--- - name: Get secrets ansible.builtin.set_fact: archlinux_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/archlinux') }}" - name: install xenrox packages community.general.pacman: name: "{{ xenrox_packages }}" state: present - name: Allow wheel group to use sudo ansible.builtin.copy: src: override dest: /etc/sudoers.d/override owner: root group: root mode: 0440 - name: create user ansible.builtin.user: name: xenrox shell: /bin/zsh home: /home/xenrox password: "{{ archlinux_secrets['xenrox_password'] | password_hash('sha512', archlinux_secrets['xenrox_hash']) }}" no_log: true - name: add to wheel ansible.builtin.user: name: xenrox append: true groups: wheel - name: Read SSH public keys ansible.builtin.set_fact: authorized_keys: "{% for key in ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}" - name: deposit ssh pub key ansible.posix.authorized_key: user: xenrox state: present exclusive: true key: "{{ authorized_keys }}"