- name: Add backup share user
  user:
    name: "{{ backup_share_user }}"
    create_home: false
    password: '!'
    shell: /sbin/nologin
    system: true
- name: Add backup control user
  user:
    name: "{{ backup_control_user }}"
    password: '!'
    shell: /usr/bin/sh
    system: true
    groups: "libvirt"
- name: Copy control script
  copy:
    src: "backup_control.sh"
    dest: "/home/{{ backup_control_user }}/control.sh"
    owner: "{{ backup_control_user }}"
    group: "{{ backup_control_user }}"
    mode: u=rx,g=rx,o=rx
- name: Add backup user principals file
  copy:
    dest: "/etc/ssh/backup_principals"
    content: "backup"
- name: Install user CA
  copy:
    dest: "/etc/ssh/user_ca_key.pub"
    content: "{{ user_ca }}"
- name: Copy ssh config for backup user
  template:
    src: "sshd.conf.j2"
    dest: "/etc/ssh/sshd_config.d/custom.conf"
  notify: restart sshd