ansible-role-users/tasks/user.yml

---
- name: "Create user `{{ username }}`"
  ansible.builtin.user:
    name: "{{ username }}"
    append: true
    groups: "{{ users[username].get('groups', '') }}"
    shell: "{{ users[username].get('shell', '/bin/bash') }}"
    uid: "{{ users[username].get('uid') if 'uid' in users[username] else omit }}"

- name: "Set specific password for user `{{ username }}`"
  ansible.builtin.user:
    name: "{{ username }}"
    password: "{{ users[username]['passwords'].get(ansible_default_ipv4.address) }}"
  when: "ansible_facts['default_ipv4'].address in users[username]['passwords'] and
        users[username]['passwords'].get(ansible_facts['default_ipv4'].address) != 'default'"

- name: "Set default password for user `{{ username }}`"
  ansible.builtin.user:
    name: "{{ username }}"
    password: "{{ users[username]['passwords'].get('default') }}"
  when: "ansible_facts['default_ipv4'].address not in users[username]['passwords'] or
        users[username]['passwords'].get(ansible_facts['default_ipv4'].address) == 'default'"

- name: "Setup ssh key for user `{{ username }}`"
  ansible.posix.authorized_key:
    user: "{{ username }}"
    state: "{{ users[username]['authorized_keys'][item].get('state', 'present') }}"
    key: "{{ users[username]['authorized_keys'][item].get('key') }}"
  with_items: "{{ users[username]['authorized_keys'].keys() }}"
  when: '"authorized_keys" in users[username]'