---

- name: Ensure remote users for ansible exists
  user:
    name: '{{ item.name }}'
    state: present
    uid: '{{ item.user_id | default(omit) }}'
    #group: '{{ item.name | default(omit) }}'
    shell: '{{ item.shell|d("/bin/bash") }}'
    password: "{{ item.password }}"
    update_password: on_create
  with_items: '{{ ansible_remote_user }}'
  loop_control:
    label: ' user "{{ item.name }}" exists'
  tags:
    - ansible-remote-user

- name: Ensure ansible user is part of sudo group
  user:
    name: "{{ item.name }}"
    groups: sudo
    append: yes
  with_items: "{{ ansible_remote_user }}"
  loop_control:
    label: ' user "{{ item.name }}" is part of sudo group'
  tags:
    - sudo-users

- name: Ensure authorized_key files are present for ansible user
  authorized_key:
    user: "{{ item.name }}"
    key: "{{ ssh_keys_admin|join('\n') }}"
    state: present
  with_items:
    - '{{ ansible_remote_user }}'
  loop_control:
    label: ' authorized_key of user "{{ item.name }}" is present'
  tags:
    - authorized_key

- name: Ensure authorized_key files are present for user root
  authorized_key:
    user: root
    key: "{{ ssh_keys_admin|join('\n') }}"
    state: present
  tags:
    - authorized_key