puppet-prod/site/profiles/manifests/accounts/sysadmin.pp

# create the sysadmin user
class profiles::accounts::sysadmin(
  String $password,
  Array[String] $sshkeys = [],
  Array[String] $extra_groups = [],
){

  $default_groups = [
    'adm',
    'admins',
    'systemd-journal'
  ]

  $groups = $extra_groups + $default_groups

  profiles::base::account {'sysadmin':
    username   => 'sysadmin',
    groups     => $groups,
    sshkeys    => $sshkeys,
    sudo_rules => ['sysadmin ALL=(ALL) NOPASSWD:ALL'],
    password   => $password,
    require    => Group['admins'],
  }
}