common/users: refactor the flow, set the users according to the handled_users variable

Signed-off-by: Mattia Rizzolo <mattia@debian.org>

roles/common/tasks/users.yml

@@ -14,39 +14,33 @@
     system: "{{ item.system | default('no') }}"
   with_items: "{{ handled_groups }}"
 
+- name: Create a group for every user
+  group: name={{ item.name }}
+  with_items: "{{ handled_users }}"
+  when:
+    - item.group is not defined
 
-- name: create user manager
+- name: create the users
   user:
-    name: manager
-    groups: allow-ssh,passwordless-sudo
-    state: present
-    shell: /bin/bash
-
-
-- name: set ssh keys for manager
-  authorized_key:
-    user: manager
-    key: "{{ management_ssh }}"
-
-    exclusive: true
-    state: present
-
-
-- name: create admin users
+    name: "{{ item.name }}"
+    comment: "{{ item.gecos }}"
+    createhome: yes
+    home: "{{ item.home | default('/home/'+item.name) }}"
+    shell: "{{ item.shell | default('/bin/bash') }}"
+    generate_ssh_key: yes
+    ssh_key_bits: 4096
+    group: "{{ item.group | default(item.name) }}"
+    update_password: on_create
+  with_items: "{{ handled_users }}"
+
+- name: Add the users to the extra groups, if the groups are available
   user:
-    name: "{{ item }}"
-    groups: allow-ssh,passwordless-sudo,systemd-journal
-    append: true
-    state: present
-    shell: /bin/bash
-
-  with_items: "{{ admin_users.keys() }}"
-
-
-- name: register admin users as a fact
-  set_fact:
-    facts_common_admin_users: "{{ admin_users.keys() }}"
-
+    name: "{{ item.0.name }}"
+    groups: "{{ item.1 }}"
+    append: yes
+  with_subelements:
+    - "{{ handled_users }}"
+    - extra_groups
 
 - name: set ssh keys for admin users
   authorized_key: