# --- 
# sshkey.yml
#
# ssh-keyscan and copy your SSH key to hosts
#
# Parameters:
# targets: group in the inventory to use
# threads: number of simultaneous executions
# pubkey: file to hand off
# sshport (optional): override 22/tcp/ssh for Ansible control
#
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
#
- hosts: "{{ targets | default('all') }}"
  order: sorted
  serial: "{{ threads | default('8') }}"
  gather_facts: false
  ignore_unreachable: true
  vars: 
      ansible_ssh_port: "{{ sshport | default('22') }}" 
      keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
  vars_files:
     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"

  tasks:
      - name: Get key
        delegate_to: localhost
        command: "cat {{ keyfile }}"
        register: key

      # Thanks to https://gist.github.com/shirou/6928012
      - name: Ensure ssh host key known
        delegate_to: localhost
        lineinfile:
            dest: ~/.ssh/known_hosts
            create: yes
            state: present
            line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"

      - authorized_key:
            user: "{{ lookup('env','USER') }}"
            key: "{{ key.stdout }}"
            state: present
            exclusive: true
        name: "Pass authorized key"