--- - name: Set groups as list ansible.builtin.set_fact: groups_as_list: "{{ (((item.groups) | list) | sort) | unique }}" loop: "{{ users }}" when: item.groups is defined no_log: true - name: Ensure groups exist ansible.builtin.group: name: "{{ item }}" state: present loop: '{{ groups_as_list }}' when: groups_as_list is defined no_log: true - name: Ensure users exist ansible.builtin.user: name: "{{ item.username }}" uid: "{{ item.uid | default(omit) }}" shell: "{{ item.shell | default('/bin/bash') }}" password: "{{ item.password }}" update_password: "{{ item.update_password | default(omit) }}" groups: "{{ item.groups | default(omit) }}" createhome: "{{ item.createhome | default('yes') }}" state: "{{ item.state | default('present') }}" loop: '{{ users }}' no_log: true - name: Ensure user ssh-keys exist ansible.posix.authorized_key: user: "{{ item.username }}" key: "{{ item.public_ssh_key }}" state: present when: item.public_ssh_key is defined loop: '{{ users }}' no_log: true - name: Ensure users are added to sudoers ansible.builtin.lineinfile: dest: /etc/sudoers state: present regexp: '^{{ item.username }} ' line: "{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if (item.allow_passwordless_sudo | d(false)) else '' }}ALL" validate: 'visudo -cf %s' when: item.allow_sudo|default(false) and item.allow_sudo is defined loop: '{{ users }}' no_log: true