---
- name: Create or remove groups
  ansible.builtin.group:
    name: "{{ item.name }}"
    gid: "{{ item.gid | default(omit) }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ accounts_groups | default([]) }}"
  loop_control:
    label: "{{ item.name }}"

- name: Ensure users (create or remove)
  ansible.builtin.user:
    name: "{{ item.name }}"
    uid: "{{ item.uid | default(omit) }}"
    group: "{{ item.group | default(omit) }}"
    groups: "{{ item.groups | join(',') if (item.groups is defined and item.groups | length > 0) else omit }}"
    append: yes
    home: "{{ item.home | default(omit) }}"
    shell: "{{ item.shell | default(omit) }}"
    create_home: "{{ item.create_home | default(false) }}"
    system: "{{ item.system | default(false) }}"
    remove: "{{ item.remove_home | default(false) }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ accounts_users | default([]) }}"
  loop_control:
    label: "{{ item.name }}"

# - name: Create missing users declared as group members (optional)
#   ansible.builtin.user:
#     name: "{{ item.1 }}"
#     state: present
#   when: create_missing_users | default(false) and item.0.state | default('present') == 'present'
#   with_subelements:
#     - "{{ accounts_groups | default([]) }}"
#     - members
#   loop_control:
#     label: "{{ item.0.name }}:{{ item.1 }}"

# - name: Ensure declared group members exist in their groups (only for present groups)
#   ansible.builtin.user:
#     name: "{{ item.1 }}"
#     groups: "{{ item.0.name }}"
#     append: yes
#     state: present
#   when: item.0.state | default('present') == 'present'
#   with_subelements:
#     - "{{ accounts_groups | default([]) }}"
#     - members
#   loop_control:
#     label: "{{ item.0.name }}:{{ item.1 }}"