--- - name: Validate pubkey configuration ansible.builtin.fail: msg: "Only one of pubkey, pubkey_file, or pubkey_url can be defined" when: > (user_pubkey is defined and (user_pubkey_file is defined or user_pubkey_url is defined)) or (user_pubkey_file is defined and user_pubkey_url is defined) - name: Validate at least one pubkey source is defined ansible.builtin.fail: msg: "At least one of pubkey, pubkey_file, or pubkey_url must be defined" when: - user_pubkey is not defined - user_pubkey_file is not defined - user_pubkey_url is not defined - name: Create user account ansible.builtin.user: name: "{{ user_name }}" state: present shell: "{{ user_shell }}" createhome: yes home: "{{ user_home | default('/home/' + user_name) }}" uid: "{{ user_uid | default(omit) }}" groups: "{{ user_groups | default(omit) }}" append: "{{ user_groups_append | default(true) }}" password: "{{ user_password | password_hash('sha512') if user_password is defined else omit }}" update_password: "{{ 'always' if user_password is defined else 'on_create' }}" become: yes - name: Configure sudoers for user ansible.builtin.lineinfile: dest: /etc/sudoers.d/{{ user_name }} line: "{{ user_name }} ALL=(ALL) {{ 'NOPASSWD: ' if user_sudo_nopasswd else '' }}ALL" create: yes mode: "0440" validate: 'visudo -cf %s' become: yes when: user_sudo_enabled | bool - name: Add SSH public key (direct) ansible.builtin.authorized_key: user: "{{ user_name }}" key: "{{ user_pubkey }}" state: present exclusive: "{{ user_pubkey_exclusive | bool }}" become: yes when: user_pubkey is defined - name: Add SSH public key (from file) ansible.builtin.authorized_key: user: "{{ user_name }}" key: "{{ lookup('file', user_pubkey_file) }}" state: present exclusive: "{{ user_pubkey_exclusive | bool }}" become: yes when: user_pubkey_file is defined - name: Add SSH public key (from URL) ansible.builtin.authorized_key: user: "{{ user_name }}" key: "{{ lookup('url', user_pubkey_url) }}" state: present exclusive: "{{ user_pubkey_exclusive | bool }}" become: yes when: user_pubkey_url is defined