---
  # Intended to be called on a fresh box, just to set up my users
  - name: Add the fdamstra account
    hosts: all
    become: yes
    become_user: root
    tasks:
      - name: Create fdamstra user
        ansible.builtin.user:
          name: fdamstra
          state: present
          comment: Fred Damstra
          shell: /bin/bash
          append: yes # add groups, not replace
          groups:
            - sudo
          home: /home/fdamstra
          password: "{{ password }}"
          update_password: on_create
      - name: Create authorized key
        authorized_key:
          user: fdamstra
          state: present
          key: "{{ public_ssh_key }}"
      - name: Set nopassword for sudo group
        lineinfile:
          path: /etc/sudoers.d/20-sudo-group-nopasswd
          line: '%sudo ALL=(ALL) NOPASSWD: ALL'
          state: present
          mode: 0440
          create: yes
          validate: 'visudo -cf %s'
      - name: Install public key
        copy: 
          dest: /home/fdamstra/.ssh/id_ed25519.pub
          content: "{{ public_ssh_key }}"
          mode: 0644
          owner: fdamstra
      - name: Install private key
        copy: 
          dest: /home/fdamstra/.ssh/id_ed25519
          content: "{{ private_ssh_key }}"
          mode: 0600
          owner: fdamstra