---
- name: Stelle sicher, dass das .ssh-Verzeichnis existiert
  file:
    path: "{{ authorized_keys_file | dirname }}"
    state: directory
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0700'

- name: Lese aktuelle authorized_keys
  slurp:
    src: "{{ authorized_keys_file }}"
  register: current_keys_content
  ignore_errors: true

- name: Bereite aktuelle Keys für den Vergleich vor
  set_fact:
    current_keys: "{{ (current_keys_content['content'] | b64decode).splitlines() if current_keys_content['content'] is defined else [] }}"

- name: Filtern von Schlüsseln, die beibehalten werden
  set_fact:
    retained_keys: "{{ current_keys | difference(good_keys + bad_keys) }}"

- name: Erstelle finale Liste der Keys
  set_fact:
    final_keys: "{{ retained_keys + good_keys }}"

- name: Synchronisiere authorized_keys
  copy:
    content: "{{ final_keys | join('\n') + '\n' }}"
    dest: "{{ authorized_keys_file }}"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0600'
  when: final_keys != current_keys