- name: deploy SSH private key on Ansible controller
  hosts: localhost
  vars_files:
    - vars/main.yml
  gather_facts: false
  tasks:
    - name: Retrieve secrets
      ansible.builtin.include_tasks:
        file: "tasks/retrieve_secret_vars.yml"

    - name: Deploy SSH private key
      copy:
        src: "{{ ansible_user_dir }}/{{ ANSIBLE_WORKDIR }}/id_rsa"
        dest: "{{ ansible_user_dir }}/.ssh/"
        mode: 0600

    - name: Deploy SSH public key
      copy:
        src: "{{ ansible_user_dir }}/{{ ANSIBLE_WORKDIR }}/id_rsa.pub"
        dest: "/{{ ansible_user_dir }}/.ssh/"
        mode: 0640