---
- name: "create user `{{ username }}`"
  ansible.builtin.user:
    name: "{{ username }}"
    append: true
    groups: "{{ users[username].get('groups', '') }}"
    shell: "{{ users[username].get('shell', '/bin/bash') }}"
    uid: "{{ users[username].get('uid', None) }}"

- name: "set specific password for user `{{ username }}`"
  ansible.builtin.user:
    name: "{{ username }}"
    password: "{{ users[username]['passwords'].get(ansible_default_ipv4.address) }}"
  when: "ansible_default_ipv4.address in users[username]['passwords'] and
        users[username]['passwords'].get(ansible_default_ipv4.address) != 'default'"

- name: "set default password for user `{{ username }}`"
  ansible.builtin.user:
    name: "{{ username }}"
    password: "{{ users[username]['passwords'].get('default') }}"
  when: "ansible_default_ipv4.address not in users[username]['passwords'] or
        users[username]['passwords'].get(ansible_default_ipv4.address) == 'default'"

- name: "setup ssh key for user `{{ username }}`"
  ansible.builtin.authorized_key:
    user: "{{ username }}"
    state: "{{ users[username]['authorized_keys'][item].get('state', 'present') }}"
    key: "{{ users[username]['authorized_keys'][item].get('key') }}"
  with_items: "{{ users[username]['authorized_keys'].keys() }}"
  when: '"authorized_keys" in users[username]'