- name: Manager Users Apache playbook
  hosts:
  - all

  tasks:
    - name: Manager Users | Add ROM Groups
      with_dict: "{{ rom_user_groups|default({}) }}"
      when: rom_user_groups is defined
      group:
        name={{ item.key }}
        gid={{ item.value.gid }}
        state=present
      tags: manage_users

    - name: Manager Users | Create ROM Users
      with_dict: "{{ rom_users|default({}) }}"
      when: rom_users is defined
      user:
        name={{ item.key }}
        password={{ item.value.password_hash  }}
        groups={{ item.value.groups }}
        append=yes
      tags: manage_users

    - name: Manager Users | Remove Password Expiration for ROM Users
      shell: chage -m 0 -M 99999 -I -1 -E -1 {{ item.key }}
      with_dict: "{{ rom_users|default({}) }}"
      tags: manage_users

    - name: Manager Users | Add ROM Public Keys
      with_dict: "{{ rom_users|default({}) }}"
      when: rom_users is defined
      authorized_key:
        user={{ item.key }}
        key="{{ item.value.public_key }}"
        state=present
      tags: manage_users

    - name: Manager Users | Add ROM Groups to /etc/sudoers
      with_dict: "{{ rom_sudo_groups|default({}) }}"
      when: rom_sudo_groups is defined
      lineinfile:
        dest=/etc/sudoers
        state=present
        regexp='^%{{ item.key }} ALL\='
        line='%{{ item.key }} ALL=(ALL) {{ item.value.sudo_mode }}'
        validate='visudo -cf %s'
      tags: manage_users

    - name: Manager Users | Remove de-activated ROM users
      when: rom_remove_users is defined
      user:
        name={{ item }}
        state=absent
      with_items:
        -  "{{ rom_remove_users|default({}) }}"
      tags: manage_users

    - name: Manager Users | Add Client Specific Groups
      with_dict: "{{ user_groups|default({}) }}"
      when: user_groups is defined
      group:
        name={{ item.key }}
        gid={{ item.value.gid }}
        state=present
      tags: manage_users

    - name: Manager Users | Create Client Specific Users
      with_dict: "{{ users|default({}) }}"
      when: users is defined
      user:
        name={{ item.key }}
        password={{ item.value.password_hash  }}
        groups={{ item.value.groups }}
        append=yes
      tags: manage_users

    - name: Manager Users | Add Client Specific Public Keys
      with_dict: "{{ users|default({}) }}"
      when: users is defined
      authorized_key:
        user={{ item.key }}
        key="{{ item.value.public_key }}"
        state=present
      tags: manage_users

    - name: Manager Users | Add Client Specific Groups to /etc/sudoers
      with_dict: "{{ sudo_groups|default({}) }}"
      when: sudo_groups is defined
      lineinfile:
        dest=/etc/sudoers
        state=present
        regexp='^%{{ item.key }} ALL\='
        line='%{{ item.key }} ALL=(ALL) {{ item.value.sudo_mode }}'
        validate='visudo -cf %s'
      tags: manage_users

    - name: Manager Users | Remove de-activated client users
      when: remove_users is defined
      user:
        name={{ item }}
        state=absent
      with_items:
        -  "{{ remove_users|default({}) }}"
      tags: manage_users