- name: Ensure allow_ssh-group exists
  group:
    name: allow_ssh
    state: present

- name: Ensure sudo users present
  user:
    name: "{{ item }}"
    groups: sudo,allow_ssh
    home: "/home/{{ item }}"
    shell: /bin/bash
    state: present
    password: '{{ passwords[item] }}'
    update_password: on_create
  with_items: '{{ sudo_users }}'
  notify: Ensure password change reminder present

- name: Ensure public keys in authorized_keys
  authorized_key:
    user: "{{ item }}"
    key: "{{ lookup('file', 'public_keys/' + item + '.pub') }}"
  with_items: '{{ sudo_users }}'