{{ ansible_managed | comment }} {% for name, user in pve_auth__users.items() %} {% set enabled = user.enabled | default(True) %} user:{{ name }}@pve:{{ enabled | ternary(1, 0) }}:0:::::: {% endfor %} {% for group in pve_auth__groups.keys() %} {% set users = pve_auth__users | dict2items | selectattr("value.groups", "defined") | selectattr("value.groups", "contains", group) | map(attribute="key") | map("suffix", "@pve") %} group:{{ group }}:{{ users | join(",") }}:: {% endfor %} {% for group, roles in pve_auth__groups.items() %} acl:1:/:@{{ group }}:{{ roles | join(",") }}: {% endfor %}