createadminuser.playbook.yml

---
- hosts: "{{target}}"
  become: yes
  gather_facts: no
  connection: ssh

  vars:
    - username: "{{admin_username}}"
    - ansible_port: 22
    - random_salt: "{{ lookup('password', '/dev/null length=8 chars=ascii_letters')}}"

  tasks:
  
   - name: Make sure we have a 'wheel' group
     group:
       name: wheel
       state: present

   - name: Wheel group users can sudo
     copy:
       content: '%wheel ALL=(ALL:ALL) ALL'
       dest: /etc/sudoers.d/wheel
       mode: 0440

   - name: Create main admin user
     user:
       name: "{{admin_username}}"
       password: "{{ ansible_become_pass | password_hash('sha512', random_salt) }}"
       update_password: on_create
       groups: wheel
       shell: /bin/bash
   
   - name: Setup authorized keys for user admin user
     authorized_key: 
        user: "{{ admin_username }}"
        key: '{{ item }}'
     with_items: "{{ authorized_keys }}"

   - name: Generate ssh key pair
     openssh_keypair:
        path: "/home/{{admin_username}}/.ssh/id_rsa"
        owner: "{{admin_username}}"
        force: no