---
- name: distribute authorized_keys on openwrt with python
  hosts:
    - gateways
    - accesspoints
  gather_facts: no
  tasks:
    - name: set root password
      user:
        name: root
        # https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hash-filters
        # using md5 because that is the only? supported hash type for busybox on openwrt 21.03
        password: "{{ lookup('passwordstore', '{{ group_names | first }}/{{ inventory_hostname }}') | password_hash('md5', 65534 | random(seed=inventory_hostname) | string) }}"

    - name: deploy authorized_keys
      copy:
        src: files/authorized_keys
        dest: /etc/dropbear/authorized_keys
        mode: 0600

- name: distribute authorized_keys on openwrt with rsync
  hosts:
    - switches
  gather_facts: no
  tasks:
    - name: deploy authorized_keys
      synchronize:
        src: files/authorized_keys
        dest: /etc/dropbear/authorized_keys
        owner: no
        group: no

- name: distribute authorized_keys everywhere else
  hosts:
    - server
    - vms
  tasks:
    - name: deploy authorized_keys
      authorized_key:
        user: root
        key: "{{ lookup('file', 'files/authorized_keys') }}"