---
- name: Make sure we have a 'wheel' group
  ansible.builtin.group:
    name: wheel
    state: present

- name: Create user
  ansible.builtin.user:
    name: "{{ user.name }}"
    # Use: openssl passwd -salt <salt> -1 <plaintext>
    password: "{{ user.password }}"
    update_password: on_create
    comment: "{{ user.full_name }}"
    groups: "{{ user.additional_groups }}"
    append: yes
    shell: "{{ user.shell }}"
    state: present
    expires: -1
  become: true

- name: Setup sudo
  ansible.builtin.copy:
    dest: /etc/sudoers.d/{{ user.name }}
    content: "{{ user.name }} ALL=(ALL:ALL) ALL"
    mode: 0440
    validate: /usr/sbin/visudo -cf %s
  become: true