---
- name: "Create admin user accounts"
  ansible.builtin.user:
    name: "{{ item.username }}"
    password: "{{ item.password | password_hash('sha512') }}"
    shell: /bin/bash
  with_items: "{{ admin_users }}"

- name: "Add authorized keys for admin user accounts"
  ansible.posix.authorized_key:
    user: "{{ item.username }}"
    key: "{{ lookup('file', 'files/' + item.username + '.key.pub') }}"
  with_items: "{{ admin_users }}"
  register: add_authorized_keys

- name: "Add admin user accounts to sudoers file"
  community.general.sudoers:
    name: "sudo-{{ item.username }}"
    user: "{{ item.username }}"
    nopassword: false
    commands: ALL
  with_items: "{{ admin_users }}"

- name: "Disable password login"
  ansible.builtin.lineinfile:
    dest: "{{ sshd_config_path }}"
    regexp: '^(#\s*)?PasswordAuthentication '
    line: 'PasswordAuthentication no'
  when:
    - add_authorized_keys is succeeded
  notify: restart sshd