---
- name: Create dot-SSH directory for monitoring user
  file:
    path: "{{ monitored_homedir }}/.ssh/"
    state: directory
    owner: "{{ monitored_user }}"
    group: "{{ monitored_group }}"
    mode: 0700

- name: Copy SSH authorized_keys for monitoring user
  authorized_key:
    user: "{{ monitored_user }}"
    key: "{{ lookup('file', item) }}"
    key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}'
  with_items: "{{ monitored_ssh_key_files }}"

- name: Copy SSH wrapper
  copy:
    src: "{{ monitored_ssh_key_wrapper_src }}"
    dest: "{{ monitored_ssh_key_wrapper }}"
    owner: "{{ monitored_ssh_key_wrapper_owner }}"
    group: "{{ monitored_group }}"
    mode: "{{ monitored_ssh_key_wrapper_mode }}"
    backup: yes
  when: monitored_ssh_key_wrapper_src|default(null)