---
- block:
  - name: Add the additional service groups
    group: name={{ item }} state=present
    with_items: '{{ service_sudoers_group }}'

  when: users_system_users is defined
  tags: [ 'services', 'users' ]

#- block:
#  - name: Remove selected users to the limited sudoers group
#    user: name={{ item.login }} groups=''
#    with_items: '{{ users_system_users | default([]) }}'
#    when: not item.limited_sudoers_user
#
#  when:
#    - users_system_users is defined
#    - item.limited_sudoers_user is defined
#  tags: [ 'services', 'users' ]
#
#- block:
#  - name: Remove additional users to the limited sudoers group
#    user: name={{ item.login }} groups=''
#    with_items: '{{ users_system_users_adjunct }}'
#    when: not item.limited_sudoers_user
#
#  when:
#    - users_system_users_adjunct is defined
#    - item.limited_sudoers_user is defined
#  tags: [ 'services', 'users' ]

- block:
  - name: Add selected users to the limited sudoers group
    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
    with_items: '{{ users_system_users | default([]) }}'
    when: item.limited_sudoers_user

  when:
    - users_system_users is defined
    - item.limited_sudoers_user is defined
  tags: [ 'services', 'users' ]

- block:
  - name: Add additional users to the limited sudoers group
    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
    with_items: '{{ users_system_users_adjunct }}'
    when: item.limited_sudoers_user

  when:
    - users_system_users_adjunct is defined
    - item.limited_sudoers_user is defined
  tags: [ 'services', 'users' ]