- name: Ajout de l'utilisateur site_SIGLE_SITE dans le group sftponly et modification du home
  ansible.builtin.user:
    name: "site_{{ SIGLE }}_{{ SITE }}"
    home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}"
    shell: /bin/false
    groups: sftponly
    append: true
    create_home: false

- name: Boucle création ou modifications du repertoire .ssh et vérif des permissions/owner du home
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: "{{ item.state }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  loop_control:
    label: "{{ item.path }}"
  loop:
    - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}"
      state: directory
      owner: 'root'
      group: 'www-data'
      mode: '2751'
    - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh"
      state: directory
      owner: "site_{{ SIGLE }}_{{ SITE }}"
      group: "site_{{ SIGLE }}_{{ SITE }}"
      mode: '2700'

- name: Création du fichier authorized_keys
  ansible.builtin.template:
    src: "templates/authorized_keys.j2"
    dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh/authorized_keys"
    owner: "site_{{ SIGLE }}_{{ SITE }}"
    group: "site_{{ SIGLE }}_{{ SITE }}"
    mode: '600'

# verif le serveur openssh est bien config et sinon le faire? + reload