From 4c65e7d4cbc3e0bfee426c05e88690ea2a486673 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Fri, 10 Dec 2021 21:52:02 +0000
Subject: roles/sshd: Pass linter + correct directory for sync

---
 roles/sshd/tasks/sync_keys.yml        | 68 ----------------------------------
 roles/sshd/tasks/synchronize_keys.yml | 69 +++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+), 68 deletions(-)
 delete mode 100644 roles/sshd/tasks/sync_keys.yml
 create mode 100644 roles/sshd/tasks/synchronize_keys.yml

diff --git a/roles/sshd/tasks/sync_keys.yml b/roles/sshd/tasks/sync_keys.yml
deleted file mode 100644
index 73aa741..0000000
--- a/roles/sshd/tasks/sync_keys.yml
+++ /dev/null
@@ -1,68 +0,0 @@
-- name: retrieve all existing users
-  shell: cut -d ":" -f 1 /etc/passwd
-  register: sshd_users
-  changed_when: false
-
-- name: bind retrieved users output lines to list
-  set_fact:
-    sshd_users: "{{ sshd_users.stdout_lines }}"
-
-- name: get ssh keys for all user
-  find:
-    paths: "{{ inventory_dir }}/files/pubkeys"
-    pattern: "*.pub"
-    recurse: true
-    file_type: link
-  register: keys
-  delegate_to: localhost
-
-- name: show pubkeys
-  debug:
-    msg: |
-      {% for key in keys.files %}
-      {{ key.path }}
-      {% endfor %}
-  run_once: true
-  delegate_to: localhost
-
-- name: synchronize ssh keys
-  authorized_key:
-    user: "{{ item.path | dirname | basename }}"
-    state: present
-    key: "{{ lookup('file', item.path) }}"
-  when: item.path | dirname | basename in sshd_users
-  loop: "{{ keys.files }}"
-  loop_control:
-    label: "{{ item.path }}"
-
-- name: get users homedir
-  shell: echo $(getent passwd "{{ item.path | dirname | basename }}" | cut -d ":" -f 6) "{{ item.path | dirname | basename }}"
-  register: sshd_homedirs
-  when: item.path | dirname | basename in sshd_users
-  loop: "{{ keys.files }}"
-  changed_when: false
-  loop_control:
-    label: "{{ item.path | dirname | basename }}"
-
-- name: clean users homedir result
-  set_fact:
-    sshd_homedirs: "[{% for dir in sshd_homedirs.results if dir.stdout is defined %}\"{{ dir.stdout }}\", {% endfor %}]"
-
-- name: make users homedir unique
-  set_fact:
-    sshd_homedirs: "{{ sshd_homedirs | unique }}"
-
-- name: show sshd homedirs for users
-  debug:
-    var: sshd_homedirs
-
-- name: chown ssh file to correct user
-  file:
-    path: "{{ item.split(' ')[0] }}/.ssh/authorized_keys"
-    owner: "{{ item.split(' ')[1] }}"
-    mode: "0600"
-  ignore_errors: true
-  when: item.split(" ")[1] in sshd_users
-  loop: "{{ sshd_homedirs }}"
-  loop_control:
-    label: "{{ item }}"
diff --git a/roles/sshd/tasks/synchronize_keys.yml b/roles/sshd/tasks/synchronize_keys.yml
new file mode 100644
index 0000000..cb634a4
--- /dev/null
+++ b/roles/sshd/tasks/synchronize_keys.yml
@@ -0,0 +1,69 @@
+- name: retrieve all existing users
+  command: cut -d ":" -f 1 /etc/passwd
+  register: sshd_users
+  changed_when: false
+
+- name: convert retrieved users to list
+  set_fact:
+    sshd_users: "{{ sshd_users.stdout_lines }}"
+
+- name: get ssh keys for all user
+  find:
+    paths: "{{ inventory_dir }}/files/keys"
+    pattern: "*.pub"
+    recurse: true
+    file_type: link
+  register: keys
+  run_once: true
+  delegate_to: localhost
+
+- name: show pubkeys
+  debug:
+    msg: |
+      {% for key in keys.files %}
+      {{ key.path }}
+      {% endfor %}
+  run_once: true
+  delegate_to: localhost
+
+- name: synchronize ssh keys
+  authorized_key:
+    user: "{{ item.path | dirname | basename }}"
+    state: present
+    key: "{{ lookup('file', item.path) }}"
+  when: item.path | dirname | basename in sshd_users
+  loop: "{{ keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: get users homedir
+  shell: echo $(getent passwd "{{ item.path | dirname | basename }}" | cut -d ":" -f 6) "{{ item.path | dirname | basename }}"
+  register: sshd_homedirs
+  when: item.path | dirname | basename in sshd_users
+  loop: "{{ keys.files }}"
+  changed_when: false
+  loop_control:
+    label: "{{ item.path | dirname | basename }}"
+
+- name: clean users homedir result
+  set_fact:
+    sshd_homedirs: "[{% for dir in sshd_homedirs.results if dir.stdout is defined %}\"{{ dir.stdout }}\", {% endfor %}]"
+
+- name: make users homedir unique
+  set_fact:
+    sshd_homedirs: "{{ sshd_homedirs | unique }}"
+
+- name: show sshd homedirs for users
+  debug:
+    var: sshd_homedirs
+
+- name: chown ssh file to correct user
+  file:
+    path: "{{ item.split(' ')[0] }}/.ssh/authorized_keys"
+    owner: "{{ item.split(' ')[1] }}"
+    mode: "0600"
+  ignore_errors: true
+  when: item.split(" ")[1] in sshd_users
+  loop: "{{ sshd_homedirs }}"
+  loop_control:
+    label: "{{ item }}"
-- 
cgit v1.2.3