misc/ssh_tg_notify: Lookup user id of root dynamically

roles/misc/ssh_tg_notify/defaults/main.yml

@@ -3,6 +3,7 @@
 notify_directory: "{{ global_deployment_directory }}/ssh_notify"
 notify_script: "{{ notify_directory }}/telegram.sh"
 notify_cache_directory: "{{ notify_directory }}/cache"
+notify_users_directory: "{{ notify_directory }}/users"
 
 # recipient_id
 bot_key: "{{ global_telegram_server_bot_key }}"

roles/misc/ssh_tg_notify/tasks/main.yml

@@ -17,6 +17,15 @@
   loop:
     - "{{ notify_directory }}"
     - "{{ notify_cache_directory }}"
+    - "{{ notify_users_directory }}"
+
+- name: Configure recipient id for root user
+  ansible.builtin.template:
+    src: root_id.j2
+    dest: "{{ notify_users_directory }}/root"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
 
 - name: Install notify script
   template:

roles/misc/ssh_tg_notify/templates/notify.sh

@@ -1,12 +1,17 @@
 #!/bin/bash
 # Modified version, original source: https://gitlab.com/snippets/1871482#note_188602535
 
+USER_ID_DIR={{ notify_users_directory | quote }}
 CACHE_DIR={{ notify_cache_directory | quote }}
-USERID={{ recipient_id | quote }}
 KEY={{ bot_key | quote }}
 
 TIMEOUT={{ timeout | quote }}
 
+getUserId() {
+    USER_CONF="${USER_ID_DIR}/$1"
+    [[ -r "$USER_CONF" ]] && head -n 1 "$USER_CONF"
+}
+
 URL="https://api.telegram.org/bot$KEY/sendMessage"
 sendMessage() {
     curl -s --max-time "$TIMEOUT" -H "Content-Type: application/x-www-form-urlencoded" -d "chat_id=$1" -d "disable_web_page_preview=1" -d "parse_mode=Markdown" -d "text=$2" "$URL" >/dev/null
@@ -25,5 +30,6 @@ if [[ "$PAM_SERVICE" == "sshd" && "$PAM_TYPE" == "open_session" && "$PAM_USER" !
     HOSTNAME=$(hostname --fqdn)
     TEXT="Successful login from [$IP](https://stat.ripe.net/app/$IP) for ${PAM_USER} @ ${HOSTNAME} ($(date "+%Y-%m-%d %H:%M"))"
     # send to root
-    sendMessage "$USERID" "$TEXT"
+    ROOT_USER_ID="$(getUserId root)"
+    sendMessage "$ROOT_USER_ID" "$TEXT"
 fi