ref: Install authorized keys per user

Instead of installing authorized keys globally (same for everybody), we
pass in the authorized_keys variable per user, and thus the installation
also takes place per user.

This makes much more sense and works with minimal refactoring.

roles/system/defaults/main.yaml

@@ -7,11 +7,10 @@ system_users:
       - marty
       - data
       - incus-admin
+    authorized_keys:
+      - "{{ lookup('file', '~/.ssh/keys/bob.pub') }}"
   - name: data
     groups:
       - data
     create_home: false
     shell: /sbin/nologin
-
-system_authorized_keys:
-  - "{{ lookup('file', '~/.ssh/keys/bob.pub') }}"

roles/system/tasks/main.yaml

@@ -63,10 +63,11 @@
 
 - name: Add authorized SSH keys
   ansible.posix.authorized_key:
-    user: marty # FIXME: don't hardoce user
+    user: "{{ item.name }}"
     state: present
-    key: "{{ item }}"
-  loop: "{{ system_authorized_keys }}"
+    key: "{{ item.authorized_keys }}"
+  loop: "{{ system_users }}"
+  when: system_users is defined and item.authorized_keys is defined
   tags:
     - ssh
   become: true