ansible-role-accounts/tasks/main.yml

---
- name: Create or remove groups
  ansible.builtin.group:
    name: "{{ item.name }}"
    gid: "{{ item.gid | default(omit) }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ accounts_groups | default([]) }}"
  loop_control:
    label: "{{ item.name }}"

- name: Ensure users (create or remove)
  ansible.builtin.user:
    name: "{{ item.name }}"
    uid: "{{ item.uid | default(omit) }}"
    group: "{{ item.group | default(omit) }}"
    groups: "{{ item.groups | join(',') if (item.groups is defined and item.groups | length > 0) else omit }}"
    append: yes
    home: "{{ item.home | default(omit) }}"
    shell: "{{ item.shell | default(omit) }}"
    create_home: "{{ item.create_home | default(false) }}"
    system: "{{ item.system | default(false) }}"
    remove: "{{ item.remove_home | default(false) }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ accounts_users | default([]) }}"
  loop_control:
    label: "{{ item.name }}"

# - name: Create missing users declared as group members (optional)
#   ansible.builtin.user:
#     name: "{{ item.1 }}"
#     state: present
#   when: create_missing_users | default(false) and item.0.state | default('present') == 'present'
#   with_subelements:
#     - "{{ accounts_groups | default([]) }}"
#     - members
#   loop_control:
#     label: "{{ item.0.name }}:{{ item.1 }}"

# - name: Ensure declared group members exist in their groups (only for present groups)
#   ansible.builtin.user:
#     name: "{{ item.1 }}"
#     groups: "{{ item.0.name }}"
#     append: yes
#     state: present
#   when: item.0.state | default('present') == 'present'
#   with_subelements:
#     - "{{ accounts_groups | default([]) }}"
#     - members
#   loop_control:
#     label: "{{ item.0.name }}:{{ item.1 }}"
init 2026-01-23 10:30:47 +01:00			`---`
			`- name: Create or remove groups`
			`ansible.builtin.group:`
			`name: "{{ item.name }}"`
			`gid: "{{ item.gid \| default(omit) }}"`
			`state: "{{ item.state \| default('present') }}"`
			`loop: "{{ accounts_groups \| default([]) }}"`
			`loop_control:`
			`label: "{{ item.name }}"`

			`- name: Ensure users (create or remove)`
			`ansible.builtin.user:`
			`name: "{{ item.name }}"`
			`uid: "{{ item.uid \| default(omit) }}"`
			`group: "{{ item.group \| default(omit) }}"`
			`groups: "{{ item.groups \| join(',') if (item.groups is defined and item.groups \| length > 0) else omit }}"`
			`append: yes`
			`home: "{{ item.home \| default(omit) }}"`
			`shell: "{{ item.shell \| default(omit) }}"`
			`create_home: "{{ item.create_home \| default(false) }}"`
			`system: "{{ item.system \| default(false) }}"`
			`remove: "{{ item.remove_home \| default(false) }}"`
			`state: "{{ item.state \| default('present') }}"`
			`loop: "{{ accounts_users \| default([]) }}"`
			`loop_control:`
			`label: "{{ item.name }}"`

cleanuo 2026-01-26 20:09:35 +01:00			`# - name: Create missing users declared as group members (optional)`
			`# ansible.builtin.user:`
			`# name: "{{ item.1 }}"`
			`# state: present`
			`# when: create_missing_users \| default(false) and item.0.state \| default('present') == 'present'`
			`# with_subelements:`
			`# - "{{ accounts_groups \| default([]) }}"`
			`# - members`
			`# loop_control:`
			`# label: "{{ item.0.name }}:{{ item.1 }}"`
init 2026-01-23 10:30:47 +01:00
cleanuo 2026-01-26 20:09:35 +01:00			`# - name: Ensure declared group members exist in their groups (only for present groups)`
			`# ansible.builtin.user:`
			`# name: "{{ item.1 }}"`
			`# groups: "{{ item.0.name }}"`
			`# append: yes`
			`# state: present`
			`# when: item.0.state \| default('present') == 'present'`
			`# with_subelements:`
			`# - "{{ accounts_groups \| default([]) }}"`
			`# - members`
			`# loop_control:`
			`# label: "{{ item.0.name }}:{{ item.1 }}"`