ansible-collection-infrastructure/roles/system_setup/tasks/user.yml

---
- name: "Create a new user {{ username }}"
  user:
    name: "{{ username }}"
    password: "{{ user_password | password_hash('sha512') }}"
    groups:
      - sudo
    shell: "{{ shell }}"
    state: present
    append: true

- name: Allow sudo to be used without a password
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%sudo'
    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
    validate: 'visudo -cf %s'
  when: passwordless_sudo | bool

- name: Copy over the public SSH key
  authorized_key:
    user: "{{ username }}"
    state: present
    key: "{{ lookup('file', ssh_pubkey_file) }}"