--- - name: Create user {{ create_username }} become: true user: name: "{{ create_username }}" password: "{{ create_pwgen | password_hash('sha512') }}" state: present shell: /bin/bash groups: "{{ created_users_groups[ansible_os_family] }}" append: true generate_ssh_key: false ssh_key_bits: 2048 ssh_key_file: .ssh/id_rsa update_password: on_create register: user_created notify: print generated password - name: Ensure 'sudo' package is installed become: true ansible.builtin.package: name: sudo state: present - name: enable nopasswd sudo become: true lineinfile: dest: /etc/sudoers regexp: '^{{ create_username }}' line: "{{ create_username }} ALL=(ALL:ALL) NOPASSWD:ALL" insertafter: '^%{{ sudo_group_by_fam[ansible_os_family] }}.*$' state: present validate: 'visudo -cf %s' - name: copy current pubkeys to ~{{ create_username }}/.ssh/authorized_keys authorized_key: user: "{{ create_username }}" state: present key: "{{ item }}" # key: "{{ URL_PUBKEYS }}" ignore_errors: true # doesn't support sk-ecdsa-sha2-nistp256 keys with_items: - "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}" # - "{{ lookup('file','~/.ssh/id_ecdsa_sk.pub') }}" # - "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"