---
- name: Ensure Ansible user has the correct keys, permissions, groups, etc.
  hosts: all
  gather_facts: true
  become: true
  tasks:
    - name: "Ansible_user_info"
      include_vars:
        dir: "include/Ansible_user"
        ignore_unknown_extensions: True
        extensions: [ 'userinfo.yaml', 'yaml' ]

    - debug:
        msg: "{{ username }}"

    - name: "Add/modify Ansible user with a specific uid, passwd hash & public key(s)"
      user:
        name: "Ansible"
        comment: "Ansible user"
        shell: /bin/bash
        uid: "{{ uid }}"
        password: "{{ shadowhash }}"
        password_expire_max: 0
        password_expire_min: 0
        password_lock: false
        update_password: always
        home: '/home/Ansible'
        state: present

    - name: "Append appropriate groups for Ansible, REMOVE other groups"
      user:
        name: 'Ansible'
        groups: "admin,sudo,wheel"
        ignore_errors: true
        append: false

        user: 'Ansible'
        state: present
        key: '{{ item }}'
      with_file:
        - "{{ pubkeysfile }}"
    - debug:
        msg:
          - " PUBKEYSFILE was read in as {{ pubkeysfile }} "