---
- name: Paketlisten aktualisieren
  ansible.builtin.apt:
    update_cache: true
    cache_valid_time: 3600

- name: Detect if system is Proxmox (by checking /etc/pve)
  stat:
    path: /etc/pve
  register: pve_check

- name: OpenSSH Server installieren
  ansible.builtin.apt:
    name: openssh-server
    state: present

- name: Benutzer anlegen (falls nicht vorhanden)
  ansible.builtin.user:
    name: "{{ ssh_user }}"
    shell: /bin/bash
    create_home: true

- name: SSH-Verzeichnis anlegen
  ansible.builtin.file:
    path: "/home/{{ ssh_user }}/.ssh"
    state: directory
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0700'

- name: Trusted SSH keys von GitHub laden
  ansible.builtin.get_url:
    url: "{{ ssh_auth_keys_url }}"
    dest: "/home/{{ ssh_user }}/.ssh/trusted_ssh_keys"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0644'

- name: Alle geladenen Keys in authorized_keys eintragen
  ansible.builtin.command: >
    bash -c "cat /home/{{ ssh_user }}/.ssh/trusted_ssh_keys >> /home/{{ ssh_user }}/.ssh/authorized_keys"
  args:
    creates: "/home/{{ ssh_user }}/.ssh/authorized_keys"
  become: true

- name: Permissions für authorized_keys setzen
  ansible.builtin.file:
    path: "/home/{{ ssh_user }}/.ssh/authorized_keys"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0600'

- name: SSH-Konfiguration per Template übertragen
  ansible.builtin.template:
    src: sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0644'
  notify: Restart SSH
  vars:
    is_proxmox: "{{ pve_check.stat.exists }}"