fix: config ssh client config

tasks/create_unix_user.yml

@@ -71,13 +71,57 @@
     owner: "{{ unix_user.key }}"
     group: "{{ unix_user.value.group | default('users') }}"
     mode: 0600
-  when: unix_user.value.ssh_keys is defined and unix_user.value.ssh_keys.public | length > 0
+  when: unix_user.value.ssh.authorized_keys is defined and unix_user.value.ssh.authorized_keys | length > 0
 
 - name: Remove authorized_keys file for user {{ unix_user.key }}
   file:
     path: "{{ user_user_home }}/.ssh/authorized_keys"
     state: absent
-  when: unix_user.value.ssh_keys.public is not defined or unix_user.value.ssh_keys.public | length <= 0
+  when: unix_user.value.ssh.authorized_keys is not defined or unix_user.value.ssh.authorized_keys | length <= 0
+
+- name: Create private SSH keys for user {{ unix_user.key }}
+  copy:
+    src: "{{ playbook_dir }}/ssh/private_keys/{{ item }}"
+    dest: "{{ user_user_home }}/.ssh/{{ item }}"
+    owner: "{{ unix_user.key }}"
+    group: "{{ unix_user.value.group | default('users') }}"
+    mode: 0600
+  with_items:
+  - "{{ unix_user.value.ssh.private_keys }}"
+  when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
+
+- name: Extract public SSH keys from private keys for user {{ unix_user.key }}
+  command: "ssh-keygen -y -f {{ user_user_home }}/.ssh/{{ item }} > {{ user_user_home }}/.ssh/{{ item }}.pub"
+  args:
+    creates: "{{ user_user_home }}/.ssh/{{ item }}.pub"
+  with_items:
+  - "{{ unix_user.value.ssh.private_keys }}"
+  when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
+
+- name: Correct permissions of public SSH keys for user {{ unix_user.key }}
+  file:
+    path: "{{ user_user_home }}/.ssh/{{ item }}.pub"
+    owner: "{{ unix_user.key }}"
+    group: "{{ unix_user.value.group | default('users') }}"
+    mode: 0644
+  with_items:
+  - "{{ unix_user.value.ssh.private_keys }}"
+  when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
+
+- name: Create custom SSH client config for user {{ unix_user.key }}
+  template:
+    src: config.j2
+    dest: "{{ user_user_home }}/.ssh/config"
+    owner: "{{ unix_user.key }}"
+    group: "{{ unix_user.value.group | default('users') }}"
+    mode: 0644
+  when: unix_user.value.ssh.config is defined and unix_user.value.ssh.config | length >= 0
+
+- name: Remove custom SSH client config for user {{ unix_user.key }}
+  file:
+    path: "{{ user_user_home }}/.ssh/config"
+    state: absent
+  when: unix_user.value.ssh.config is not defined
 
 - name: Create .forward file to forward emails for user {{ unix_user.key }}
   template:

tasks/main.yml

@@ -1,15 +1,5 @@
 ---
 
-- name: Remove unix groups
-  include_tasks: remove_unix_group.yml
-  with_dict: "{{ unix_groups }}"
-  loop_control:
-    loop_var: unix_group
-  when: unix_groups is defined and
-        unix_groups | length > 0 and
-        unix_group.value.state is defined and
-        unix_group.value.state == 'absent'
-
 - name: Remove unix user
   include_tasks: remove_unix_user.yml
   with_dict: "{{ unix_users }}"
@@ -20,6 +10,16 @@
         unix_user.value.state is defined and
         unix_user.value.state == 'absent'
 
+- name: Remove unix groups
+  include_tasks: remove_unix_group.yml
+  with_dict: "{{ unix_groups }}"
+  loop_control:
+    loop_var: unix_group
+  when: unix_groups is defined and
+        unix_groups | length > 0 and
+        unix_group.value.state is defined and
+        unix_group.value.state == 'absent'
+
 - name: Create unix groups
   include_tasks: create_unix_group.yml
   with_dict: "{{ unix_groups }}"

tasks/remove_unix_group.yml

@@ -2,5 +2,5 @@
 
 - name: Remove unix group {{ unix_group.key }}
   group:
-    name: "{{ unix_group.value.name }}"
+    name: "{{ unix_group.key }}"
     state: absent

tasks/remove_unix_user.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Remove unix user {{ unix_user.key }}
-  group:
-    name: "{{ unix_user.value.name }}"
+  user:
+    name: "{{ unix_user.key }}"
     state: absent
     remove: yes