---
- hosts: all
  tasks:
    - name: Create default user
      user:
       name: "{{ default_user }}"
       password: "{{ default_user_password | password_hash('sha512') }}"
       groups: sudo
       create_home: yes
       shell: /bin/zsh
       generate_ssh_key: yes
       ssh_key_bits: 2048
       ssh_key_file: .ssh/id_rsa
       update_password: always
       state: present

    - name: Ensure sudo group has passwordless sudo privileges
      lineinfile:
        dest: /etc/sudoers
        state: present
        regexp: "^%sudo"
        line: "%sudo ALL=(ALL) NOPASSWD:ALL"
        validate: "/usr/sbin/visudo -cf %s"

    - name: Upgrade apt packages
      apt:
        update_cache: yes
        upgrade: full

    - name: Install apt packages
      apt:
        name: "{{ packages_to_install }}"
...