# Configure users for the bastion host
- name: users | root | Set strong password
  include_tasks: users/root.yml

- name: users | rene | Ensure admin user is absent from bastion
  include_tasks: users/rene.yml

- name: users | Create and configure bastion users
  include_tasks: users/_create_user_with_ssh.yml
  loop:
    - name: lowpriv
      comment: "Restricted user for interactive shell"
      shell: /usr/bin/rbash

    - name: sshjumpuser
      comment: "SSH Jump User - no tty - no password"
      shell: /bin/false
  loop_control:
    loop_var: user_item