---

- hosts: all
  become: true

  pre_tasks:
  - name: update respository index
    tags: always
    ansible.builtin.apt:
      update_cache: true


- hosts: all
  become: true

  tasks:
  - name: create ansible group
    tags: always 
    ansible.builtin.group:
      name: ansible

  - name: create ansible user
    tags: always 
    ansible.builtin.user:
      name: ansible
      group: ansible
      shell: /bin/bash

  - name: add ssh key for ansible
    tags: always 
    ansible.builtin.authorized_key:
      user: ansible
      key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOq4nIqFgm+sWwUoA+Fim2OW8IOCfDUsZZNR1r9vHxFc admin@ansible"

  - name: add sudoers file for ansible
    tags: always 
    ansible.builtin.copy:
      src: sudoer_ansible
      dest: /etc/sudoers.d/ansible
      owner: root
      group: root
      mode: 0440