--- - name: ensure group exists become: true ansible.builtin.group: name: "{{ rasdaemon_user_group }}" state: present when: - rasdaemon_user_group is defined - name: ensure user exists become: true ansible.builtin.user: name: "{{ rasdaemon_user }}" group: "{{ rasdaemon_user_group }}" shell: /usr/sbin/nologin when: - rasdaemon_user_group is defined - rasdaemon_user is defined - name: add user to sudoers become: true ansible.builtin.blockinfile: path: /etc/sudoers state: present block: | {{ rasdaemon_user }} ALL=(ALL) NOPASSWD:ALL validate: '/usr/sbin/visudo -cf %s' backup: yes marker_begin: rasdaemon-sudoers marker_end: rasdaemon-sudoers when: - rasdaemon_user_group is defined - rasdaemon_user is defined