- name: Assert mandatory variables
  ansible.builtin.assert:
    that:
      - service_user is defined

- name: Ensure service user "{{ service_user }}" exists
  ansible.builtin.user:
    name: "{{ service_user }}"
    comment: "Service user for {{ service_user }}"
    shell: /sbin/nologin
    # TODO: service_root should somehow be reflected here
    home: "/opt/{{ service_user }}"
    create_home: true
    system: true

- name: Ensure directory for "{{ service_user }}"
  ansible.builtin.file:
    # TODO: service_root
    path: "/opt/{{ service_user }}"
    state: directory
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
    mode: '755'

- name: Get user info from passwd
  ansible.builtin.getent:
    database: passwd
    key: '{{ service_user }}'