- name: Add users, make them passwordless sudoers and download their ssh keys
  hosts: 
    - lxc
    - full_os
  gather_facts: false

  vars:
    mhrebik_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOH/TlOb8TAXiMhN8u7VNqPC7W2hrhygm/1BZBZZp0qo
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUkzs5GNd3Ocxb6cYFU5uFqlUrbgzeJaov4VM6HliFO
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGb8+AbE+2LUmgDft/Z79aH+qDWWLomRes4PPJlaE7ad
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6Dz6emnU+kRT7mh26QP0j3UL9mT33h+B6iCTh4Wb2L
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnPnJlE2yYvOt4v8W9LA3ZzgSj1T5zCPdcqryYfdKiN
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZ11i0NL5kxdVf8kWNYzVSZwC2pmxTnV1xxxXWuo//6
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwVRpRO4f00zBQ1Ju9hInJwVuP/Iq0QDWBE4S1R2S33

    matty_keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqgwteN2X+a3n/6CqbNHkOyRn9QZ0rMP+xvMaNmeamGQ12KFs8E47hStIgnb3UOfgUDgJ93GYcAJWr/ipcXNqOjZDcrQ/QImcUrbOfYasaTIVUtKXjHX/Q1gM7ESMhHi9iWPAKXB4pxPzCnnn95uFRM7w9uq/lw7P+ISPN7hc6UONAzYCaQN9Nc4NUaj048PWx+TjSJFbEGgOlmKDSDRUxTbm1cI1vnH0WmO3TnmDFjDOgt33FrPaNdQ22qf+IULCPruz2RQZYhLEhh2PFtgeKOxVx+8R5SlMG4jm39E7GxP60W6XpsggiwrD63QNi8KdGd6ZBVk4bQLZ2PCPH42S63oSC0tu9KeyDxdgJkmsP9g9UiEbrGVy0zC9njj+mJvbIcrJ3aee2QpjFy/3lMT+WOicu6j9mCFi2NWDU37gsnEVIy2eegO6mpOmQ6QlZv1YMesz0V3gz+tlP9HKKXCb9Ex5LCPscO4nZTAModj3fh5kItlbImsVEUgPYcXa901k=
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ96BSOF6J/WI4x31X7DMl/WmF6Rp6gYojBg0BZEw4wt
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBurNtP4P/pYGIKBDT5Kup/r/tEv8A+ntUOL6zKpzIQO
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXXLYPnOPYDug9WYZtwoyRci2kCsaEg/5EeYsYeV3w

  tasks:
    - name: Create the sudo_passwordless group
      ansible.builtin.group:
        name: sudo_passwordless
        state: present

    - name: Create user "mhrebik"
      ansible.builtin.user: 
        name: "mhrebik"
        append: true
        groups:
          - sudo_passwordless
        append: true
        shell: /bin/bash
        password: "$y$j9T$lFmEIGHoVlJMj8lklmG/O0$Cxh4sTsBk8FUgMqbJBqIee58hg8r4kXcv4/P1UDZMmD"

    - name: Create user matty
      ansible.builtin.user: 
        name: "matty"
        append: true
        groups:
          - sudo_passwordless
        append: true
        shell: /bin/bash
        password: "$y$j9T$UC70HSbFYAg7I306Q204R.$Jfvjvhrw.UIPL9WI6pX7LdWvuvJS1VH3DJT6EFHQ/XB"

    - name: Create user kandertova
      ansible.builtin.user:
        name: "kandertova"
        append: true
        groups:
          - sudo_passwordless
        append: true
        shell: /bin/bash
        password: "$y$j9T$46ejfvmwiL46oswXXNjLg.$AfjG8EKB0DzjBPuC7luLhxY/iDmzkQlHWvc6mgx6Jw0"

    - name: Allow passwordless sudo for the group in sudoers
      ansible.builtin.lineinfile:
        path: /etc/sudoers
        state: present
        line: '%sudo_passwordless ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s'

    - name: Add mhrebik keys
      ansible.builtin.authorized_key:
        user: mhrebik
        key: "{{ item }}"
      with_items: "{{ mhrebik_keys }}"
    
    - name: Add matty keys
      ansible.builtin.authorized_key:
        user: matty
        key: "{{ item }}"
      with_items: "{{ matty_keys }}"