commited current state (new functions, may not work by now)

roles/system/tasks/special-admin-create.yaml

@@ -0,0 +1,52 @@
+---
+  - name: User "{{ admin_user }}" anlegen
+    ansible.builtin.user:
+      name: "{{ admin_user }}"
+      shell: /bin/bash
+      state: present
+    register: admin_user_result
+
+  - name: .ssh‑Verzeichnis anlegen
+    ansible.builtin.file:
+      path: "/home/{{ admin_user }}/.ssh"
+      state: directory
+      owner: "{{ admin_user }}"
+      group: "{{ admin_user }}"
+      mode: "0700"
+    when: admin_user_result.changed
+
+  - name: Public‑Keys von URL holen
+    ansible.builtin.uri:
+      url: "{{ admin_ssh_pub_key_url }}"
+      return_content: yes
+    delegate_to: localhost
+    register: fetched_keys
+
+  - name: Liste der einzelnen Keys erstellen
+    ansible.builtin.set_fact:
+      key_list: "{{ fetched_keys.content.splitlines() }}"
+
+  - name: authorized_keys anlegen (falls nicht vorhanden)
+    ansible.builtin.file:
+      path: "/home/{{ admin_user }}/.ssh/authorized_keys"
+      state: touch
+      owner: "{{ admin_user }}"
+      group: "{{ admin_user }}"
+      mode: "0600"
+
+  - name: Jeden Key einzeln mit authorized_key hinzufügen
+    ansible.builtin.authorized_key:
+      user: "{{ admin_user }}"
+      key: "{{ item | trim }}"
+      state: present
+    loop: "{{ key_list }}"
+    when: item | trim != ""
+
+  - name: Passwordless‑sudo für alle Befehle konfigurieren
+    ansible.builtin.copy:
+      dest: "/etc/sudoers.d/{{ admin_user }}"
+      content: |
+        {{ admin_user }} ALL=(ALL) NOPASSWD: ALL
+      owner: root
+      group: root
+      mode: "0440"