ansible-experiments/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml

---
- name: Check if user has ~/.ssh/config
  stat:
    path: "/home/{{ item.name }}/.ssh/config"
  with_items: "{{ users }}"
  register: sshconfig


- name: Create ~/.ssh/config when absent
  file:
    path: "/home/{{ item.item.name }}/.ssh/config"
    owner: "{{ item.item.name }}"
    group: "{{ item.item.name }}"
    mode: 0600
    state: touch
  when: item.stat.exists == False and item.item.state == "present"
  with_items:
    - "{{ sshconfig.results }}"
  no_log: True


- name: Configure ~/.ssh/config
  blockinfile:
    path: "/home/{{ item.0.name  }}/.ssh/config"
    owner: "{{ item.0.name }}"
    group: "{{ item.0.name }}"
    mode: 0600
    marker: "# {mark} ANSIBLE MANAGED BLOCK"
    content: |
      {% for host in groups['all'] -%} 
      Host {{ hostvars[host]['ssh_short_name'] }}
          Hostname {{ hostvars[host]['inventory_hostname'] }}
          RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
          RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
      {% for k,v  in item.1.items() %}
      {% if k|lower != "host" and k|lower != "hostname" %}
          {{k}} {{v}}
      {% endif %}
      {% endfor %}
      {% endfor %}      
  with_subelements:
    - "{{ users }}"
    - ssh_config
    - skip_missing: true
  when: item.0.state == "present"