- name: Set up primary user
  hosts: target_system
  become: true
  vars:
    user_name: marty
    user_pass: marty
    user_shell: zsh
    user_groups:
      - wheel
      - _seatd # TODO: This will error if it does not exist (seatd not installed)
      - audio
      - dialout
      - disk
      - input
      - kvm
      - lp
      - plugdev
      - scanner
      - storage
      - usbmon
      - video

  tasks:
    - name: Enable sudo for "wheel" group
      ansible.builtin.lineinfile:
        path: "/etc/sudoers"
        regexp: '^# %wheel ALL=(ALL) ALL$'
        line: '%wheel ALL=(ALL) ALL'

    - name: Add user
      ansible.builtin.user:
        name: "{{ user_name }}"
        password: "{{ user_pass | password_hash('sha512', 'supersecretsalt') }}"
        create_home: true
        shell: "/bin/{{ user_shell }}"
        group: "{{ user_name }}"
        groups: "{{ user_groups }}"
        generate_ssh_key: true