# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Add users
  ansible.builtin.user:
    name: "{{ item.name }}"
    comment: "{{ item.comment }}"
    groups: "{{ item.groups }}"
    shell: /bin/bash
    state: present
  loop: "{{ users }}"

- name: Add SSH keys to users
  ansible.posix.authorized_key:
    user: "{{ item.name }}"
    key: "{{ item.ssh_keys | join('\n') }}"
    exclusive: true
  loop: "{{ users }}"

- name: Allow passwordless sudo to 'sudo' group
  ansible.builtin.lineinfile:
    path: /etc/sudoers
    regexp: '^%sudo ALL='
    line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
    validate: /usr/sbin/visudo -cf %s
    state: present