--- - name: set groups as list ansible.builtin.set_fact: groups_as_list: "{{ (groups_as_list | default([]) + item.groups.split(',')) | map('trim') | list | sort | unique }}" loop: '{{ users }}' when: item.groups is defined ignore_errors: true - name: create groups ansible.builtin.group: name: "{{ item }}" state: present loop: "{{ groups_as_list }}" when: groups_as_list is defined - name: create users ansible.builtin.user: name: "{{ item.username }}" uid: "{{ item.uid | default(omit) }}" shell: "{{ item.shell | default('/bin/bash') }}" password: "{{ item.password }}" update_password: "{{ item.update_password | default(omit) }}" groups: "{{ item.groups | default(omit) }}" createhome: "{{ item.createhome | default('yes') }}" state: "{{ item.state | default('present') }}" loop: '{{ users }}' - name: add ssh key ansible.posix.authorized_key: user: "{{ item.username }}" key: "{{ item.public_ssh_key }}" state: present when: item.public_ssh_key is defined loop: '{{ users }}' - name: add to sudoers ansible.builtin.lineinfile: dest: /etc/sudoers state: present regexp: '^{{ item.username }} ' line: "{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if (item.allow_passwordless_sudo | d(false)) else '' }}ALL" validate: 'visudo -cf %s' when: item.allow_sudo|default(false) and item.allow_sudo is defined loop: '{{ users }}'