---
# file: roles/base/tasks/core_users.yml

- name: "{{ user.username }} user setup"
  user:
    name: "{{ user.username }}"
    password_lock: "{{ user.disable_password | default(false) }}"

- name: "{{ user.username }} group setup"
  user:
    name: "{{ user.username }}"
    groups: "{{ user.groups | join(',') }}"
    append: "{{ user.groups_append | default('true') }}"
  when: user.groups is defined

- name: "Configure {{ user.username }} password"
  user:
    name: "{{ user.username }}"
    password: "{{ user.password | default('*') }}"
  when: user.password is defined

- name: "Setup {{ user.username }} authorized keys"
  authorized_key:
    user: "{{ user.username }}"
    state: present
    key: "{{ user.ssh_keys | join('\n') }}"
    exclusive: "{{ user.ssh_keys_force | default('false') }}"
  tags:
  - authorized_key
  when: ( user.ssh_keys is defined ) and ( user.ssh_keys is not url )

- name: "Setup {{ user.username }} authorized keys from url"
  authorized_key:
    user: "{{ user.username }}"
    state: present
    key: "{{ user.ssh_keys }}"
    exclusive: "{{ user.ssh_keys_force | default('false') }}"
  tags:
  - authorized_key
  when: ( user.ssh_keys is defined ) and ( user.ssh_keys is url )