# sshd ~~ roles/sshd/tasks/main.yml
# Create sshd configuration and restart daemon

---

- name: generate sshd configuration
  template:
    src: templates/sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: "{{ user_root }}"
    group: "{{ group_root }}"
    mode: 0644

- name: get ssh keys for all user
  find:
    paths: "{{ inventory_dir }}/files/pubkeys"
    pattern: "*.pub"
    recurse: true
    file_type: link
  register: keys
  delegate_to: localhost

- name: show pubkeys
  debug:
    msg: |
      {% for key in keys.files %}
      {{ key.path }}
      {% endfor %}

- name: synchronize ssh keys
  authorized_key:
    user: "{{ item.path | dirname | basename }}"
    state: present
    key: "{{ lookup('file', item.path) }}"
  ignore_errors: true
  loop: "{{ keys.files }}"

- name: chown ssh file to correct user
  file:
    path: "/home/{{ item.path | dirname | basename }}/.ssh/authorized_keys"
    owner: "{{ item.path | dirname | basename }}"
    mode: 0600
  ignore_errors: true
  loop: "{{ keys.files }}"

- name: restart sshd
  service:
    name: sshd
    state: restarted

- name: check ssh connection
  wait_for:
    port: 22
    delay: 1
    state: started