---

- include_vars: vars/os-creds-admins.yml

- name: Set host facts group for use sudo
  set_fact: os_group_for_sudo="sudo"
  when: ansible_os_family == "Debian"

- name: Set host facts group for use sudo
  set_fact: os_group_for_sudo="wheel"
  when: ansible_os_family == "RedHat"

- name: Change default for add user create params perm 755 to 700 (Debian)
  block:
    - name: Edit options in /etc/adduser.conf
      lineinfile:
        path: /etc/adduser.conf
        line: "{{ item }}"
      loop:
        - DIR_MODE=0700
        - SYS_DIR_MODE=0700
      when: ansible_os_family == "Debian"
    - name: Edit options in /etc/login.defs
      lineinfile:
        path: /etc/login.defs
        line: "{{ item }}"
      loop:
        - HOME_MODE 0700
  when: ansible_os_family == "Debian"

- name: Add admins users
  user:
    name: "{{ item.username }}"
    shell: /bin/bash
    groups: "{{ os_group_for_sudo }}"
    password: "{{ item.password }}"
    comment: "{{ item.comment }}"
    append: yes
  loop: "{{ os_creds_sysadmins }}"
  no_log: true

- name: Add SSH keys for admins users
  authorized_key:
    user:  "{{ item.username }}"
    state: present
    key: "{{ item.ssh_key }}"
  loop: "{{ os_creds_sysadmins }}"
  no_log: true

- name: Add admins users to /etc/sudoers.d/
  copy:
    dest: "/etc/sudoers.d/{{ item.username }}"
    content: |
      {{ item.username }} ALL=(ALL) NOPASSWD:ALL

    owner: root
    group: root
    mode: '0444'
  loop: "{{ os_creds_sysadmins }}"
  no_log: true