kita-pro/users.yaml

---

- hosts: servers:desktops:laptops
  remote_user: root
  roles:
    - name: root_user
    - name: users

- hosts: desktops:laptops
  remote_user: root
  tasks:
    - fetch:
        src: /etc/ssh/ssh_host_ed25519_key.pub
        dest: host_files/{{ inventory_hostname }}
    - name: /etc/ssh/ssh_config
      template:
        src: ssh_config.j2
        dest: /etc/ssh/ssh_config
    - name: /etc/ssh/ssh_known_hosts
      template:
        src: ssh_known_hosts.j2
        dest: /etc/ssh/ssh_known_hosts
        mode: 'u=rw,g=r,o=r'

- hosts:
    - servers
    - desktops
    - laptops
  remote_user: root
  tasks:

    - name: fetch ssh public keys
      fetch:
        src: /home/{{item}}/.ssh/id_ed25519.pub
        dest: host_files
        fail_on_missing: yes
      loop: "{{ users.keys() | list }}"

    - name: delete ssh known hosts user files
      shell: rm /home/*/.ssh/known_hosts
      failed_when: false

- hosts:
    - servers
  remote_user: root
  tasks:
    - name: read ssh public keys
      local_action: command fish -c 'cat host_files/*/home/{{item}}/.ssh/id_ed25519.pub'
      loop: "{{ users.keys() | list }}"
      register: _ssh_public_keys

    - name: authorize ssh public keys
      copy:
        content: "{{ _ssh_public_keys  | json_query(\"results[?item=='\"+item+\"'].stdout\") | join(\"\n\") }}"
        dest: /home/{{item}}/.ssh/authorized_keys
      loop: "{{ users.keys() | list }}"