---
# User management tasks

- name: Create user groups
  ansible.builtin.group:
    name: "{{ item.name }}"
    state: present
  loop: "{{ common_users }}"
  when: item.create_group | default(true)

- name: Create users
  ansible.builtin.user:
    name: "{{ item.name }}"
    groups: "{{ item.groups | default([]) }}"
    shell: "{{ item.shell | default('/bin/bash') }}"
    create_home: true
    state: present
  loop: "{{ common_users }}"

- name: Set authorized keys for users
  ansible.posix.authorized_key:
    user: "{{ item.0.name }}"
    key: "{{ item.1 }}"
    state: present
  loop: "{{ common_users | subelements('ssh_keys', skip_missing=True) }}"

- name: Configure passwordless sudo for users
  ansible.builtin.lineinfile:
    path: "/etc/sudoers.d/{{ item.name }}"
    line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL"
    create: true
    mode: '0440'
    validate: 'visudo -cf %s'
  loop: "{{ common_users }}"
  when: item.passwordless_sudo | default(false)