---
# HELP
# If you want NO password, set password: '*'
# If you just want a group with the same users name, and no others, use group: []
# If you don't want a home directory use create_home: no

# Optional
# ssh_authorized: true|false (default true) - Adds users public key to authorized_keys on server
# ssh_keys: true|false (default false) - Adds users public AND private key to server
# create_home: yes|no (default yes) - Creates /home/user directory



- name: Registering {{ user }} home directory variable
  shell: >
    getent passwd {{ user }} | cut -d: -f6
  changed_when: false
  register: user_home

# Create group by same ID as user
- name: Creating group {{ user  }}
  group:
    name: '{{ user }}'
    gid: '{{ id }}'
  when: gid is undefined

# Create group by options gid
- name: Creating group {{ user  }}
  group:
    name: '{{ user }}'
    gid: '{{ gid }}'
  when: gid is defined

- name: Creating user {{ user }}
  user:
    name: '{{ user }}'
    uid: '{{ id }}'
    comment: '{{ user }}'
    group: '{{ user }}'
    groups: '{{ group }}'
    password: '{{ password }}'
    update_password: always
    create_home: '{{ create_home | default("yes")  }}'
    shell: /bin/bash

#- name: Setting user {{ user }} password
  #user:
    #password: '{{ password }}'
  #when: password is defined

- name: Adding users sudoers.d file
  file:
    path: '/etc/sudoers.d/{{ user }}'
    state: touch
    mode: "0640" #-rw-r-----
  when: '"sudo" in group'

- name: Setting user to nopasswd sudo access
  lineinfile:
    path: '/etc/sudoers.d/{{ user }}'
    line: '{{ user }}  ALL=(ALL)  NOPASSWD:ALL'
  when: '"sudo" in group'

# Create users ~/.ssh directory
- name: Creating {{ user }} ~/.ssh directory
  file:
    path: '{{ "~" + user | expanduser }}/.ssh'
    state: directory

# Authorize users SSH keys
# NOTE, when: ssh_authorize|bool == true
# IS working, BUT even if ssh_authorize = false the
# with_file: still errors if 'keys/{{ user }}.key.pub' does NOT exists
# So you have to create at least a blank users/keys/user.key.pub file
- name: Authorizing SSH keys for {{ user }}
  authorized_key:
    user: '{{ user }}'
    key: '{{ item }}'
  with_file:
    - 'keys/{{ user }}.key.pub'
  when: ssh_authorize|default(true)|bool

# Create users public key
- name: Copying {{ user }} SSH public key
  copy:
    src: 'keys/{{ user }}.key.pub'
    #dest: '{{ user_home }}/.ssh/id_rsa.pub'
    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: 0644
  when: ssh_keys|default(false)|bool

# Create users private key
- name: Copying {{ user }} SSH private key
  copy:
    src: '../../../vault/{{ user }}.key'
    #dest: '{{ user_home }}/.ssh/id_rsa'
    dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: 0600
  when: ssh_keys|default(false)|bool