---
# TODO: Deploy existing key on the server, don't generate them here
# The key is already in the database

- name: Generate SSH keys for git
  become: true
  become_user: git
  community.crypto.openssh_keypair:
    path: ~/.ssh/id_rsa
    type: rsa
    comment: "git@{{ ansible_fqdn }}"
  register: ssh_key

- name: (TODO) fail because cert isn't generated
  ansible.builtin.fail:
    msg: (TODO) make letsencrypt work and make git.tunuifranken.info point to localhost

- name: Get previously added SSH keys
  ansible.builtin.uri:
    url: https://git.tunuifranken.info/api/v1/user/keys
    method: GET
    user: "{{ forgejo_user }}"
    password: "{{ forgejo_pass }}"
    force_basic_auth: true
  register: present_ssh_keys

- name: List SSH fingerprints
  ansible.builtin.set_fact:
    present_ssh_fingerprints: "{{ present_ssh_keys.json | map(attribute='fingerprint') }}"

- name: Add SSH key using Forgejo's API
  ansible.builtin.uri:
    url: https://git.tunuifranken.info/api/v1/user/keys
    method: POST
    user: "{{ forgejo_user }}"
    password: "{{ forgejo_pass }}"
    force_basic_auth: true
    status_code: 201
    body_format: json
    body:
      key: "{{ ssh_key.public_key | trim }}"
      read_only: false
      title: "{{ ssh_key.comment | trim }}"
  when: ssh_key.fingerprint not in present_ssh_fingerprints