main.yml

---
- name: Make sure groups exist
  group:
    name: "{{ item.groups }}"
    state: present
  with_items: "{{ human_users }}"
  when: ( item.groups is defined )
  become: true

- name: Make sure extra groups exist
  group:
    name: "{{ item.extra_groups }}"
    state: present
  with_items: "{{ human_users }}"
  when: ( item.extra_groups is defined )
  become: true

- name: Create user accounts
  user:
    name: "{{ item.name }}"
    shell: "{{ item.shell | default('/bin/sh') }}"
    password_lock: true
  with_items: "{{ human_users }}"
  become: true

- name: Add user to groups
  user:
    name: "{{ item.name }}"
    groups: "{{ item.groups }}"
    append: false
  with_items: "{{ human_users }}"
  when: ( item.groups is defined )
  become: true

- name: Add user to additional groups
  user:
    name: "{{ item.name }}"
    groups: "{{ item.extra_groups }}"
    append: true
  with_items: "{{ human_users }}"
  when: ( item.extra_groups is defined )
  become: true

- name: Delete absent user accounts
  user:
    name: "{{ item }}"
    state: absent
    force: true
    remove: true
  with_items: "{{ absent_users }}"
  become: true

- name: Authorize personal SSH keys from file
  authorized_key:
    user: "{{ item.name }}"
    key: "{{ lookup('file', item.ssh_key_file, errors='warn') }}"
    state: present
  with_items: "{{ human_users }}"
  when: ( item.ssh_key_file is defined )
  become: true

- name: Add authorized_key for created users from git
  authorized_key:
    user: "{{ item.name }}"
    key: "{{ item.ssh_key_url }}"
  with_items: "{{ human_users }}"
  when: ( item.ssh_key_url is defined )
  become: true