# eventually define authorized_keys_root in inventory/group_vars/

  - name: root user
    ansible.builtin.user:
      name: root
      shell: /bin/bash
    diff: true

  - name: root ssh dir
    ansible.builtin.file:
      path: /root/.ssh
      state: directory
      owner: root
      mode: 0700
    diff: true

  - name: root authorized keys
    ansible.builtin.blockinfile:
      block: "{{authorized_keys_root}}\n"
      path: /root/.ssh/authorized_keys
      owner: root
      mode: 0600
    diff: true