---
- name: Ensure user is in specified group
  hosts: all
  become: true
  gather_facts: false

  vars:
    check_user: "{{ check_user }}"
    check_group: "{{ check_group }}"

  tasks:
    - name: Ensure group exists
      group:
        name: "{{ check_group }}"
        state: present

    - name: Check if user exists
      getent:
        database: passwd
        key: "{{ check_user }}"
      register: user_check
      changed_when: false
      failed_when: user_check.ansible_facts.getent_passwd[check_user] is not defined

    - name: Add user to group (non-destructively)
      user:
        name: "{{ check_user }}"
        groups: "{{ check_group }}"
        append: true