---
- hosts: all
  become_user: root
  become: yes

  tasks:
  - name: Make sure we have a wheel group
    ansible.builtin.group:
      name: wheel
      state: present

  - name: Allow wheel group to have passwordless sudo
    lineinfile:
      dest: /etc/sudoers
      state: present
      regexp: '^%wheel'
      line: '%wheel ALL=(ALL) NOPASSWD: ALL'
      validate: 'visudo -cf %s'

  - name: Add sudoers users to wheel group
    user:
      name=ansible
      groups=wheel
      append=yes
      state=present
      createhome=yes
  
  - name: Set up authorized keys for the deployer user
    authorized_key: user=ansible key="{{item}}"
    with_file:
      - /home/cmte/.ssh/ansible.pub