- name: Create user
  ansible.builtin.user:
    name: "{{ guest_configure_user }}"

- name: Set user shell (if defined)
  ansible.builtin.user:
    name: "{{ guest_configure_user }}"
    shell: "{{ guest_configure_user_shell }}"
  when: guest_configure_user_shell | length > 0

- name: Add user SSH key (if defined)
  ansible.posix.authorized_key:
    user: "{{ guest_configure_user }}"
    state: present
    key: "{{ item }}"
  loop: "{{ guest_configure_ssh_keys }}"
  when: guest_configure_ssh_keys | length > 0

- name: RedHat block
  when: ansible_os_family == "RedHat"
  block:
    - name: Add user to sudo group (RedHat)
      ansible.builtin.user:
        name: "{{ guest_configure_user }}"
        groups: "wheel"
        append: true

    - name: Allow wheel group nopasswd in sudoers (RedHat)
      ansible.builtin.lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^%wheel'
        line: '%wheel ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s'

- name: Debian block
  when: ansible_os_family == "Debian"
  block:
    - name: Add user to sudo group (Debian)
      ansible.builtin.user:
        name: "{{ guest_configure_user }}"
        groups: "sudo"
        append: true

    - name: Allow sudo group nopasswd in sudoers (Debian)
      ansible.builtin.lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^%sudo'
        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s'