- name: Configura container LXC
  hosts: lxc_containers
  vars:
    ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
  gather_facts: false
  become: yes

  tasks:
    - name: Ensure SSH is installed
      ansible.builtin.apt:
        name: openssh-server
        state: present
        update_cache: yes


    - name: Ensure SSH is running
      ansible.builtin.systemd:
        name: ssh
        state: started
        enabled: yes


    - name: Configure SSH to allow root login
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^#?PermitRootLogin'
        line: 'PermitRootLogin yes'
      notify: Restart SSH


    - name: Disable DNS lookup to speed up SSH login
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^#?UseDNS'
        line: 'UseDNS no'
      notify: Restart SSH

        
    - name: Ensure .ssh directory exists
      ansible.builtin.file:
        path: /root/.ssh
        state: directory
        mode: '0700'
        owner: root
        group: root


    - name: Install authorized_keys for root
      ansible.builtin.copy:
        dest: /root/.ssh/authorized_keys
        content: "{{ ssh_public_key }}"
        mode: '0600'
        owner: root
        group: root


    - name: Configure SSH for key-only root login
      ansible.builtin.blockinfile:
        path: /etc/ssh/sshd_config
        block: |
          PermitRootLogin prohibit-password
          PasswrodAuthentication no
          UseDNS no
        notify:  Restart SSH




  handlers:
    - name: Restart SSH
      ansible.builtin.service:
        name: ssh
        state: restarted