# yamllint disable rule:line-length
---
- name: "Group '{{ user.name }}' is present"
  group:
    state: present
    name: "{{ user.name }}"
    gid: "{{ user.uid }}"
  tags:
    - accounts
    - admin

- name: "User '{{ user.name }}' is present"
  user:
    state: present
    name: '{{ user.name }}'
    uid: '{{ user.uid }}'
    password: '{{ user.password_hash_openbsd }}'
    group: "{{ user.name }}"
    groups: wheel
    shell: /bin/ksh
    append: true
  tags:
    - accounts
    - admin

- name: "Home directory for '{{ user.name }}' is only accesible by owner"
  file:
    name: '/home/{{ user.name }}'
    mode: "0700"
    owner: "{{ user.name }}"
    group: "{{ user.name }}"
    state: directory
  tags:
    - accounts
    - admin

- name: "SSH public keys for '{{ user.name }}' are present"
  authorized_key:
    user: "{{ user.name }}"
    key: "{{ ssk_key }}"
    state: present
  with_items: "{{ user.ssh_keys }}"
  loop_control:
    loop_var: ssk_key
  when: user.ssh_keys is defined
  tags:
    - accounts
    - admin

- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
  user:
    name: "{{ user.name }}"
    groups: "{{ groups_item }}"
    append: true
  with_items:
    - "{{ evobsd_internal_group }}"
    - "{{ evobsd_ssh_group }}"
    - "{{ evobsd_sudo_group }}"
  loop_control:
    loop_var: groups_item
  tags:
    - accounts
    - admin