---
- name: Bootstrap virtual private servers
  hosts: vps
  gather_facts: yes
  vars:
    # # below is just to remind you to use '-u' instead 
    # ansible_user: "{{ root_auths[0].username }}"
    # # below is just to remind you to use '--ask-pass' instead
    # ansible_password: "{{ root_auths[0].password }}"
    FAMILY: "{{ ansible_facts['os_family'] }}"

  tasks:
    - name: Create users
      include_role:
        name: bootstrap
        tasks_from: "users@{{ FAMILY  }}.yml"
      vars:
        admins: "{{ admin_auths }}"
        guests: "{{ guest_auths }}"
        users: "{{ user_auths }}"
      register: accts_created
      tags: ['default', 'userbase_creation']
    - name: Require authorized keys for SSH access to accounts
      include_role:
        name: bootstrap
        tasks_from: auth@ssh.yml
        defaults_from: options/ssh.yml
        vars_from: options/ssh.yml
      register: ssh_authorized
      tags: ['default', 'ssh_uthorization']
    - name: Disable SSH login for this account
      include_role:
        name: bootstrap
        tasks_from: denyroot@ssh.yml
        defaults_from: options/ssh.yml
        vars_from: options/ssh.yml
      register: sshroot_disabled
      tags: ['default', 'root_denial']
      when: not ssh_root_login
    - name: Disable root account
      include_role:
        name: bootstrap
        tasks_from: denyroot.yml
        defaults_from: options/ssh.yml
        vars_from: options/ssh.yml