- include_vars: users.yml

# di, for services and daemons
- name: Add the 'di' group
  group: name=di

- name: Add the 'di-2fa' group
  group: name=di-2fa
  when: "'2fa' in group_names"

- file: path=/var/cache/di state=directory mode=0755 owner=root group=root

- file: path='{{ ssh_keydir }}' state=directory mode=0770 owner=root group=di

- name: Install the di-gogs sshkeys script
  copy: src="../files/di-gogs-sshkeys.py" dest=/var/cache/di/di-gogs-sshkeys.py mode=0755 owner=root group=root

- name: Install the di-gogs-sshkeys configuration
  template: src=di-gogs-sshkeys.conf.j2 dest=/etc/di-gogs-sshkeys.conf mode=0660 owner=root group=di

- name: Add the di-users group
  group: name=di-users

- name: Default user grouplist
  set_fact: usergroups=ssh,dialout,plugdev

- name: Determine available UNIX groups
  getent:
    database: group

- name: Add users to docker group
  set_fact: usergroups="docker,{{ usergroups }}"
  when: "'docker' in ansible_facts.getent_group"

- name: Add the 2fa group to the list when the machine requires it
  set_fact: usergroups='di-2fa,{{ usergroups }}'
  when: "'2fa' in group_names"

- name: Handle user for this machine
  include_tasks: regular_user.yml
  with_items:
    - "{{ users }}"
  loop_control:
    loop_var: user