playbook-users.yml

---
- hosts: all
  become: true
  become_user: root
  become_method: sudo
  vars:
    users:
     - login: "user1"
       shell: "/bin/bash"
       ssh_key: "ssh-rsa AAAAB3NzaC1yc....snip...oij2==  user1@example.org"
     - login: "user2"
       shell: "/bin/bash"
       ssh_key: "ssh-rsa AAAAB3NzaC1yc....snip...adv0==  user2@example.org"

  tasks:
    - name: add groups named as login
      group: name={{ item.login }} state=present
      with_items: "{{ users }}"

    - name: add group wheel if absent
      group: name=wheel state=present

    - name: add users named as login
      user: name={{ item.login }} group={{ item.login }} shell={{ item.shell }} createhome=yes state=present
      with_items: "{{ users }}"

    - name: add ssh-keys to user
      authorized_key: user={{ item.login }} key={{ item.ssh_key }}
      with_items: "{{ users }}"

    - name: let wheel group to have passwordless sudo
      lineinfile: "dest=/etc/sudoers state=present regexp='^%wheel' line='%wheel ALL=(ALL) NOPASSWD: ALL'"

    - name: add sudoers users to group wheel
      user: name={{ item.login }} groups=wheel append=yes
      with_items: "{{ users }}"

    - name: edit sudoers for requiretty
      lineinfile: dest=/etc/sudoers
                  regexp="^Defaults(\s+)(.*)requiretty(.*)"
                  line="#Defaults\1\2requiretty\3"
                  backrefs=yes