---
- name: Converge
  hosts: all
  become: yes
  gather_facts: yes

  roles:
    - role: ansible-role-users
      # You can create groups:
      users_group_list:
        - name: robertdb
          gid: 1024
        - name: users
          # You can also remove groups.
        - name: notgroup
          state: absent
          # A system group is also possible.
        - name: systemgroup
          system: yes

      # You can create users.
      users_user_list:
        - name: root
          cron_allow: yes
          # You can remove authorized keys.
          unauthorized_keys:
            - "ssh-rsa XYZYX54321"
        - name: robertdb
          comment: Robert de Bock
          uid: 1024
          # The `group` and `groups` listed here should exist.
          group: robertdb
          # groups: A comma separated string of groups, i.e.:
          # groups: users,wheel
          groups: users
          cron_allow: yes
          sudo_options: "ALL=(ALL) NOPASSWD: ALL"
          # Adding an authorized key.
          authorized_keys:
            - "ssh-rsa ABC123"
          # EPOCH timestamp when an account should expire.
          # Typically a positive value like: `1641971487`.
          # The value `-1` removes the expiry time.
          expires: -1
          password_validity_days: 9
          # Test username with dots
        - name: robert.d.b
          comment: Robert de Bock with dots in username
          uid: 1025
          # The `group` and `groups` listed here should exist.
          group: robertdb
          # groups: A comma separated string of groups, i.e.:
          # groups: users,wheel
          groups: users
          cron_allow: yes
          sudo_options: "ALL=(ALL) NOPASSWD: ALL"
          # Adding an authorized key.
          authorized_keys:
            - "ssh-rsa ABC123"
          # EPOCH timestamp when an account should expire.
          # Typically a positive value like: `1641971487`.
          # The value `-1` removes the expiry time.
          expires: -1
          password_validity_days: 9
        # Here a user is removed.
        - name: notuser
          state: absent
        - name: keyuser
          manage_ssh_key: yes
        - name: privkeyuser
          # This user will have ssh-keys generated.
          manage_ssh_key: yes
          copy_private_key: yes
        - name: multiplekeys
          authorized_keys:
            - "ssh-rsa ABC1234"
            - "ssh-rsa ABC12345"
        - name: passuser
          # You can set a password. (Hashed and salted.)
          password: "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
          update_password: on_create
        - name: remotekey
          authorized_keys:
            # You can also download a public key from a URL.
            - "https://raw.githubusercontent.com/shaanr/smdb/master/file.pub"
        - name: systemuser
          system: yes
        - name: multisudo
          # An account that can run just a few commands without a password.
          sudo_options:
            - "ALL= NOPASSWD: /usr/bin/systemctl restart httpd"
            - "ALL= NOPASSWD: /usr/bin/systemctl start httpd"
            - "ALL= NOPASSWD: /usr/bin/systemctl stop httpd"