- name: Configure system
  hosts: root_host
  become: yes

  vars_files:
    - vars/user-vars.yml

  tasks:
    - name: Create a user
      user:
        name: "{{ username }}"
        password: "{{ '{{ password }}' | password_hash('sha512') }}"
        shell: /bin/bash
        state: present

    - name: Add user to sudoers group
      user:
        name: "{{ username }}"
        groups: sudo
        append: yes

    - name: Ensure .ssh directory exists for user
      file:
        path: /home/{{ username }}/.ssh
        state: directory
        owner: "{{ username }}"
        group: "{{ username }}"
        mode: '0700'

    - name: Copy SSH public key to authorized_keys
      copy:
        src: "{{ path_to_ssh_key }}"
        dest: /home/{{ username }}/.ssh/authorized_keys
        owner: "{{ username }}"
        group: "{{ username }}"
        mode: '0600'

    - name: Add user to sudoers for passwordless sudo
      lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^{{ username }} ALL=\(ALL\) NOPASSWD:ALL'
        line: '{{ username }} ALL=(ALL) NOPASSWD:ALL'
        validate: 'visudo -cf %s'