---
- name: Include OS family-specific variables
  include_vars: "{{ ansible_facts.os_family }}.yml"

- name: Ensure required packages are installed
  package:
    name: "{{ bootstrap_package_dependencies }}"
    state: present
    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: True

- name: Check whether an SSH key exists
  stat:
    path: "{{ bootstrap_ssh_private_key_path }}"
    get_checksum: False
    get_md5: False
    mime: False
  register: ssh_key_stat

- name: Generate an SSH key
  command: ssh-keygen -t {{ bootstrap_ssh_key_type }} -N '' -f {{ bootstrap_ssh_private_key_path }}
  when: not ssh_key_stat.stat.exists

- name: Ensure SSH public key is in authorized keys
  authorized_key:
    user: "{{ ansible_facts.user_id }}"
    key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}"

- name: Scan for SSH keys
  command: ssh-keyscan {{ item }}
  with_items:
    - localhost
    - 127.0.0.1
  register: keyscan_result
  changed_when: False

- name: Ensure SSH keys are in known hosts
  known_hosts:
    host: "{{ item[0].item }}"
    key: "{{ item[1] }}"
  with_subelements:
    - "{{ keyscan_result.results }}"
    - stdout_lines