Restructure public key install to use vars instead of fileglobs

playbooks/update-users-local.yml

@@ -122,9 +122,10 @@
             path: /home/{{ item.name }}/.ssh
           loop: "{{ local_users | difference([None]) }}"
         - name: Put keys on remote
+          when: item.keys != []
           authorized_key:
             user: "{{ item.name }}"
-            key: "{{ lookup('pipe','cat keys/' + item.name + '/*') if item.name != 'root' else '' }}"
+            key: "{{ item.sshkeys | join('\n') }}"
             state: present
             exclusive: yes
           loop: "{{ local_users | difference([None]) }}"
@@ -141,6 +142,8 @@
 
 - hosts: all
   name: Disable SSH password authentication
+  tags:
+    - always
   tasks:
     - import_tasks: tasks/sshd/disable-password-auth.yml
       when: enable_ssh_password_auth|bool == false