configpolicy/users.yml

- hosts: 'sudo:!samba-dc'
  roles:
  - role: sudo
    tags:
    - sudo
- hosts: '!sudo'
  roles:
  - role: doas
    tags:
    - doas
- hosts: '!pyrocufflink'
  tasks:
  - name: ensure users exist
    user:
      name: '{{ item.name }}'
      comment: '{{ item.comment | d(omit) }}'
      uid: '{{ item.uid | d(omit) }}'
      groups: '{{ item.groups | d(omit) }}'
      append: true
      create_home: true
      local: true
      password: '*'
      state: present
    loop: '{{ managed_users | d([]) }}'
    tags:
    - user