add wordpress SSH user for uploads

roles/wordpress/tasks/main.yml

@@ -1,27 +1,45 @@
 ---
+- name: Create wordpress group
+  group:
+    name: "{{ wordpress_group }}"
+    state: present
+    system: true
+  when: wordpress_group != "root"
+
+- name: Create wordpress user
+  user:
+    name: "{{ wordpress_user }}"
+    group: "{{ wordpress_group }}"
+    groups: "{{ wordpress_group }}"
+    append: true
+    shell: /bin/bash
+    create_home: true
+
+- name: Set authorized keys for wordpress user
+  authorized_key:
+    user: "{{ wordpress_user }}"
+    key: "{{ lookup('file', 'public_keys.pub') }}"
+    state: present
+    exclusive: false  # removing all the authorized keys already set
+
+- name: Add {{ webserver_user }} user to {{ wordpress_group }} group
+  user:
+    name: "{{ webserver_user }}"
+    groups: "{{ wordpress_group }}"
+    append: true
+
 - name: Create wordpress directory
   file:
     path: "{{ wordpress_dir }}"
     state: directory
     owner: "{{ webserver_user }}"
-    group: "{{ webserver_group }}"
+    group: "{{ wordpress_group }}"
     mode: 0755
 
-- name: unpack latest wordpress version
-  unarchive:
-    remote_src: true
-    src: "https://wordpress.org/latest.tar.gz"
-    dest: "{{ wordpress_dir }}"
-    owner: "{{ webserver_user }}"
-    group: "{{ webserver_group }}"
-    creates: "{{ wordpress_dir }}/wp-config-sample.php"
-    extra_opts:
-      - --strip-components=1
-
 - name: Copy configuration file
   template:
     src: wp-config.php.j2
     dest: "{{ wordpress_dir }}/wp-config.php"
     owner: "{{ webserver_user }}"
-    group: "{{ webserver_group }}"
-    mode: 0600
+    group: "{{ wordpress_group }}"
+    mode: 0640