- docker_container:
    name: '{{ mysqldump_sshd_container_name }}'
    image: '{{ mysqldump_sshd_container_image }}'
    env:
      SSH_CLIENT_PUBLIC_KEYS: '{{ mysqldump_sshd_client_public_keys }}'
      MYSQLDUMP_ARGS: '{{ mysqldump_sshd_mysqldump_args }}'
    read_only: yes
    mounts:
    - type: volume
      source: '{{ mysqldump_sshd_container_name }}_host_keys'
      target: /etc/ssh/host_keys
      read_only: no
    - type: tmpfs
      target: /home/dump/.ssh # authorized_keys
      tmpfs_size: 16k
      tmpfs_mode: '1777'
    networks: [name: '{{ mysqldump_sshd_network_name }}']
    purge_networks: yes
    published_ports: ['0.0.0.0:{{ mysqldump_sshd_published_port }}:2200']
    cap_drop: [ALL]
    security_opts: [no-new-privileges]
    cpu_quota: 2000
    cpu_period: 10000
    memory: 64M
    restart_policy: unless-stopped
    state: started
  register:  _container
- name: wait for host keys
  wait_for:
    path: >-
      {{ (_container.container.Mounts
          | items2dict(key_name='Destination', value_name='Source'))
         ['/etc/ssh/host_keys'] }}/{{ item }}.pub
  loop: [rsa, ed25519]
  register: _host_keys_files
- name: read host keys
  slurp:
    src: '{{ item }}'
  loop: "{{ _host_keys_files.results | map(attribute='path') | list }}"
  register: _host_keys_base64
- name: decode host keys
  set_fact:
    mysqldump_sshd_host_keys: >-
      {{ _host_keys_base64.results | map(attribute='content') | map('b64decode') | map('trim') | list }}