---
- name: user | create groups
  group:
    name: "{{ item.group|default(item.name) }}"
    system: '{{ item.system|default(omit) }}'
    gid: '{{ item.gid|default(omit) }}'
    state: '{{ item.state|default("present") }}'
  with_flattened :
    - "{{users_system.group|default([])}}"
    - "{{users_system.user|default([])}}"
  when : ((item.name is defined and item.name != 'root'))

- name: user | create/modify/delete
  user:
    name: '{{ item.name }}'
    group: '{{ item.group|default(item.name) }}'
    groups: "{{ item.groups| default([]) | join(',') or omit }}"
    append: '{{ item.append|default("yes")}}'
    shell: '{{ item.shell|default("/bin/bash") }}'
    uid: '{{ item.uid|default(omit) }}'
    non_unique: '{{ item.non_unique|default(omit) }}'
    state: '{{ item.state|default("present") }}'
    comment: '{{ item.comment|default(omit) }}'
    password: '{{ item.password|default("!") }}'
    update_password: '{{ item.update_password|default("on_create") }}'
    system: '{{ item.system|default(omit) }}'
    home: '{{ item.home|default(omit) }}'
    createhome: '{{ item.createhome|default(omit) }}'
    generate_ssh_key: '{{ item.generate_ssh_key|default(omit) }}'
    ssh_key_file: '{{ item.ssh_key_file|default(omit) }}'
    ssh_key_passphrase: '{{ item.ssh_key_passphrase|default(omit) }}'
    ssh_key_type: '{{ item.ssh_key_ssh_key_type|default("rsa") }}'
    ssh_key_bits: '{{ item.ssh_key_bits|default(omit) }}'
    ssh_key_comment: '{{ item.ssh_key_comment|default(omit) }}'
    expires: '{{ item.expires|default(omit) }}'
    move_home: '{{ item.move_home|default(omit) }}'
    remove : '{{ item.remove|default(omit) }}'
  with_items : "{{users_system.user|default([])}}"
  no_log: "{{no_log|default(true)}}"
  when: ((item.name is defined and item.name != 'root') and (item.state is undefined or (item.state is defined and item.state != 'absent')))

- name: user | ensure home directory mode
  file:
    path: '{{ item.home|default("/home/" + item.name) }}'
    state: directory
    mode: '{{ item.mode }}'
  loop_control:
    label: '{{ item.home|default("/home/" + item.name) }}'
  when:
  - 'item.mode is defined'
  - 'item.state|default("present") != "absent"'
  with_items: "{{users_system.user|default([])}}"

- name: user | handle ssh's authorized keys
  authorized_key:
    user: "{{ item.name }}"
    key: "{{ '\n'.join(item.authorized_keys) | string }}"
    state: present
  with_items : "{{users_system.user}}"
  when: ((item.name is defined and item.name != 'root') and (item.state is undefined or (item.state is defined and item.state != 'absent')) and item.authorized_keys is defined)