---
- name: Verify base image exists
  stat:
    path: "{{ base_image_path }}"
  register: base_image_stat
  failed_when: not base_image_stat.stat.exists

- name: Ensure golden image directory exists
  file:
    path: "{{ golden_image_path | dirname }}"
    state: directory
    mode: '0755'
  become: true

- name: Copy base image to golden image
  copy:
    src: "{{ base_image_path }}"
    dest: "{{ golden_image_path }}"
    remote_src: true
    mode: '0644'
  become: true

- name: Customize golden image
  command: >
    virt-customize -a {{ golden_image_path }}
    --install perl,git,wget,tar,openssh-server,vim
    --run-command 'useradd -m rocky 2>/dev/null || true'
    --run-command 'echo "rocky:rockypass" | chpasswd'
    --run-command 'echo "rocky ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/rocky'
    --run-command 'chmod 0440 /etc/sudoers.d/rocky'
    --run-command 'systemctl enable sshd'
    --ssh-inject root:file:{{ ssh_public_key_path }}
    --ssh-inject rocky:file:{{ ssh_public_key_path }}
    --root-password password:{{ root_password }}
    --selinux-relabel
  environment:
    LIBGUESTFS_BACKEND: direct
  become: true