From cb6189507ab4f6c6db960105c69b69e92f7710c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Wed, 18 Jan 2023 21:06:51 +0100
Subject: feat(roles/sshd_keys): add argument specs

---
 roles/sshd_keys/defaults/main.yml | 13 +++++++++++++
 roles/sshd_keys/meta/main.yml     | 22 ++++++++++++++++++++++
 roles/sshd_keys/tasks/main.yml    | 29 +++++++++++++++++++++++++----
 3 files changed, 60 insertions(+), 4 deletions(-)
 create mode 100644 roles/sshd_keys/defaults/main.yml

(limited to 'roles/sshd_keys')

diff --git a/roles/sshd_keys/defaults/main.yml b/roles/sshd_keys/defaults/main.yml
new file mode 100644
index 0000000..1b97a4a
--- /dev/null
+++ b/roles/sshd_keys/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+
+sshd_keys_users: null
+sshd_keys_dir: files/keys
+sshd_keys_paths: "[
+    {% if sshd_keys_users is none %}
+    '{{ sshd_keys_dir }}',
+    {% else %}
+    {% for user in sshd_keys_users %}
+    '{{ sshd_keys_dir }}/{{ user }}',
+    {% endfor %}
+    {% endif %}
+  ]"
diff --git a/roles/sshd_keys/meta/main.yml b/roles/sshd_keys/meta/main.yml
index 46c62ed..e790d71 100644
--- a/roles/sshd_keys/meta/main.yml
+++ b/roles/sshd_keys/meta/main.yml
@@ -3,3 +3,25 @@
 dependencies:
   - role: sshd
     tags: dependency
+
+argument_specs:
+  main:
+    short_description: sshd_keys main entrypoint.
+    options:
+
+      sshd_keys_users:
+        type: list
+        elements: str
+        required: true
+        description: Users to be synced
+
+      sshd_keys_dir:
+        type: path
+        required: true
+        description: Local directory with public keys
+
+      sshd_keys_paths:
+        type: list
+        elements: path
+        required: true
+        description: Local directory with public keys
diff --git a/roles/sshd_keys/tasks/main.yml b/roles/sshd_keys/tasks/main.yml
index 32f6b5a..5d45e34 100644
--- a/roles/sshd_keys/tasks/main.yml
+++ b/roles/sshd_keys/tasks/main.yml
@@ -2,12 +2,33 @@
 
 - name: get ssh keys for all users
   ansible.builtin.find:
-    paths: files/keys
+    paths: "{{ sshd_keys_paths }}"
     file_type: link
     recurse: true
   delegate_to: localhost
   run_once: true
-  register: result
+  register: sshd_keys_result_find
+
+- name: set sshd_keys_found_users variable
+  ansible.builtin.set_fact:
+    sshd_keys_found_users: "{{ sshd_keys_result_find.files
+      | map(attribute='path')
+      | map('dirname')
+      | map('basename')
+      | unique }}"
+
+- name: create groups for users with ssh keys
+  ansible.builtin.group:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ sshd_keys_found_users }}"
+
+- name: create users with ssh keys
+  ansible.builtin.user:
+    name: "{{ item }}"
+    group: "{{ item }}"
+    state: present
+  loop: "{{ sshd_keys_found_users }}"
 
 - name: synchronize ssh keys
   ansible.posix.authorized_key:
@@ -15,6 +36,6 @@
     state: present
     key: "{{ lookup('file', item.path) }}"
   loop_control:
-    label: "{{ item.path }} -> user: {{ item.path | dirname | basename }}"
-  loop: "{{ result.files }}"
+    label: "{{ item.path }}: {{ item.path | dirname | basename }}"
+  loop: "{{ sshd_keys_result_find.files }}"
   failed_when: false
-- 
cgit v1.2.3