---
- name: Make sure we have a 'wheel' group
  ansible.builtin.group:
    name: wheel
    state: present

- name: Create user
  ansible.builtin.user:
    name: "{{ user.name }}"
    # Use: openssl passwd -salt <salt> -1 <plaintext>
    password: "{{ user.password }}"
    update_password: on_create
    comment: "{{ user.full_name }}"
    groups: "{{ user.additional_groups }}"
    append: yes
    shell: "{{ user.shell }}"
    state: present
    expires: -1
  become: true

- name: Setup sudo
  ansible.builtin.copy:
    dest: /etc/sudoers.d/{{ user.name }}
    content: "{{ user.name }} ALL=(ALL:ALL) ALL"
    mode: 0440
    validate: /usr/sbin/visudo -cf %s
  become: true

- name: Configure rbw
  ansible.builtin.file:
    path: ~/.config/rbw
    state: directory
    mode: '0755'
  become: true
  become_user: "{{ user.name }}"

- name: Copy rbw-config.json
  ansible.builtin.copy:
    src: rbw-config.json
    dest: ~/.config/rbw/config.json
    mode: '0644'
  become: true
  become_user: "{{ user.name }}"

- name: Configure pinentry for gnome3
  ansible.builtin.lineinfile:
    path: ~/.gnupg/gpg-agent.conf
    line: "pinentry-program /usr/bin/pinentry-gnome3"
    create: yes