From cb3c7b1d4246c5b11d4a058ac220bc6932d675fd Mon Sep 17 00:00:00 2001
From: binary <me@rgoncalves.se>
Date: Thu, 11 Mar 2021 15:37:01 +0100
Subject: Remove .ssh dirs failures

---
 roles/sshd/tasks/main.yml | 51 +++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 43 insertions(+), 8 deletions(-)

diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index 1e1493d..da5100e 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -8,9 +8,17 @@
   template:
     src: templates/sshd_config.j2
     dest: /etc/ssh/sshd_config
-    owner: "{{ user_root }}"
-    group: "{{ group_root }}"
-    mode: 0644
+    owner: "0"
+    group: "0"
+    mode: "0644"
+
+- name: retrieve all existing users
+  shell: cut -d ":" -f 1 /etc/passwd
+  register: sshd_users
+
+- name: bind retrieved users output lines to list
+  set_fact:
+    sshd_users: "{{ sshd_users.stdout_lines }}"
 
 - name: get ssh keys for all user
   find:
@@ -27,22 +35,49 @@
       {% for key in keys.files %}
       {{ key.path }}
       {% endfor %}
+  run_once: true
+  delegate_to: localhost
 
 - name: synchronize ssh keys
   authorized_key:
     user: "{{ item.path | dirname | basename }}"
     state: present
     key: "{{ lookup('file', item.path) }}"
-  ignore_errors: true
+  when: item.path | dirname | basename in sshd_users
+  loop: "{{ keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: get users homedir
+  shell: echo $(getent passwd "{{ item.path | dirname | basename }}" | cut -d ":" -f 6) "{{ item.path | dirname | basename }}"
+  register: sshd_homedirs
+  when: item.path | dirname | basename in sshd_users
   loop: "{{ keys.files }}"
+  loop_control:
+    label: "{{ item.path | dirname | basename }}"
+
+- name: clean users homedir result
+  set_fact:
+    sshd_homedirs: "[{% for dir in sshd_homedirs.results if dir.stdout is defined %}\"{{ dir.stdout }}\", {% endfor %}]"
+
+- name: make users homedir unique
+  set_fact:
+    sshd_homedirs: "{{ sshd_homedirs | unique }}"
+
+- name: show sshd homedirs for users
+  debug:
+    var: sshd_homedirs
 
 - name: chown ssh file to correct user
   file:
-    path: "/home/{{ item.path | dirname | basename }}/.ssh/authorized_keys"
-    owner: "{{ item.path | dirname | basename }}"
-    mode: 0600
+    path: "{{ item.split(' ')[0] }}/.ssh/authorized_keys"
+    owner: "{{ item.split(' ')[1] }}"
+    mode: "0600"
   ignore_errors: true
-  loop: "{{ keys.files }}"
+  when: item.split(" ")[1] in sshd_users
+  loop: "{{ sshd_homedirs }}"
+  loop_control:
+    label: "{{ item }}"
 
 - name: restart sshd
   service:
-- 
cgit v1.2.3