---
- name: Create group ansible
  become: true
  ansible.builtin.group:
    name: 'ansible'
    state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"

- name: Create user ansible
  become: true
  ansible.builtin.user:
    name: 'ansible'
    comment: 'User for ansible to login and perform tasks'
    shell: '/bin/bash'
    group: 'ansible'
    state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"
    system: true
    password: "{{ l3d_users__ansible_user_password }}"
    create_home: true

- name: Set dedicated SSH keys for User ansible and drop all other keys
  become: true
  ansible.posix.authorized_key:
    user: 'ansible'
    state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"
    key: "{{ l3d_users__ansible_ssh_keys }}"
    exclusive: true
  when: l3d_users__set_ansible_ssh_keys | bool

- name: Add admin keys to user ansible
  become: true
  ansible.posix.authorized_key:
    user: 'ansible'
    state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"
    key: "{{ user.pubkeys | default() }}"
    exclusive: false
  loop: "{{ _l3d_users__merged_users }}"
  when: user.admin | default(false) | bool and user.admin_ansible_login | default(true) | bool
  loop_control:
    label: "user={{ user.name }}"
    loop_var: user