---
- hosts: all
  become: true
  tasks:
    - name: Create the ansible user
      ansible.builtin.user:
        name: ansible
        append: true
        state: present
        createhome: true
        shell: /bin/bash

    - name: Make sure the sudoers dropin directory exists
      ansible.builtin.file:
        path: "/etc/sudoers.d"
        state: directory

    - name: Create a sudoers file for the ansible user
      ansible.builtin.lineinfile:
        path: "/etc/sudoers.d/50-ansible"
        line: "ansible ALL=(ALL) NOPASSWD: ALL"
        validate: "visudo -cf"
      
    - name: Add authorized key for ansible user
      ansible.builtin.authorized_key:
        user: ansible
        key: "{{ lookup('ansible.builtin.file', '/home/ansible/.ssh/id_rsa.pub') }}"