---
- name: ensure group exists
  become: true
  ansible.builtin.group:
    name: "{{ munin_user_group }}"
    state: present

- name: ensure user exists
  become: true
  ansible.builtin.user:
    name: munin
    group: "{{ munin_user_group }}"
    shell: /usr/sbin/nologin
    create_home: false

- name: add user to sudoers
  become: true
  ansible.builtin.blockinfile:
    path: /etc/sudoers
    state: present
    block: |
      munin ALL=(ALL) NOPASSWD:ALL
    validate: '/usr/sbin/visudo -cf %s'
    backup: true
    marker_begin: munin-sudoers BEGIN
    marker_end: munin-sudoers END