- name: Set up primary user
  hosts: target_system
  become: true
  tasks:
    - name: Ensure user groups all exist
      ansible.builtin.group:
        name: "{{ item }}"
        state: present
      loop: "{{ user_groups }}"

    - name: Enable sudo for "wheel" group
      ansible.builtin.copy:
        content: "%wheel ALL=(ALL) ALL"
        dest: "/etc/sudoers.d/10-wheel"
        owner: root
        group: root
        mode: 0644
        force: true

    - name: Add user
      ansible.builtin.user:
        name: "{{ user_name }}"
        password: "{{ user_pass | password_hash('sha512', 'supersecretsalt') }}"
        create_home: true
        shell: "/bin/{{ user_shell }}"
        group: "{{ user_name }}"
        groups: "{{ user_groups }}"
        generate_ssh_key: true