---
- name: Verify
  hosts: all
  become: yes
  gather_facts: no

  tasks:
    - name: record status of .ssh
      ansible.builtin.stat:
        path: /home/keyuser/.ssh
      register: result
      failed_when:
        - not result.stat.exists

    - name: check if user notuser does not exist
      ansible.builtin.user:
        name: notuser
        state: absent
      register: users_check_user_notuser
      failed_when:
        - users_check_user_notuser is changed

    - name: check if unauthorized keys are deleted
      ansible.posix.authorized_key:
        user: root
        state: absent
        key: "ssh-rsa XYZYX54321"
      register: users_check_unauthorized_keys
      failed_when:
        - users_check_unauthorized_keys is changed