---

- name: creating user {{ username }} in sudo group (Debian/Ubuntu)
  user:
    name: "{{ username }}"
    password: "{{ pwgen | password_hash('sha512') }}"
    state: present
    shell: /bin/bash
    groups: sudo
    append: yes
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa
    update_password: on_create
  register: user_created

- name: enable nopasswd sudo (Debian/Ubuntu)
  lineinfile:
    dest: /etc/sudoers
    regexp: '^%sudo'
    line: "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL"
    state: present
    validate: 'visudo -cf %s'