Mark,
If you did not deploy your ssh public key to the box (in /home/vagrant/ssh/authorized_keys
), it's quite a normal behavior to get asked for a password. Using 'vagrant' with standard boxes should work.
If you push your key first, it would be easier to get things done after. You can find a Vagrant oriented example here
It seems you set ansible_ssh_user
properly, but make sure you also invoke your playbook with --ask-pass --sudo
.
As a side note, the line:
when: "{{ item.custom }} == True"
could be rewritten as:
when: item.custom