--- - name: Set groups as list ansible.builtin.set_fact: groups_as_list: "{{ (((item.groups) | list) | sort) | unique }}" loop: "{{ users }}" when: item.groups is defined become: false no_log: true - name: Ensure groups exist ansible.builtin.group: name: "{{ item }}" state: present loop: '{{ groups_as_list }}' when: groups_as_list is defined no_log: true - name: Ensure users exist ansible.builtin.user: name: "{{ item.username }}" uid: "{{ item.uid | default(omit) }}" shell: "{{ item.shell | default('/bin/bash') }}" password: "{{ item.password }}" update_password: "{{ item.update_password | default(omit) }}" groups: "{{ item.groups | default(omit) }}" createhome: "{{ item.createhome | default('yes') }}" state: "{{ item.state | default('present') }}" loop: '{{ users }}' #no_log: true - name: Ensure user ssh-keys exist ansible.posix.authorized_key: user: "{{ item.username }}" key: "{{ item.public_ssh_key }}" state: "{{ item.state | default('present') }}" when: item.public_ssh_key is defined loop: '{{ users }}' #no_log: true - name: Ensure users are added to sudoers community.general.sudoers: name: "users-sudo-{{ item.username }}" state: "{{ item.state | default('present') }}" user: "(ALL)" commands: "ALL" host: "ALL" nopassword: "{{ item.allow_passwordless_sudo }}" validation: absent #todo required loop: '{{ users }}' when: item.allow_sudo|default(false) and item.allow_sudo is defined #no_log: true