common/users: rework the ssh keys handling

Signed-off-by: Mattia Rizzolo <mattia@debian.org>

roles/common/tasks/users.yml

@@ -42,14 +42,50 @@
     - "{{ handled_users }}"
     - extra_groups
 
-- name: set ssh keys for admin users
+- name: Install the ssh keys
   authorized_key:
-    user: "{{ item }}"
-    key: "{{ admin_users[item] }}"
+    user: "{{ item.0.name }}"
+    key: "{{ item.1.key }}"
+    comment: "{{ item.1.comment | default(None) }}"
+    state: "{{ item.1.state }}"
+    path: /etc/ssh/authorized_keys/{{ item.0.name }}
+    manage_dir: no
+  with_subelements:
+     - "{{ handled_users }}"
+     - keys
 
-    exclusive: true
-    state: present
+- name: Install the ssh keys for the management user
+  authorized_key:
+    user: manager
+    key: "{{ item.1.key }}"
+    comment: "{{ item.1.comment | default(None) }}"
+    state: "{{ item.1.state }}"
+    path: /etc/ssh/authorized_keys/manager
+    manage_dir: no
+  with_subelements:
+    - "{{ handled_users }}"
+    - keys
+  when:
+    - item.0.name in admin_users
 
-  with_items: "{{ admin_users.keys() }}"
 
+- name: "Change the owner of /etc/ssh/authorized_keys... bug: http://git.io/t1zSKA"
+  file:
+    path: /etc/ssh/authorized_keys
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+- name: list files in /etc/authorized_keys, then I'll chown/chmod them
+  command: ls -1 /etc/ssh/authorized_keys/
+  register: dumpfiles
+  changed_when: false
+- name: "Change the owner of /etc/ssh/authorized_keys/*... bug: http://git.io/t1zSKA"
+  file:
+    path: /etc/ssh/authorized_keys/{{ item }}
+    state: file
+    owner: root
+    group: root
+    mode: 0644
+  with_items: "{{ dumpfiles.stdout_lines }}"