---
- name: load os/distrubtion/version specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - files:
        - "{{ ansible_distribution_release }}.yml"
        - "{{ ansible_distribution }}.yml"
        - "{{ ansible_os_family }}.yml"

- name: load os/distrubtion/version specific tasks
  vars:
    params:
      files:
      - "{{ ansible_distribution_release }}.yml"
      - "{{ ansible_distribution }}.yml"
      - "{{ ansible_os_family }}.yml"
  loop: "{{ q('first_found', params) }}"
  loop_control:
    loop_var: tasks_file
  include_tasks: "{{ tasks_file }}"

- name: add normal users
  loop: "{{ normal_users | difference(admin_users) }}"
  user:
    name: "{{ item }}"
    state: present
    password: "{{ hostvars[inventory_hostname]['vault_user_password_'+item] }}" ## TODO: find nicer way to do this
    shell: "{{ users[item].shell | default(users_default_shell) }}"

- name: add admin users
  loop: "{{ admin_users }}"
  user:
    name: "{{ item }}"
    state: present
    password: "{{ hostvars[inventory_hostname]['vault_user_password_'+item] }}" ## TODO: find nicer way to do this
    groups: "{{ admin_users_groups }}"
    append: yes
    shell: "{{ users[item].shell | default(users_default_shell) }}"

- name: install ssh keys for users
  loop: "{{ normal_users | union(admin_users) }}"
  when: "'ssh' in users[item]"
  authorized_key:
    user: "{{ item }}"
    key: "{{ users[item].ssh | join('\n') }}"
    exclusive: yes