SSH: Template authorized_keys file

ansible/plays/common.yaml

@@ -20,21 +20,15 @@
       register: pubkey
       ansible.builtin.command:
         cmd: "ssh-keygen -y -f {{ ansible_ssh_private_key_file }}"
-    - name: Deploy Machine SSH-Key
+    - name: Deploy SSH-Keys
-      ansible.posix.authorized_key:
+      vars:
-        user: "{{ ansible_user }}"
+        machine_key: "{{ pubkey.stdout }}"
-        state: present
+      ansible.builtin.template:
-        manage_dir: false
+        src: "authorized_keys.j2"
-        path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
+        dest: "/etc/ssh/authorized_keys/{{ ansible_user }}"
-        key: "{{ pubkey.stdout }}"
+        owner: root
-    - name: Deploy Common SSH-Keys
+        group: root
-      ansible.posix.authorized_key:
+        mode: '0644'
-        user: "{{ ansible_user }}"
-        state: present
-        manage_dir: false
-        path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
-        key: "{{ item }}"
-      loop: "{{ common.ssh.authorized_keys }}"
     - name: Ensure authorized_keys ownership
       ansible.builtin.file:
         state: directory

ansible/plays/templates/authorized_keys.j2

@@ -0,0 +1,4 @@
+{{ machine_key }}
+{% for key in common.ssh.authorized_keys %}
+{{ key }}
+{% endfor %}