---

- name: "Create user group(s)"
  group:
    name: "{{ item }}"
  loop: "{{ user_groups }}"
  when: user_groups

- name: "Create user"
  user:
    name: "{{ user_name }}"
    groups: "{{ (user_groups | join(',')) }}"
    generate_ssh_key: "{{ user_generate_ssh_key }}"
    shell: "{{ user_shell }}"

- name: "Set authorized_key to allow SSH key based logins"
  authorized_key:
    user: "{{ user_name }}"
    key: "{{ lookup('file', user_local_ssh_key_path) }}"
  when: user_local_ssh_key_path | default(False)

- name: "Enable including files from sudoers.d/"
  lineinfile:
    path: "/etc/sudoers"
    regexp: "^#includedir /etc/sudoers.d"
    line: "#includedir /etc/sudoers.d"
    state: "present"
    backup: True
  when: user_enable_passwordless_sudo

- name: Disable sudoers.d
  lineinfile:
    path: "/etc/sudoers"
    regexp: "^#includedir /etc/sudoers.d"
    line: "#includedir /etc/sudoers.d"
    state: "absent"
    backup: True
  when: user_enable_passwordless_sudo == False

- name: "Enable passwordless sudo"
  copy:
    content: "%{{ user_name }} ALL=(ALL) NOPASSWD:ALL"
    dest: "/etc/sudoers.d/{{ user_name }}"
    owner: "root"
    group: "root"
    mode: "0440"
  when: user_enable_passwordless_sudo