---
- name: Read temporary public key.
  set_fact:
    tmp_pub_key: "{{ lookup('file', '.ssh/id_ed25519.pub') }}"

- name: Make sure tmp key is in authorized_keys.
  authorized_key:
    state: present
    user: root
    key: "{{ tmp_pub_key }}"
    manage_dir: true

- name: Disable password access.
  shell: |
    set -e
    passwd -d root
    passwd -l root
  changed_when: true