---
- name: Test if uid exists
  command: 'getent passwd {{ uid }}'
  register: uidisbusy
  ignore_errors: True
  changed_when: False
  check_mode: no
  tags:
  - app_user

- name: Add Unix account with uid {{ uid }} for {{ username }}
  user:
    uid: '{{ uid }}'
    name: '{{ username }}'
    shell: /bin/bash
    update_password: on_create
    state: present
  when: uidisbusy|failed
  tags:
  - app_user

- name: Add Unix account with random uid for {{ username }}
  user:
    name: '{{ username }}'
    shell: /bin/bash
    update_password: on_create
    state: present
  when: uidisbusy|success
  tags:
  - app_user

- name: the www-data user must be in the {{ username }} group
  user:
    name: www-data
    groups: '{{ username }}'
    append: yes
  tags:
  - app_user

- name: add {{ username }} in the adm group (for logs)
  user:
    name: '{{ username }}'
    groups: adm
    append: yes
  tags:
  - app_user

# Home directory must be accessible to the group (for www-data)
- name: Fix perms on homedirectory for {{ username }}
  file:
    name: '/home/{{ username }}'
    mode: "750"
    state: directory
  tags:
  - app_user

# - name: Add evomaintenance trap for {{ username }}
#   lineinfile:
#     dest: '/home/{{ username }}/.profile'
#     insertafter: EOF
#     line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
#     state: absent
#   tags:
#   - app_user