```yaml
---
- name: Define users
  ansible.builtin.set_fact:
    users:
      - name: automation
        shell: /bin/bash
        sudo_nopasswd: true
        ssh_keys:
          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx+ltCKNIEM7F4PzGLv22cIu7N0Fpn5gxwV02xq0GS9 automation@internet-master.cz"

      - name: hellsos
        shell: /bin/bash
        sudo_nopasswd: true
        ssh_keys:
          - "ssh-ed25519 AAAAC3..."

      - name: jim
        shell: /bin/bash
        sudo_nopasswd: true
        ssh_keys:
          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFS4fsqMjMMu/Bi/884bw7yJBqvWusDRESvanH6Owco jakub@jimbuntu"

# --------------------------------------------------
# Create users (NO sudo group here!)
# --------------------------------------------------
- name: Ensure users exist
  ansible.builtin.user:
    name: "{{ item.name }}"
    shell: "{{ item.shell }}"
    create_home: true
  loop: "{{ users }}"

# --------------------------------------------------
# Configure passwordless sudo safely
# --------------------------------------------------
- name: Configure passwordless sudo
  ansible.builtin.copy:
    dest: "/etc/sudoers.d/{{ item.name }}"
    mode: '0440'
    owner: root
    group: root
    content: "{{ item.name }} ALL=(ALL:ALL) NOPASSWD: ALL\n"
    validate: 'visudo -cf %s'
  loop: "{{ users }}"
  when: item.sudo_nopasswd | default(false)

# --------------------------------------------------
# Install SSH keys
# --------------------------------------------------
- name: Install authorized SSH keys
  ansible.builtin.authorized_key:
    user: "{{ item.name }}"
    key: "{{ item.ssh_keys | join('\n') }}"
    exclusive: true
  loop: "{{ users }}"

# --------------------------------------------------
# Reset connection so sudo rules take effect immediately
# --------------------------------------------------
- name: Reset SSH connection (refresh sudo context)
  meta: reset_connection
```