ansible-infra/roles/common/tasks/user.yml

---
# Create an user and add their SSH public keys
- name: Create user {{ user.name }} with no password
  user:
    name: "{{ user.name }}"
    shell: /bin/bash
    # See https://unix.stackexchange.com/questions/193066/how-to-unlock-account-for-public-key-ssh-authorization-but-not-for-password-aut/193131#193131
    password: '*'
    groups: 
    - sudo
    append: yes
    state: present
    update_password: on_create

- name: Add SSH public keys for user {{ user.name }}
  authorized_key:
    user: "{{ user.name }}"
    state: present
    # we can pass multiple SSH keys, but they must be separated by newlines
    key: "{{ user.ssh_keys | join('\n') }}"
    # remove obsolete keys
    exclusive: yes
initial commit 2020-04-13 14:46:45 +02:00			`---`
			`# Create an user and add their SSH public keys`
			`- name: Create user {{ user.name }} with no password`
			`user:`
			`name: "{{ user.name }}"`
			`shell: /bin/bash`
			`# See https://unix.stackexchange.com/questions/193066/how-to-unlock-account-for-public-key-ssh-authorization-but-not-for-password-aut/193131#193131`
			`password: '*'`
			`groups:`
			`- sudo`
			`append: yes`
			`state: present`
			`update_password: on_create`

			`- name: Add SSH public keys for user {{ user.name }}`
			`authorized_key:`
			`user: "{{ user.name }}"`
			`state: present`
			`# we can pass multiple SSH keys, but they must be separated by newlines`
			`key: "{{ user.ssh_keys \| join('\n') }}"`
			`# remove obsolete keys`
			`exclusive: yes`