---
- name: create ssh_access group
  group:
    name: ssh_access
    state: present

- name: Create user
  user:
    name: "{{ item }}"
    shell: /bin/bash
    groups: "{{ group }},ssh_access"
    password: "{{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15') | password_hash('sha512')}}"
  loop: "{{ userlist }}"

- name: Add user to sudoers
  lineinfile:
    path: "/etc/sudoers.d/{{item}}"
    create: yes
    line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
    mode: 0440
    validate: visudo -cf %s
  when: sudoers
  loop: "{{ userlist }}"

- name: Display generated password
  debug:
    msg: "Generated password for {{ item }}: {{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15')}}"
  loop: "{{ userlist }}"

- name: Remove password files created by ansible
  file:
    path: cred.{{item}}.pass
    state: absent
  loop: "{{ userlist }}"