---
- name: "{{ services_service_name }} : setup : create system user"
  ansible.builtin.user:
    name: "{{ services_service_user_name }}"
    create_home: true
    home: "{{ services_service_user_home }}"
    system: true
  register: services_base_user_create

- name: "{{ services_service_name }} : setup : set default shell"
  ansible.builtin.user:
    name: "{{ services_service_user_name }}"
    shell: "/usr/sbin/nologin"

- block:

    - name: "{{ services_service_name }} : setup : set home directory ownership"
      ansible.builtin.file:
        path: "{{ services_service_user_home }}"
        state: "directory"
        owner: "{{ services_service_user_name }}"
        group: "{{ services_service_user_name }}"
        recurse: true

    - name: "{{ services_service_name }} : setup : configure subuids and subgids"
      ansible.builtin.shell: |
          export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
          export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
          usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
                  --add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
          {{ services_service_user_name }}

    - name: "{{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set"
      ansible.builtin.shell: |
        echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
        {{ services_service_user_home }}/.bashrc

    - name: "{{ services_service_name }} : setup : enable lingering"
      ansible.builtin.command: "loginctl enable-linger {{ services_service_user_name }}"

  when:
    services_base_user_create.changed