- name: create users in webserver
  hosts: webservers,database
  gather_facts: no
  become: true
  vars_files:
    - secret.yml
    - user_list.yml
  tasks: 
    - name: create webserver user 
      user:
        name: "{{ item.username }}"
        uid: "{{ item.uid }}"
        groups: wheel
        password: "{{ user_password | password_hash ('sha512') }}"
        update_password: on_create
      when: (( item.uid >= 1000) and ( item.uid < 2000) and 'webservers' in group_names) or (( item.uid >= 2000) and ( item.uid < 3000 ) and 'database' in group_names) 
      loop: "{{ users }}"
    - name: ssh keys exists in mngd hosts
      authorized_key:
        user: "{{ item.username }}"
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
        state: present
      loop: "{{ users }}"