---

- name: Modify AllowUsers' sshd directive for {{ username }}
  replace:
    dest: /etc/ssh/sshd_config
    regexp: '^(AllowUsers ((?!{{ username }}).)*)$'
    replace: '\1 {{ username }}'
  notify:
    - reload ssh
  tags:
    - app_user

- name: Modify Match User's sshd directive for {{ username }}
  replace:
    dest: /etc/ssh/sshd_config
    regexp: '^(Match User ((?!{{ username }}).)*)$'
    replace: '\1,{{ username }}'
  notify:
    - reload ssh
  tags:
    - app_user

- name: Add public keys to {{ username }}
  authorized_key:
    user: '{{ username }}'
    key: '{{ item }}'
  with_file:
    - public_keys/jlecour.pub
  tags:
    - app_user