From a0139688c62d707e7246330cefb5c6855b19ef51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Dubois?= <jdubois@evolix.fr>
Date: Tue, 20 Jun 2023 11:03:55 +0200
Subject: [PATCH] accounts: create only users who have a certain value for the
 `create` key (default: `always`)

---
 CHANGELOG                        | 1 +
 roles/accounts/defaults/main.yml | 3 +++
 roles/accounts/tasks/main.yml    | 4 +++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index e8335de..1159d5a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * post-install: add the pf_states check by default in generateldif.sh script
 * nagios-nrpe: allow older cipher suites for older Icinga version
 * evobackup: execute canary script before executing backup script
+* accounts: create only users who have a certain value for the `create` key (default: `always`)
 
 ### Changed
 
diff --git a/roles/accounts/defaults/main.yml b/roles/accounts/defaults/main.yml
index c3306fa..48fec80 100644
--- a/roles/accounts/defaults/main.yml
+++ b/roles/accounts/defaults/main.yml
@@ -1,2 +1,5 @@
 ---
 evobsd_root_login: "no"
+
+# Defines which groups of users are created
+evobsd_users_create: "always"
diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml
index de2b030..4ad4dc8 100644
--- a/roles/accounts/tasks/main.yml
+++ b/roles/accounts/tasks/main.yml
@@ -17,7 +17,9 @@
   vars:
     user: "{{ item.value }}"
   with_dict: "{{ evolix_users }}"
-  when: evolix_users != {}
+  when: 
+    - user.create == evobsd_users_create
+    - evolix_users != {}
   tags:
     - accounts
     - admin