---

- include_vars: vars/os-creds-admins.yml

- name: Set host facts group for use sudo
  set_fact: os_group_for_sudo="sudo"
  when: ansible_os_family == "Debian"

- name: Set host facts group for use sudo
  set_fact: os_group_for_sudo="wheel"
  when: ansible_os_family == "RedHat"

- name: Add admins users
  user:
    name: "{{ item.username }}"
    shell: /bin/bash
    groups: "{{ os_group_for_sudo }}"
    password: "{{ item.password }}"
    comment: "{{ item.comment }}"
    append: yes
  loop: "{{ os_creds_sysadmins }}"
  no_log: true

- name: Change perm for home dir 0700
  file:
    path: /home/{{ item.username }}
    state: directory
    mode: '0700'
  loop: "{{ os_creds_sysadmins }}"
  no_log: true

- name: Add SSH keys for admins users
  authorized_key:
    user:  "{{ item.username }}"
    state: present
    key: "{{ item.ssh_key }}"
  loop: "{{ os_creds_sysadmins }}"
  no_log: true

- name: Add admins users to /etc/sudoers.d/
  copy:
    dest: "/etc/sudoers.d/{{ item.username }}"
    content: |
      {{ item.username }} ALL=(ALL) NOPASSWD:ALL

    owner: root
    group: root
    mode: '0444'
  loop: "{{ os_creds_sysadmins }}"
  no_log: true