---
- name: Gather ssh fingerprints
  hosts: all
  tasks:
  - name: get pubkey files
    ansible.builtin.fetch:
      src: "/etc/ssh/ssh_host_{{ item }}_key.pub"
      dest: "fingerprints/{{ ansible_hostname }}_{{ item }}.pub"
      flat: true
    loop:
      - rsa
      - ed25519

  - name: template ssh_known_hosts
    ansible.builtin.template:
      src: files/ssh_known_hosts.j2
      dest: files/ssh_known_hosts
      mode: '660'
    run_once: true
    delegate_to: localhost