---
- import_tasks: root.yml
  tags:
  - users
  - root

- name: Create users
  user:
    name: '{{ item }}'
    state: present
    comment: '{{ userdata[item].name }}'
    shell: "{{ ('shell' in userdata[item])|ternary(userdata[item].shell,'/bin/bash') }}"
    uid: '{{ userdata[item].uid }}'
    password: "{{ ('password' in userdata[item])|ternary(userdata[item].password,omit) }}"
    group: users
    groups: "{{ (users[item] == 'sudo')|ternary([sudo_group],[]) }}"
  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
  tags:
  - users

- name: Create .ssh directories
  file:
    path: '~{{ item }}/.ssh'
    state: directory
    owner: '{{ item }}'
    group: users
    mode: 0700
  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
  when: "'authorized_keys' in userdata[item]"
  tags:
  - users

- name: Create authorized_keys
  template:
    dest: '~{{ item }}/.ssh/authorized_keys'
    src: authorized_keys.j2
    owner: '{{ item }}'
    group: users
    mode: 0600
  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
  when: "'authorized_keys' in userdata[item]"
  tags:
  - users

- name: Include user tasks
  include_tasks:
    file: '{{ user }}.yml'
    apply:
      tags:
      - users
  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
  loop_control:
    loop_var: user
  when: "'tasks' in userdata[user] and userdata[user].tasks"
  tags:
  - users

- name: Remove users
  user:
    name: '{{ item }}'
    state: absent
    remove: yes
  with_items: '{{ userdata|dictsort()|map(attribute=0)|difference(users|dictsort()|selectattr(1)|map(attribute=0))|list }}'
  tags:
  - users

# vim: set ts=2 sw=2 et: