---
- name: Set new users
  hosts: main_server
  become: yes
  tasks:

    - name: Create group
      ansible.builtin.group:
        name: "{{ item.name }}"
        state: present

      loop:
        - { name: backup }
        - { name: docker }

    - name: Create new user
      user:
        name: "{{ new_user }}"
        create_home: yes
        shell: /bin/bash
        password: "{{ user_password| password_hash('sha512') }}"

    - name: Add user to groups
      user:
        name: "{{ new_user }}"
        groups:
          - sudo
          - docker
        append: yes

    - name: Configure sudo to allow passwordless access for  user
      become_user: root
      lineinfile:
        path: /etc/sudoers.d/ansible_nopasswd
        create: yes
        line: "{{ new_user }} ALL=(ALL) NOPASSWD: ALL"
        validate: "/usr/sbin/visudo -cf %s"
        mode: "0440"
        state: present