---
- name: ensure group exists
  become: true
  ansible.builtin.group:
    name: "{{ sealed_secrets_user_group }}"
    state: present
  when:
    - sealed_secrets_user_group is defined

- name: ensure user exists
  become: true
  ansible.builtin.user:
    name: "{{ sealed_secrets_user }}"
    group: "{{ sealed_secrets_user_group }}"
    create_home: false
  when:
    - sealed_secrets_user_group is defined
    - sealed_secrets_user is defined