playbooks/server-setup/roles/user/tasks/create-user.yml

---
# This playbook creates a sudo-enabled user matching the execution user's name.

- name: create new user
  ansible.builtin.user:
    name: "{{ username }}"
    groups:
      - sudo
    append: yes

# Required to prevent user lockout because PAM will be disabled
- name: set impossible password for user
  ansible.builtin.command: "usermod -p '*' {{ username }}"

- name: copy ssh public key from host
  ansible.posix.authorized_key:
    user: "{{ username }}"
    key: "{{ lookup('file', '/home/{{username}}/.ssh/id_rsa.pub') }}"