---

- name: Ensure remote users for ansible exists
  user:
    name: '{{ item.name }}'
    state: present
    uid: '{{ item.user_id | default(omit) }}'
    #group: '{{ item.name | default(omit) }}'
    shell: '{{ item.shell|d("/bin/bash") }}'
    password: "{{ item.password }}"
    update_password: on_create
  with_items: '{{ ansible_remote_user }}'
  tags:
    - ansible-remote-user

- name: Ensure ansible user is part of sudo group
  user:
    name: "{{ item.name }}"
    groups: wheel
    append: yes
  with_items: "{{ ansible_remote_user }}"
  tags:
    - sudo-users

- name: Ensure authorized_key files are present
  authorized_key:
    user: "{{ item.0.name }}"
    key: "{{ item.1 }}"
    state: present
  with_subelements:
    - '{{ ansible_remote_user }}'
    - ssh_keys
  tags:
    - authorized_key