Deploy ssh authorized keys

defaults/main.yml

@@ -8,6 +8,8 @@ php_tenants: {}
 #   fpm_pool:
 #     <pool option>: ...
 
+php_tenant_ssh_keys: {}
+
 php_tenants_fpm_pool_defaults:
   # Overwritten in template:
   #user: www-{{ tenant.name }}

tasks/main.yml

@@ -1,3 +1,11 @@
+- name: Create ssh key directory
+  ansible.builtin.file:
+    path: /etc/ssh/www_authorized_keys
+    owner: root
+    group: root
+    state: directory
+    mode: "0755"
+
 - name: Setup tenants
   loop: "{{ php_tenants|dict2items(key_name='name', value_name='options') }}"
   loop_control:

tasks/tenant.yml

@@ -40,3 +40,11 @@
     name: 'www-{{ tenant.name }}'
     priv: 'www-{{ tenant.name }}-%.*:ALL PRIVILEGES'
     plugin: unix_socket
+
+- name: 'Write ssh authorized_keys file for user www-{{ tenant.name }}'
+  ansible.builtin.template:
+    src: ssh_authorized_keys.j2
+    dest: "/etc/ssh/www_authorized_keys/www-{{ tenant.name }}"
+    owner: root
+    group: 'www-{{ tenant.name }}'
+    mode: 0640

templates/ssh_authorized_keys.j2

@@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+{% for key_name in tenant.options.ssh_keys|d([]) %}
+#{{ key_name }}
+{{ php_tenant_ssh_keys[key_name] }}
+
+{% endfor %}