ansible_linux_setup/roles/setup/tasks/main.yml

- name: Initial server setup
  tags: setup
  block:
    - name: Create default user
      user:
        name: "{{ default_user }}"
        password: "{{ default_user_password | password_hash('sha512') }}"
        groups: sudo
        create_home: yes
        shell: /bin/zsh
        generate_ssh_key: yes
        ssh_key_bits: 2048
        ssh_key_file: .ssh/id_rsa
        update_password: always
        state: present

    - name: Ensure sudo group has passwordless sudo privileges
      lineinfile:
        dest: /etc/sudoers
        state: present
        regexp: "^%sudo"
        line: "%sudo ALL=(ALL) NOPASSWD:ALL"
        validate: "/usr/sbin/visudo -cf %s"

    - name: Upgrade apt packages
      apt:
        update_cache: yes
        upgrade: full

    - name: Install apt packages
      apt:
        name: "{{ packages_to_install }}"