- name: Enable sudo access for "wheel" group
  ansible.builtin.copy:
    content: "%wheel ALL=(ALL) ALL"
    dest: "/etc/sudoers.d/10-wheel"
    owner: root
    group: root
    mode: 0644
    force: true
  tags: sudo

- name: Ensure all desired user groups exist
  ansible.builtin.group:
    name: "{{ item }}"
    state: "present"
  loop: "{{ user_groups }}"

- name: Add primary user
  ansible.builtin.user:
    name: "{{ user_name }}"
    password: "{{ user_pass | password_hash('sha512', '{{ user_pass_salt}}') }}"
    create_home: true
    shell: "/bin/{{ user_shell }}"
    group: "{{ user_name }}"
    groups: "{{ user_groups }}"
    generate_ssh_key: true
  tags:
    - passlib