- name: Create unpriviledged user
  loop: "{{ users }}"
  no_log: true
  user:
        name: "{{ item.user }}"
        password: "{{ item.password | password_hash('sha512') }}"
        shell: "{{ item.shell }}"
        groups: "{{ item.groups }}"
        append: yes
  tags:
        - users
  notify:
        - Disable the root account
- name: Copy ssh key for unpriviledged user
  loop: "{{ users }}"
  no_log: true
  authorized_key:
        key: "{{lookup('file', '{{ role_path }}/files/{{ item.user }}.pub')}}"
        follow: yes
        user: '{{ item.user }}'
  tags:
        - users
- name: Set base iptables filter # TODO: Replace this with the firewall role
  copy:
        src: '{{ role_path }}/files/iptables-rules/'
        dest: '/etc/iptables/'
  notify: Run service actions
  tags:
        - firewall