- name: Create users
  loop: "{{ sftp_chroot }}"
  user:
        name: '{{ item.user }}'
        shell: /usr/bin/nologin
        home: '{{ item.home }}'
        password_lock: no
  tags:
        - users
        - sftp_chroot
- name: Configure OpenSSH daemon
  loop: "{{ sftp_chroot }}"
  blockinfile:
        path: /etc/ssh/sshd_config
        marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.user }}"
        block: |
                Match User seedbox
                AuthorizedKeysFile /etc/ssh/authorized_keys/{{ item.user }}
                ChrootDirectory {{ item.home }}
                ForceCommand internal-sftp
                AllowTcpForwarding no
                X11Forwarding no
                PasswordAuthentication no
  notify: Run service actions
  tags:
        - sftp_chroot
- name: Copy public keys
  loop: "{{ sftp_chroot }}"
  copy:
        follow: yes
        content: '{{ item.key }}'
        dest: '/etc/ssh/authorized_keys/{{ item.user }}'
  tags:
        - keys
        - sftp_chroot