- name: retrieve all existing users command: cut -d ":" -f 1 /etc/passwd register: sshd_users changed_when: false - name: convert retrieved users to list set_fact: sshd_users: "{{ sshd_users.stdout_lines }}" - name: get ssh keys for all user find: paths: "{{ inventory_dir }}/files/keys" pattern: "*.pub" recurse: true file_type: link register: keys run_once: true delegate_to: localhost - name: show pubkeys debug: msg: | {% for key in keys.files %} {{ key.path }} {% endfor %} run_once: true delegate_to: localhost - name: synchronize ssh keys authorized_key: user: "{{ item.path | dirname | basename }}" state: present key: "{{ lookup('file', item.path) }}" when: item.path | dirname | basename in sshd_users loop: "{{ keys.files }}" loop_control: label: "{{ item.path }}" - name: get users homedir shell: echo $(getent passwd "{{ item.path | dirname | basename }}" | cut -d ":" -f 6) "{{ item.path | dirname | basename }}" register: sshd_homedirs when: item.path | dirname | basename in sshd_users loop: "{{ keys.files }}" changed_when: false loop_control: label: "{{ item.path | dirname | basename }}" - name: clean users homedir result set_fact: sshd_homedirs: "[{% for dir in sshd_homedirs.results if dir.stdout is defined %}\"{{ dir.stdout }}\", {% endfor %}]" - name: make users homedir unique set_fact: sshd_homedirs: "{{ sshd_homedirs | unique }}" - name: show sshd homedirs for users debug: var: sshd_homedirs - name: chown ssh file to correct user file: path: "{{ item.split(' ')[0] }}/.ssh/authorized_keys" owner: "{{ item.split(' ')[1] }}" mode: "0600" ignore_errors: true when: item.split(" ")[1] in sshd_users loop: "{{ sshd_homedirs }}" loop_control: label: "{{ item }}"