Keys to Linux Hosts
  hosts: linux_hosts:proxmox_cluster:proxmox_hosts:xcpng_hosts
  gather_facts: false
  become: true
  vars:
    # Ensure the slug is passed from your onboarding script or Semaphore env
    # client_slug: "myclient"
    public_key_path: "/root/.ssh/client_{{ CLIENT_SLUG }}.pub"

  tasks:
    - name: Ensure .ssh directory exists
      ansible.builtin.file:
        path: "~{{ ansible_user }}/.ssh/"
        state: directory
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"
        mode: '0700'
      when: not (is_lxc | default(false) | bool) # Skips if it's an LXC
    - name: Deploy public SSH key
      ansible.posix.authorized_key:
        user: "{{ ansible_user }}"
        state: present
        # Use lookup to read the local key file on the Semaphore server
        key: "{{ lookup('file', public_key_path) }}"
      when: not (is_lxc | default(false) | bool) # Skips if it's an LXC