---
- name: Distribute admin SSH keys
  hosts: all_nodes
  become: true
  tasks:
    - name: Ensure chester public key is present on all hosts
      ansible.posix.authorized_key:
        user: chester
        state: present
        key: "{{ lookup('file', '/home/chester/.ssh/id_ed25519.pub') }}"
        exclusive: false

    - name: Trust the watchtower host key
      ansible.posix.authorized_key:
        user: chester
        state: present
        key: "ssh-ed25519 AAAAC3Nza... (Pi's public key) ... chester@watchtower"