- hosts: all
  become: yes
  tasks:
    - name: Add the ansible group
      group:
        name: ansible
        gid: 1100
        state: present

  
  
    - name: Add the ansible user as a system user
      user:
        name: ansible
        uid: 1100
        group: ansible
        # Directly generate hash 
        # https://www.lisenet.com/2019/ansible-generate-crypted-passwords-for-the-user-module/
        password: "{{ ansible_crypted_password | password_hash('sha512') }}"
        shell: /bin/bash 
        system: yes
        home: /srv/ansible
        state: present

    - name: Set ansible user as sudoer
      copy:
        content: "ansible ALL = (ALL) NOPASSWD:ALL"
        dest: /etc/sudoers.d/ansible
        owner: root
        group: root
        mode: 0440

    - name: Create the .ssh directory
      file: path=/srv/ansible/.ssh owner=ansible group=ansible mode=0700 state=directory

    - name: Add the mandatory ssh keys to the ansible user
      template: src=library/templates/ansible_auth_keys.j2 dest=/srv/ansible/.ssh/authorized_keys owner=ansible group=ansible mode=0600