- name: create ssh_access group
  group:
    name: ssh_access
    state: present

- set_fact:
    plain_pass: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigitsi length=15') }}"

- name: Create user {{ user.name }}
  user:
    name: "{{ user.name }}"
    shell: /bin/bash
    groups: "{{ user.group }},ssh_access"
    password: "{{ plain_pass | password_hash('sha512') }}"

- name: Add user to sudoers
  lineinfile:
    path: "/etc/sudoers.d/{{ user.name }}"
    create: yes
    line: "{{ user.name }} ALL=(ALL) NOPASSWD: ALL"
    mode: 0440
  when: user.sudoers 

- name: Display generated password
  debug:
    msg: "Generated password for {{ user.name }}: {{ plain_pass }}"