- name: Add user to machine when allowed (otherwise remove)
  user:
    name: '{{ user.name }}'
    state: '{% if inventory_hostname in user.hosts %}present{% else %}absent{% endif %}'
    comment: '{{ user.real_name }}'
    shell: /bin/bash
    group: di-users
    groups: '{{ usergroups }}'
    password: '{{ user.password | default("") }}'
    update_password: always
  no_log: True

- name: Make sure the homedir of a user exists
  file:
    path: '/home/{{ user.name }}'
    owner: '{{ user.name }}'
    group: di-users
    mode: 0700
    state: '{% if inventory_hostname in user.hosts %}directory{% else %}absent{% endif %}'
  no_log: True

- name: Make sure the HOME/.ssh dir exists of a user
  file:
    path: '/home/{{ user.name }}/.ssh'
    owner: '{{ user.name }}'
    group: di-users
    mode: 0700
    state: '{% if inventory_hostname in user.hosts %}directory{% else %}absent{% endif %}'
  no_log: True

- name: Remove explicit user groups
  group: name='{{ user.name }}' state=absent
  no_log: True