---
- name: Add users | create users, shell, home dirs
  user:
    name: "{{ item }}"
    shell: /bin/bash
    createhome: yes
    comment: 'created with ansible'
    password_lock: true
    append: true
  with_items:
    - "{{ admin_users }}"

- name: Create .ssh user directories
  file:
    path: "{{ '/home/' + item + '/.ssh'  }}"
    state: directory
    mode: "0700"
    owner: "{{ item }}"
    group: "{{ item }}"
  with_items:
    - "{{ admin_users }}"

- name: Set authorized keys for users
  copy:
    src: "{{'users/' + item + '_authorized_keys'}}"
    remote_src: no
    dest: "{{ '/home/' + item + '/.ssh/authorized_keys' }}"
    mode: "0600"
    owner: "{{ item }}"
    group: "{{ item }}"
  with_items:
    - "{{ admin_users }}"

- name: Place users in sudo group
  user:
    name: "{{ item }}"
    groups: sudo
    append: yes
  with_items:
    - "{{ admin_users }}"

- name: Configure group sudo for sudoers without password
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%sudo\s'
    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
    validate: /usr/sbin/visudo -cf %s