It fails with “password required”. The question is now, is there a way to edit the sudoers file to have ansible working without giving NOPASSWD Permissions on every command for the remote user?
Using ansible.builtin.command it works
since the module first checks to see if the specified unit exists before attempting to make any required changes. Note also the ' characters, as sudo rules without any wildcards must be exact matches, and the module is single quoting the given unit name. I did use a wildcard for list-unit-files, but that’s because I’m not sure how to easily interpret the following '{unit_search}*', since it’s a manipulation of the original unit name. The single-quotes around the unit name are also used by the module for all of the start/stop/restart/reload actions.
Additionally, I’m not familiar enough with sudo rules to know if it cares about symlink paths. Usually, /bin and /usr/bin are symlinked, and Ansible isn’t using an explicit path to systemctl, so Ansible might be trying to use /usr/bin/systemctl while all of your rules are for /bin/systemctl. This might be an important distinction for the sudo rules.
Unfortunately it seems to just not work. The become does not prepend the sudo to each command but to the whole python command which is used for the subcommand e.g.: