--- - name: Create and configure users user: name: '{{ item.name }}' shell: '{{ item.shell | default("/bin/bash") }}' password: '{{ item.password | default(omit) }}' update_password: on_create groups: '{{ item.groups | default([]) }}' state: '{{ item.state | default("present") }}' with_items: '{{ users }}' - name: Ensure .ssh directory file: dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh' state: directory mode: 0700 owner: '{{ item.name }}' group: '{{ item.name }}' when: '{{ item.state | default("present") == "present" }}' with_items: '{{ users }}' - name: Install SSH keys for user copy: content: '{{ item.ssh_key }}' dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh/authorized_keys' mode: 0600 owner: '{{ item.name }}' group: '{{ item.name }}' when: item.ssh_key is defined with_items: '{{ users }}' - name: Install Github SSH keys for user get_url: url: 'https://github.com/{{ item.github_key_user }}.keys' dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh/authorized_keys' force: yes mode: 0600 owner: '{{ item.name }}' group: '{{ item.name }}' when: item.github_key_user is defined and item.ssh_key is not defined with_items: '{{ users }}' - name: Set up sudo access for user copy: content: | {{ item.name }} ALL=(ALL) NOPASSWD: ALL dest: '/etc/sudoers.d/{{ item.name }}' when: item.sudo is defined and item.sudo with_items: '{{ users }}' - name: Revoke sudo access for user file: dest: '/etc/sudoers.d/{{ item.name }}' state: absent when: item.sudo is not defined or not item.sudo with_items: '{{ users }}' ...