---
- name: Ensure user group "power" exists
  ansible.builtin.group:
    name: power
    state: "present"

- name: Put user in power group
  ansible.builtin.user:
    name: "{{ user_name | default('root') }}"
    groups: [power]
    append: true

- name: Enable power management for power group
  ansible.builtin.copy:
    content: "%power ALL=(ALL) NOPASSWD: /usr/bin/halt, /usr/bin/poweroff, /usr/bin/reboot, /usr/bin/shutdown, /usr/bin/zzz, /usr/bin/ZZZ"
    dest: "/etc/sudoers.d/20-power"
    owner: root
    group: root
    mode: 0644
    force: true