diff --git a/hosts b/hosts
new file mode 100644
index 0000000..c711390
--- /dev/null
+++ b/hosts
@@ -0,0 +1,5 @@
+[testing]
+test.band-on.com
+
+[production]
+band-on.com
\ No newline at end of file
diff --git a/playbook.yml b/playbook.yml
new file mode 100644
index 0000000..f92076c
--- /dev/null
+++ b/playbook.yml
@@ -0,0 +1,15 @@
+---
+- hosts: production
+  become: true
+#  vars_files:
+#    - vars/production/users.yml
+  roles: 
+    - users
+- hosts: testing
+  become: true
+#  vars_files: 
+#    - vars/testing/users.yml
+  roles: 
+    - users
+
+
diff --git a/roles/users/files/sudo_group_admins b/roles/users/files/sudo_group_admins
new file mode 100644
index 0000000..81387f2
--- /dev/null
+++ b/roles/users/files/sudo_group_admins
@@ -0,0 +1 @@
+%admins ALL=(ALL) NOPASSWD: ALL    
diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml
new file mode 100644
index 0000000..5613d29
--- /dev/null
+++ b/roles/users/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Ensure group "admins" exists
+# include_tasks: create_groups.yml
+  ansible.builtin.group:
+    name: admins
+    state: present
+    tags: groups
+
+- name: Grant sudo without PW to admins group
+  ansible.builtin.file:
+    src: roles/users/files/sudo_group_admins
+    path: /etc/sudoers.d/admins
+    owner: root
+    group: root
+    mode: '0440'
+
+- name: Ensure user "rulrich" exists
+  ansible.builtin.user:
+    name: rulrich
+    shell: /bin/bash
+    groups: admins
+    append: yes
+    ssh_public_key: "'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEecPevXnWu9Rs7QhDFAdeKl/E6cBPwUno+nEd4qoUAK rulrich@rabbit'\n"