---
# task/create_user file for provision_ansible_user
- name: "Create user {{ provision_ansible_user_name }}"
  ansible.builtin.user:
    name: "{{ provision_ansible_user_name }}"
    comment: "Ansible service user"
    password: "{{ provision_ansible_user_password }}"
    shell: "{{ provision_ansible_user_shell }}"
    system: "{{ provision_ansible_user_is_system }}"
    create_home: true

- name: "Add user to sudoers"
  ansible.builtin.copy:
    dest: "/etc/sudoers.d/{{ provision_ansible_user_name }}"
    mode: 0640
    content: "{{ provision_ansible_user_name }}  ALL=(ALL)  NOPASSWD: ALL"

- name: "Add key to authorized_keys"
  user: "{{ provision_ansible_user_name }}"
  key: "{{ provision_ansible_user_ssh_key }}"
  comment: "ansible@{{ ansible_hostname }}"
  key_options: "{{ provision_ansible_user_ssh_key_options }}"
  exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"