---
# tasks file for users

- name: Assertions
  assert:
    that:
        - ansible_os_family in [ 'OpenBSD', 'Debian' ]
        - users is iterable
        - users_lock_root_ssh in [ True, False ]
        - users_use_sudo in [ True, False ]
        - users_prune in [ True, False ]
        # OpenBSD 5.7 was the last version that came with sudo installed.

- include: sudo.yml
  when: users_use_sudo

- name: Create groups
  with_items: '{{ users_unique_groups }}'
  group:
      name: '{{ item }}'
      state: present

- name: Create users
  with_items: '{{ users }}'
  user:
      append: yes
      name: '{{ item.name }}'
      createhome: yes
      shell: '{{ item.shell|default("/bin/ksh" if ansible_os_family == "OpenBSD" else "/bin/bash") }}'
      groups: '{{ item.groups|join(",") if item.groups is defined else omit }}'
      state: present
      uid: '{{ item.uid|default(omit) }}'
      password: '{{ item.password|default(omit) }}'
      comment: '{{ item.comment|default(omit) }}'

- name: Add public keys
  with_items: '{{ users }}'
  when: item.pubkeys is defined
  authorized_key:
      key: '{{  item.pubkeys|join ("\n") }}'
      user: '{{ item.name }}'
      state: present

- name: Add email aliases
  with_items: '{{ users }}'
  when: item.email is defined
  lineinfile:
      dest: '{{ aliases_file[ansible_os_family] }}'
      create: yes
      line: '{{ item.name }}: {{ item.email }}'
      regexp: '^{{ item.name }}:'
  notify:
      - Update SMTPd database

- include: lock_root_ssh.yml
  when: users_lock_root_ssh

- include: prune.yml
  when: users_prune