path: root/roles/sshd_keys/tasks/main.yml

---

- name: get ssh keys for all users
  ansible.builtin.find:
    paths: "{{ sshd_keys__dir }}"
    recurse: true
  delegate_to: localhost
  run_once: true
  register: sshd_keys__result_find

- name: retrieve existing users
  ansible.builtin.getent:
    database: passwd
  register: sshd_keys__result_getent

- name: set authorized key, removing all the authorized keys already set
  ansible.posix.authorized_key:
    user: "{{ item.path | basename }}"
    key: "{{ lookup('file', item.path) }}"
    state: present
    exclusive: true
  when: item.path
    | basename in sshd_keys__result_getent.ansible_facts.getent_passwd
    | list
  loop_control:
    label: "{{ item.path }}"
  loop: "{{ sshd_keys__result_find.files }}"