--- - name: Read salt from environment ansible.builtin.set_fact: user_password_salt: "{{ lookup('env', 'USER_PASSWORD_SALT') | default('') }}" - name: Adding ssh users become: true ansible.builtin.user: name: "{{ item.username }}" comment: "{{ item.comment }} ( Managed by ansible )" password: "{{ lookup('env', 'USER_PASSWORD_' + (item.username | upper)) | password_hash('sha512', user_password_salt) }}" state: "{{ 'absent' if item.enabled is defined and not item.enabled else 'present' }}" shell: "{{ item.shell if item.shell is defined else '/bin/bash' }}" loop: "{{ ssh_users }}" - name: "Add SSH Authorized key" become: true ansible.posix.authorized_key: user: "{{ item.username }}" key: "{{ item.pubkey }}" state: "{{ 'present' if item.pubkey is defined else 'absent' }}" when: item.pubkey is defined loop: "{{ ssh_users }}" - name: Create sudoers.d entry if user allowed become: true ansible.builtin.copy: dest: "/etc/sudoers.d/{{ item.username }}" content: | {{ item.username }} ALL=(ALL) ALL owner: root group: root mode: "0600" when: item.sudoer is defined and item.sudoer loop: "{{ ssh_users }}"