ansible/roles/users/tasks/main.yml

---

- name: Create users
  user:
    name: "{{ item.key }}"
    groups: "{{ item.value | default('') }}"
    shell: "{{ user_dict[item.key].shell | default('/bin/bash') }}"
    password: "{{ user_dict[item.key].password_hash }}"
    update_password: always
    # Prevent the user from changing their password
    password_expire_max: -1
    password_expire_min: 1
      
    state: present
  loop: "{{ users | dict2items }}"

- name: Create authorized_keys directory
  file:
    path: /etc/ssh/authorized_keys
    state: directory
    owner: root
    group: root
    mode: 0711

- name: Add SSH key to users
  ansible.builtin.copy:
    dest: "/etc/ssh/authorized_keys/{{ item.key }}"
    content: "{{ user_dict[item.key].ssh_keys | join('\n') }}\n"
    owner: root
    group: "{{ item.key }}"
    mode: 0640
  loop: "{{ users | dict2items }}"