add playbook to ensure user is in specified group

playbooks/add-usertogroup.yml

@@ -0,0 +1,29 @@
+---
+- name: Ensure user is in specified group
+  hosts: all
+  become: true
+  gather_facts: false
+
+  vars:
+    check_user: "{{ check_user }}"
+    check_group: "{{ check_group }}"
+
+  tasks:
+    - name: Ensure group exists
+      group:
+        name: "{{ check_group }}"
+        state: present
+
+    - name: Ensure user exists
+      ansible.builtin.getent:
+        database: passwd
+        key: "{{ check_user }}"
+      register: user_check
+      failed_when: user_check.found is not defined or not user_check.found
+
+    - name: Add user to group (non-destructively)
+      user:
+        name: "{{ check_user }}"
+        groups: "{{ check_group }}"
+        append: true
+      when: user_check.found