#SPDX-License-Identifier: MIT-0
---
# tasks file for bootstrap
- name: Create groups
  ansible.builtin.group:
    name: "{{ item.value.group_name }}"
    state: present
    system: "{{ item.value.type == 'system' }}"
  loop: "{{ lookup('ansible.builtin.dict', hostvars[inventory_hostname].groups) }}"
- name: Create users
  block:
    - name: Create administrative users
      when: "item.value.admin and item.value.type != 'system'"
      ansible.builtin.user:
        comment: "administrator for {{ fqdn.split('.')[0].lowercase }}"
        create_home: false
        home: "{{ item.value.home | default('/home/' ~ item.value.username) }}"
        generate_ssh_key: true
        ssh_key_comment: "ansible-generated for {{ item.value.username }}@{{ hostvars[inventory_hostname].fqdn.split('.')[0].lowercase() }}"
        ssh_key_type: "ed25519"
        group: "{{ item.value.group | default(item.value.username) }}"
        name: "{{ item.value.username }}"
        uid: "{{ item.value.id }}"
        shell: "{{ item.value.shell }}"
        password: "{{ item.value.password }}"
        state: present
        system: "{{ item.value.type == 'system' }}"
        update_password: always
      loop: "{{ lookup('ansible.builtin.dict', hostvars[inventory_hostname].users) }}"
    - name: Create regular users
      when: "not item.value.admin and item.value.type != 'system'"
      ansible.builtin.user:
        comment: "user of {{ fqdn.split('.')[0].lowercase }}"
        create_home: true
        home: "{{ item.value.home | default('/home/' ~ item.value.username) }}"
        generate_ssh_key: true
        group: "{{ item.value.group | default(item.value.username) }}"
        name: "{{ item.value.username }}"
        uid: "{{ item.value.id }}"
        shell: "{{ item.value.shell }}"
        password: "{{ item.value.password }}"
        state: present
        system: "{{ item.value.type == 'system' }}"
        update_password: always
      loop: "{{ lookup('ansible.builtin.dict', hostvars[inventory_hostname].users) }}"
    - name: Create users for managing data related to services
      when: "not item.value.admin and item.value.type == 'system' and item.value.service is not None"
      ansible.builtin.user:
        comment: "service data user for {{ item.value.services | random }} at {{ hostvars[inventory_hostname].fqdn.split('.')[0].lowercase() }}"
        create_home: false
        home: "{{ item.value.home | default('/home/' ~ item.value.username) }}"
        group: "{{ item.value.group | default(item.value.username) }}"
        name: "{{ item.value.username }}"
        uid: "{{ item.value.id }}"
        shell: "{{ item.value.shell }}"
        state: present
        system: "{{ item.value.type == 'system' }}"
      loop: "{{ lookup('ansible.builtin.dict', hostvars[inventory_hostname].users) }}"
- name: Adjust users' groups
  when: item.value.groups is not None and len(item.value.groups) > 0
  ansible.builtin.user:
    name: "{{ item.value.username }}"
    append: true
    groups: "{{ item.value.groups }}"
  loop: "{{ lookup('ansible.builtin.dict', hostvars[inventory_hostname].users) }}"