---

- name: user groups
  group:
    name: "{{ item }}"
    gid: "{{ user_groups[item].gid }}"
    state: present
  with_items: "{{ user_groups.keys() }}"
  when: user_groups is defined

- name: users primary group
  group:
    name: "{{ item }}"
    gid: "{{ users[item].gid }}"
    state: present
  with_items: "{{ users.keys() }}"
  when: users[item].gid is defined

- name: user accounts
  user:
    name: "{{ item }}"
    group: "{{ item }}"
    groups: "{{ users[item].groups | join(',') }}"
    uid: "{{ users[item].uid }}"
    home: "{{ users[item].home | default('/home/'+item) }}"
    shell: "{{ users[item].shell | default('/bin/bash') }}"
    generate_ssh_key: yes
    ssh_key_type: ed25519
    state: present
  with_items: "{{ users.keys() }}"

- name: user passwords
  user:
    name: "{{ item }}"
    password: "{{ users[item].password }}"
  with_items: "{{ users.keys() }}"
  when: users[item].password is defined

- name: home directory
  file:
    path: "{{ users[item].home | default('/home/'+item) }}"
    owner: "{{ item }}"
    group: "{{ item }}"
    mode: "{{ users[item].homedir_mode | default(700) }}"
    state: directory
  with_items: "{{ users.keys() }}"

- name: ssh directory
  file:
    path: "{{ users[item].home | default('/home/'+item) }}/.ssh"
    owner: "{{ item }}"
    group: "{{ item }}"
    mode: "700"
    state: directory
  with_items: "{{ users.keys() }}"

- name: ssh authorized keys
  copy:
    content: "{{ users[item].authorized_keys }}"
    dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys"
    owner: "{{ item }}"
    group: "{{ item }}"
  with_items: "{{ users.keys() }}"
  when: users[item].authorized_keys is defined