- name: Create CI group
  ansible.builtin.group:
    name: ci
    state: present

- name: Create CI user
  ansible.builtin.user:
    name: "{{ proxmox_ci_user_name }}"
    group: ci
    groups: "{{ proxmox_ci_user_groups }}"
    shell: "{{ proxmox_ci_user_shell }}"
    state: present
    create_home: yes
  when: proxmox_ci_user_name is defined and proxmox_ci_user_name | length > 0

- name: Add SSH keys for CI user
  ansible.posix.authorized_key:
    user: "{{ proxmox_ci_user_name }}"
    state: present
    key: "{{ item }}"
  loop: "{{ proxmox_ci_user_ssh_keys }}"
  when:
    - proxmox_ci_user_name is defined
    - proxmox_ci_user_name | length > 0
    - proxmox_ci_user_ssh_keys is defined
    - proxmox_ci_user_ssh_keys | length > 0

- name: Ensure image directory exists with correct permissions
  ansible.builtin.file:
    path: /var/lib/vz/dump
    state: directory
    owner: root
    group: ci
    mode: "0775" # rwxrwxr-x so 'ci' can write, others can read/execute