#
# https://www.howtouselinux.com/post/create-user-with-ansible
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html
# https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html
# https://www.codesandnotes.be/2020/01/13/generate-ssh-keys-using-ansible/
# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
#
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/find_module.html
#
# https://stackoverflow.com/questions/4411457/how-do-i-verify-check-test-validate-my-ssh-passphrase
#
# - an issue i found while trying to update a user's ssh key
#   - although the docs state that this can be done...it did not work for me !
#   - the only thing that worked was to remove previous keys and then add new ones
#
#
---
- name: "13.1 -- custom ansible - create/update user with a prompt"
  hosts: dev
  become: yes  # Run tasks with root/sudo privileges
  vars:
    username: testuser1

  vars_prompt:
    - name: "passphrase"
      prompt: "enter the passphrase for the ssh key"

  tasks:
#    - name: backup users ssh keys
#      ansible.builtin.shell: |
#        sudo mv /home/{{ username }}/.ssh/id_ed25519 /home/{{ username }}/.ssh/id_ed25519_BAK 
#             mv /home/{{ username }}/.ssh/id_ed25519.pub /home/{{ username }}/.ssh/id_ed25519.pub_BAK 
#        exit 0
#      tags: ['backup_ssh_files']

    - name: find files to delete w/ wildcard
      ansible.builtin.find:
        path: /home/{{ username }}/.ssh
        patterns: 'id_ed25519*'
      register: ssh_keys      

    - name: remove users ssh keys
      ansible.builtin.file:
        path: "{{ item.path }}"
        state: absent
      with_items: "{{ ssh_keys.files }}"
      tags: ['remove_ssh_files']

    - name: update user
      ansible.builtin.user:
        name: "{{ username }}"
        state: present                                         # ensure the user is present
        generate_ssh_key: true
        force: true
        ssh_key_type: ed25519
        ssh_key_passphrase: "{{ passphrase }}"
        ssh_key_file: .ssh/id_ed25519
      tags: ['update_user']

#
# received the following when running this playbook:
#
#   TASK [create user] *************************************************
#  
#   [DEPRECATION WARNING]: Encryption using the Python crypt module is
#   deprecated. The Python crypt module is deprecated and will be removed
#   from Python 3.13. Install the passlib library for continued encryption
#   functionality. This feature will be removed in version
#   2.17. Deprecation warnings can be disabled by setting
#   deprecation_warnings=False in ansible.cfg.
#