- name: Ensure .ssh folder is created
  file:
    path: "/home/{{item.name}}/.ssh"
    state: directory
    mode: 0700
    owner: "{{ item.name }}"
    group: "{{ item.name }}"
  with_items:
    - "{{ users }}"


- name: Configure authorized_keys
  authorized_key:
    user: "{{ item.0.name }}"
    key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}"
    state: "{{ item.1.state | default('present') }}"
  with_subelements:
    - "{{ users }}"
    -  keys


#- name: Check if user has ~/.ssh/config
#  stat:
#    path: "/home/{{ item.name }}/.ssh/config"
#  with_items: "{{ users }}"
#  register: sshconfig
#
#
#- name: Create ~/.ssh/config when absent
#  file:
#    path: "/home/{{ item.item.name }}/.ssh/config"
#    owner: "{{ item.item.name }}"
#    group: "{{ item.item.name }}"
#    mode: 0600
#    state: touch
#  when: item.stat.exists == False
#  with_items:
#    - "{{ sshconfig.results }}"
#  no_log: True
#
#- name: Configure ~/.ssh/config
#  blockinfile:
#    path: "/home/{{ item.name  }}/.ssh/config"
#    owner: "{{ item.name }}"
#    group: "{{ item.name }}"
#    mode: 0600
#    marker: "# {mark} ANSIBLE MANAGED BLOCK"
#    content: |
#        host {{ ansible_hostname }}
#          hostname {{ ansible_hostname }}
#          User {{ item.name }}
#          RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
#          RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
#          ServerAliveInterval 10
#  with_items:
#    - "{{ users }}"