fix: support ssh allowedSignersFile and revocationFile

defaults/main.yml

@@ -5,6 +5,10 @@ git_package_name_merge_tool: meld
 
 git_users: []
   # github:
+  #   allowedSignersFile:
+  #   - principals:
+  #     - max.mustermann@example.com
+  #     publicSSHKey: ssh-rsa AAAAX1...
   #   config:
   #     commit:
   #       gpgSign: "true"
@@ -12,3 +16,5 @@ git_users: []
   #       name: "root"
   #       email: root@localhost
   #       signingKey: gpg-fingerprint
+  #   revocationFile:
+  #   - ssh-rsa AAAAX1...

tasks/git_user.yml

@@ -21,8 +21,10 @@
     group: "{{ getent_passwd[item.key][2] }}"
     mode: "0644"
   with_items:
+  - .config/git/allowedSignersFile
   - .config/git/config
   - .config/git/message
   - .config/git/ignore
+  - .config/git/revocationFile
   loop_control:
     loop_var: filename

templates/.config/git/allowedSignersFile.j2

@@ -0,0 +1,9 @@
+#
+# {{ ansible_managed }}
+#
+
+{% if item.value.allowedSignersFile is defined and item.value.allowedSignersFile | length > 0%}
+{% for entry in item.value.allowedSignersFile %}
+{{ entry.principals | join(',') }} {{ entry.publicSSHKey }}
+{% endfor %}
+{% endif %}

templates/.config/git/revocationFile.j2

@@ -0,0 +1,9 @@
+#
+# {{ ansible_managed }}
+#
+
+{% if item.value.revocationFile is defined and item.value.revocationFile | length > 0%}
+{% for entry in item.value.revocationFile %}
+{{ entry }}
+{% endfor %}
+{% endif %}