diff --git a/ansible/roles/ensure_stack_user/tasks/main.yml b/ansible/roles/ensure_stack_user/tasks/main.yml
index a02f380..d476f18 100644
--- a/ansible/roles/ensure_stack_user/tasks/main.yml
+++ b/ansible/roles/ensure_stack_user/tasks/main.yml
@@ -3,34 +3,27 @@
 - name: create stack user as root
   become: yes
   tags: users
+  vars:
+    devstack_user: stack
   block:
-    - name: stack group
-      group:
-        name: stack
-        state: present
-
-    - name: stack user
-      user:
-        name: stack
+    - name: Create user
+      become: true
+      ansible.builtin.user:
+        name: "{{ devstack_user }}"
         password: "{{ stack_user_password | password_hash('sha512','A512') }}"
-        shell: /bin/bash
-        group: stack
+        home: /opt/stack
+        create_home: true
         state: present
+        shell: /bin/bash
 
-    - name: grant stack user passwordless sudo privileges
-      copy:
-        dest: /etc/sudoers.d/50_stack_user
-        content: |
-          stack ALL=(ALL) NOPASSWD:ALL
-
-- name: create /opt/stack
-  become: yes
-  ansible.builtin.file:
-    path: '/opt/stack'
-    state: directory
-    mode: '0777'
-    owner: stack
-    group: stack
+    - name: Add user to sudoers with NOPASSWD
+      become: true
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers.d/50_stack_user
+        create: true
+        mode: "0440"
+        line: "{{ devstack_user }} ALL=(ALL) NOPASSWD:ALL"
+        validate: "visudo -cf %s"
 
 - name: generate stack user ssh key "{{ssh_key_filename}}"
   delegate_to: 127.0.0.1
@@ -43,6 +36,19 @@
     mode: '0600'
     force: no
 
+- name: "Read {{ ssh_key_filename }} pub key"
+  tags: ssh
+  delegate_to: 127.0.0.1
+  ansible.builtin.slurp:
+    src: "~/.ssh/{{ssh_key_filename}}.pub"
+  register: _ssh_key_filename_content
+
+- name: Read authorized_keys
+  tags: ssh
+  ansible.builtin.slurp:
+    src: .ssh/authorized_keys
+  register: _user_authorized_keys
+
 - name: setup stack user ssh keys
   become_user: stack
   become: yes
@@ -61,11 +67,12 @@
       copy:
         src: "~/.ssh/{{ssh_key_filename}}.pub"
         dest: "~/.ssh/id_ed25519.pub"
+
     - name: Set authorized key
       ansible.posix.authorized_key:
         user: stack
         state: present
-        key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/' + ssh_key_filename + '.pub') }}"
+        key: "{{ _user_authorized_keys.content | b64decode + _ssh_key_filename_content.content | b64decode }}"
 
 - name: setup root user ssh keys
   become: yes
@@ -88,7 +95,7 @@
       ansible.posix.authorized_key:
         user: root
         state: present
-        key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/' + ssh_key_filename + '.pub') }}"
+        key: "{{ _user_authorized_keys.content | b64decode + _ssh_key_filename_content.content | b64decode }}"
 
 - name: setup ansible user ssh keys
   tags: ssh
@@ -110,8 +117,7 @@
       ansible.posix.authorized_key:
         user: "{{ ansible_user }}"
         state: present
-        key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/' + ssh_key_filename + '.pub') }}"
-
+        key: "{{ _user_authorized_keys.content | b64decode + _ssh_key_filename_content.content | b64decode }}"
 
 - name: update ansible_user
   tags: always