lmn-client/roles/lmn_security/tasks/main.yml

---
- name: Deploy SSH keys
  ansible.posix.authorized_key:
    user: ansible
    key: "{{ item }}"
  loop: "{{ keys2deploy }}"

- name: Allow sudo access without password
  ansible.builtin.lineinfile:
    path: /etc/sudoers.d/95-lmn-ansible
    line: 'ansible ALL=(root) NOPASSWD: ALL'
    create: True
    owner: root
    group: root
    mode: '0700'

- name: Disable ansible user login
  ansible.builtin.user:
    name: ansible
    password_lock: True