vm-ansible/roles/common/tasks/user-ops.yaml

---
- name: Create .ssh directory of ansible user
  ansible.builtin.file:
    path: /home/ansible@intra.tormakris.dev/.ssh
    state: directory
    owner: ansible@intra.tormakris.dev
    group: ansible@intra.tormakris.dev

- name: Copy authorized_keys
  ansible.builtin.copy:
    src: authorized_keys
    dest: /home/ansible@intra.tormakris.dev/.ssh/authorized_keys
    mode: 0600
    owner: ansible@intra.tormakris.dev
    group: ansible@intra.tormakris.dev

- name: Check if group is presend in sudoers
  ansible.builtin.lineinfile:
    state: absent
    path: /etc/sudoers
    regexp: "^%linuxadmins"
  check_mode: true
  changed_when: false
  register: checksudoers

- name: Define group in sudoers
  ansible.builtin.lineinfile:
    state: present
    path: /etc/sudoers
    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
  when: checksudoers.found == 0

- name: "Update authorized_keys of tormakris"
  ansible.posix.authorized_key:
    user: tormakris@intra.tormakris.dev
    state: present
    key: https://static.tormakristof.eu/ssh.keys
...