---

# Drop the vault key
- hosts: all
  pre_tasks:
    - name: Create the vault key path
      file:
        path: "{{ vault_key_path | dirname }}"
        state: directory
        owner: "{{ ansible_user }}"
  tasks:
    - name: Drop the vault key
      copy:
        content: "{{ vault_secret.key }}"
        dest: "{{ vault_key_path }}"
        mode: '0600'

# Drop the SSH proxyjump configuration
- hosts: all
  become: yes
  become_user: root
  tasks:
    - name: Ensure the SSH configuration directory exists
      file:
        path: /root/.ssh
        state: directory
    - name: Copy the SSH proxy configuration
      copy:
        src: "{{ lsn_ci_src_path }}/ssh/ssh_config"
        dest: /root/.ssh/config
        remote_src: yes

# Start SSH agent and load the deployment key
- hosts: all
  tasks:
    # Load the deployment SSH key
    - name: Create the SSH private key tempfile
      tempfile:
        state: file
      register: ssh_private_key_tmp
    - name: Create SSH private key from secret
      copy:
        content: "{{ ssh_key_secret.id_rsa }}"
        dest: "{{ ssh_private_key_tmp.path }}"
        mode: '0600'
    - name: Start the SSH agent
      command: "ssh-agent -a {{ ssh_agent_sock }}"
    - name: Add the SSH key
      command: "ssh-add {{ ssh_private_key_tmp.path }}"
      environment:
        SSH_AUTH_SOCK: "{{ ssh_agent_sock }}"
    - name: Remove the SSH private key from disk
      command: "shred -u {{ ssh_private_key_tmp.path }}"
    # Prepare the submodules
    - name: Init the submodules
      command: git submodule update --init
      args:
        chdir: "{{ lsn_ci_src_path }}"