public-health-ch/ansible/roles/dev-sec.ssh-hardening/tasks/ca_keys_and_principals.yml

---
- name: Set ssh CA pub keys
  template:
    src: 'trusted_user_ca_keys.j2'
    dest: '{{ ssh_trusted_user_ca_keys_file }}'
    mode: '0644'
    owner: '{{ ssh_owner }}'
    group: '{{ ssh_group }}'
  notify: restart sshd

- name: Create ssh authorized principals directories
  file:
    path: '{{ item.path | dirname }}'
    mode: '{{ item.directorymode | default(0700) }}'
    owner: '{{ item.directoryowner | default(ssh_owner) }}'
    group: '{{ item.directorygroup | default(ssh_group) }}'
    state: directory
  with_items: '{{ ssh_authorized_principals }}'

- name: Set ssh authorized principals
  template:
    src: 'authorized_principals.j2'
    dest: '{{ item.path }}'
    mode: '{{ item.filemode | default(0600) }}'
    owner: '{{ item.owner| default(ssh_owner) }}'
    group: '{{ item.group | default(ssh_group) }}'
  with_items: '{{ ssh_authorized_principals }}'