diff --git a/roles/base_setup/tasks/main.yml b/roles/base_setup/tasks/main.yml
index a9dcb96..305c252 100644
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@@ -144,6 +144,7 @@
     create_home: yes
     state: present
   become: yes
+  tags: [deploy_base, users]
 
 - name: Set password for zailon from vault
   user:
@@ -152,6 +153,18 @@
     update_password: always
   become: yes
   no_log: true
+  tags: [deploy_base, users]
+
+- name: Configure passwordless sudo for zailon
+  copy:
+    content: "zailon ALL=(ALL) NOPASSWD: ALL\n"
+    dest: /etc/sudoers.d/zailon
+    mode: '0440'
+    owner: root
+    group: root
+    validate: 'visudo -cf %s'
+  become: yes
+  tags: [deploy_base, users]
 
 - name: Create .ssh directory for zailon
   file:
@@ -161,14 +174,17 @@
     owner: zailon
     group: zailon
   become: yes
+  tags: [deploy_base, users]
 
 - name: Add authorized keys for zailon
   authorized_key:
     user: zailon
     state: present
     key: "{{ item }}"
+    exclusive: yes
   loop: "{{ ssh_public_keys }}"
   become: yes
+  tags: [deploy_base, users]
 
 - name: Copy bashrc to zailon
   copy:
@@ -179,6 +195,7 @@
     mode: '0644'
     remote_src: yes
   become: yes
+  tags: [deploy_base, users]
 
 # ========== Настройка SSH ==========
 - name: Configure SSH security