- block:
    - name: ensure ansible key directory exists
      file:
        path: "{{ (ansible_dir, ansible_key_dir) | path_join }}"
        state: directory
        mode: 0400


    - name: ensure ssh key for this host exists
      community.crypto.openssh_keypair:
        path: "{{ (ansible_dir, ansible_key_dir, inventory_hostname) | path_join }}"
        comment: "{{ inventory_hostname }} ssh key for ansible management"
        mode: 0400
        regenerate: full_idempotence
        type: ed25519
      register: host_ssh_key


    - name: fail if public key is missing
      fail:
        msg: public key is missing
      when: host_ssh_key.public_key is not defined

  delegate_to: localhost