---
- name: add_user | Add admin group
  group:
    name: "{{ admin_group }}"
    state: present

- name: add_user | Allow 'admin' group to have passwordless sudo
  lineinfile:
    dest: /etc/sudoers
    state: present
    regexp: '^%admin'
    line: '%admin ALL=(ALL) NOPASSWD: ALL'
    validate: 'visudo -cf %s'
  become: yes

- name: add_user | Add admin user
  user:
    name: "{{ admin_user }}"
    group: "{{ admin_group }}"
    state: present
    create_home: yes
  become: yes

- name: add_user | Ensure admin user ssh directory exists
  file:
    path: "/home/{{ admin_user }}/.ssh/"
    state: directory
    owner: "{{ admin_user }}"
    group: "{{ admin_group }}"
    mode: 0700
  become: yes

- name: add_user | Add SSH keys to admin user
  authorized_key:
    user: "{{ admin_user }}"
    state: present
    key: "{{ item.key }}"
  with_items: "{{ ssh_keys }}"
  become: yes