---

- name: Ensure sudo is installed
  package:
    name: sudo

- name: Create users
  user:
    name: "{{ item.name }}"
    password: "{{ item.password }}"
    shell: "{{ item.shell | default('/bin/bash') }}"
    groups:
      - sudo
  loop: "{{ users }}"

- name: Set ssh authorized keys for users
  authorized_key:
    user: "{{ item.name }}"
    key: "{{ item.ssh_pubkey }}"
  loop: "{{ users }}"

- name: Disable login as root with ssh key
  file:
    path: /root/.ssh/authorized_keys
    state: absent
  when: ansible_user | default('') != 'root'