- name: Create required deployment users
  hosts: all
  become: yes
  become_method: sudo
  become_user: root

  tasks:
  - name: Create Ansible user
    user:
      name: ansible # Username
      groups: sudo
      expires: -1
      password: "{{ 'mypassword' | password_hash('sha512') }}" # Encrypted password
      state: present # Ensure the user is present
      createhome: yes # Create the user's home directory
      generate_ssh_key: yes # Generate an SSH key pair for the user
      ssh_key_bits: 2048
      ssh_key_file: .ssh/id_rsa
  - name: Create sudoers file
    copy:
      dest: /etc/sudoers.d/ansible
      content: ""
  - name: Add sudoers entry
    lineinfile:
      dest: /etc/sudoers.d/ansible
      state: present
      regexp: '^ansible'
      line: 'ansible ALL=(ALL) NOPASSWD: ALL'
      validate: 'visudo -cf %s'