---
- include_tasks: creategroups.yml
  loop: "{{ github_users }}"
  loop_control:
    loop_var: user_data

- name: Ensure user accounts are present
  become: true
  user:
    name: "{{ item.user | default(item) }}"
    shell: /bin/bash
    createhome: true
    groups: "{{ item.groups | default(item) }}"
    append: yes
    home: /home/{{ item.user | default(item) }}
    state: present
    password: "{{ created_users_pass }}"
    update_password: "on_create"
  with_items: "{{ github_users }}"

- name: Ensure authorized_keys for GitHub user accounts are present
  become: true
  authorized_key:
    user: "{{ item.user | default(item) }}"
    key: "{{ github_url }}/{{ item.account | default('') }}.keys"
    manage_dir: true
    state: present
    exclusive: False
  with_items: "{{ github_users }}"
  ignore_errors: true
  register: task_result
  failed_when: "'blah' in task_result"

- name: Set passwordless sudo
  become: true
  lineinfile:
    dest: /etc/sudoers
    line: "{{ item.user | default(item) }} ALL=(ALL) NOPASSWD:ALL"
    state: present
    validate: "visudo -cf %s"
  with_items: "{{ github_users }}"
  when: item.user is defined and item.passwordless_sudo is true