diff --git a/roles/create-user/tasks/main.yml b/roles/create-user/tasks/main.yml
index 0498d93..cfda9e7 100644
--- a/roles/create-user/tasks/main.yml
+++ b/roles/create-user/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
 
-- name: Create user {{ create_username }}
+- name: "Ensure '{{ create_username }}'"
   become: true
-  user:
+  ansible.builtin.user:
     name: "{{ create_username }}"
     password: "{{ create_pwgen | password_hash('sha512') }}"
     state: present
@@ -18,13 +18,11 @@
 
 - name: Ensure 'sudo' package is installed
   become: true
-  ansible.builtin.package:
-    name: sudo
-    state: present
+  ansible.builtin.package: { name: sudo, state: present }
 
-- name: enable nopasswd sudo
+- name: Enable nopasswd sudo
   become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/sudoers
     regexp: '^{{ create_username }}'
     line: "{{ create_username }}   ALL=(ALL:ALL) NOPASSWD:ALL"
@@ -32,14 +30,15 @@
     state: present
     validate: 'visudo -cf %s'
 
-- name: copy current pubkeys to ~{{ create_username }}/.ssh/authorized_keys
-  authorized_key:
+- name: "Copy '~/.ssh/id_*.pub' (on controller) to authorized_keys for '{{ create_username }}'"
+  tags: ['keys']
+  ansible.posix.authorized_key:
     user: "{{ create_username }}"
     state: present
-    key: "{{ item }}"
-#    key: "{{ URL_PUBKEYS }}"
-  ignore_errors: true # doesn't support sk-ecdsa-sha2-nistp256 keys
-  with_items:
-    - "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}"
+    key: "{{ lookup('file', item) }}"
+  with_fileglob:
+    - "{{ '~/.ssh/id_*.pub' }}"
+#  with_items:
+#    - "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}"
 #    - "{{ lookup('file','~/.ssh/id_ecdsa_sk.pub') }}"
 #    - "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"