--- 
- name: Create default users
  user:
    name: "{{ item.name }}"
    shell: "{{ item.shell | default('/bin/false') }}"
    groups: "{{ item.secondary_groups | default('') }}"
    comment: "{{ item.comment | default('') }}"
    home: "{{ item.home }}"
    generate_ssh_key: yes
    ssh_key_type: ed25519
    ssh_key_bits: 256
    ssh_key_file: .ssh/id_ed25519
    create_home: "yes"
    state: "{{ item.state | default('present') }}"
    remove: "yes"
  loop: 
    - "{{ users }}"
  when: item.state is not defined or item.state != "absent"
  tags:
    - create_default

- name: Create users
  user:
    name: "{{ item.name }}"
    shell: "{{ item.shell | default('/bin/false') }}"
    groups: "{{ item.secondary_groups | default('') }}"
    comment: "{{ item.comment | default('') }}"
    home: "{{ item.home }}"
    generate_ssh_key: yes
    ssh_key_type: ed25519
    ssh_key_bits: 256
    ssh_key_file: .ssh/id_ed25519
    create_home: "yes"
    state: "{{ item.state | default('present') }}"
    remove: "yes"
  loop: 
    - "{{ users }}"
  when: item.state is not defined or item.state != "absent"
  tags:
    - create


- name: Add .bashrc
  ansible.builtin.copy:
    src: bashrc
    dest: "{{ item.home }}/.bashrc"
    owner: "{{ item.name }}"
    group: "{{ item.name }}"
    mode: '0640'
  loop: "{{ users }}"
  when: item.state is not defined or item.state != "absent"
  tags:
    - create

- name: Add authorized_keys
  ansible.builtin.template:
    src: authorized_keys.j2
    dest: "{{ item.home }}/.ssh/authorized_keys"
    owner: "{{ item.name }}"
    group: "{{ item.name }}"
    mode: '0640'
  loop: "{{ users }}"
  when: item.authorized_keys is defined and (item.state is not defined or item.state != "absent")
  tags:
    - create

- name: Remove users
  user:
    name: "{{ item.name }}"
    state: "{{ item.state | default('absent') }}"
    remove: "yes"
  loop: "{{ users }}"
  when: item.state is defined and item.state == "absent"
  tags:
    - remove