Add media user to audio server for Kodi mounting of music files.

public_keys/media-root

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfJDmO865V64xeAXlB7ITSyA/YHlH/Yx6sQFGu52P2fDlC03yFVf9tThvOAMbcqbCLlVmHlN/cpgLIr3Q/h/e1Bpmjesyi5BmvwWpZRXAWDmBkATha7d113JoYdh7TZnjdW1HudoMGmFvaXp/1DOdxM5klSjMyi5hcc1WYADVMFBEuGJRgw1nyuwtt9O5c9f3zRXAL6N6ksPkS4dITKZkbNgMGLScqzknwtOK6iBABXzINTjQyqZBktCX+aQU0X3Mk4Xiib4pI2JrJBO0bhbf6e376nAjuTf4u7rMUijLtTtPpyBC721a1/GoRThTyz4Y1ebbIcE97urpqMAd39I0X root@media

roles/audio_server/meta/main.yml

@@ -1,3 +1,4 @@
 dependencies:
   - role: docker_compose
   - role: web_server
+  - role: common

roles/audio_server/tasks/main.yml

@@ -1,3 +1,43 @@
+# For media server SFTP access to audio files.
+- name: create user media
+  user: name=media
+        append=yes
+        password="*"
+  tags:
+    - audio_server
+
+- name: lock down SSH options for media
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "{{ item }}"
+  with_items:
+    - "Match User media"
+    - "        ForceCommand internal-sftp"
+    - "        PubkeyAuthentication yes"
+    - "        AuthorizedKeysFile /home/media/.ssh/authorized_keys"
+  notify: reload SSH
+  tags:
+    - audio_server
+
+- name: passwordless SSH for media
+  authorized_key:
+    user: media
+    key: "{{ item }}"
+  with_file:
+    - public_keys/media-root
+  tags:
+    - audio_server
+
+# Help prevent SFTP breakouts.
+- name: remove user media write access to its home directory
+  file:
+    path: /home/media
+    state: directory
+    mode: '0500'
+    recurse: yes
+  tags:
+    - audio_server
+
 - name: run audio_server containers
   docker_compose:
     project_name: audio_server