---
# file: roles/ad-server/tasks/main.yml

- name: ensure ad-server is installed
  apt:
    name: samba
    state: present
  tags:
    - ad-server

- name: ensure winbind is for some reasons installed
  apt:
    name: winbind
    state: present
  tags:
    - ad-server

- name: figure out if domain is provisioned
  stat:
    path: "/var/lib/samba/sysvol/{{ domain }}"
  register: domain_provisioned
  tags:
    - ad-server
    - domain-provision

- name: ensure smb.conf is absent for provision
  file:
    path: /etc/samba/smb.conf
    state: absent
  when: domain_provisioned.stat.exists == False
  tags:
    - ad-server
    - domain-provision

# passwords will be selected at random and safed to /root/smb-provision.log)
- name: ensure domain is provisioned
  # yamllint disable-line rule:line-length
  shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ lookup('passwordstore', ad_admin_password) }} 2>/root/smb-provision.log
  when: domain_provisioned.stat.exists == False
  no_log: true
  tags:
    - ad-server
    - domain-provision

- name: ensure smb.conf is correct
  template:
    src: smb.conf.j2
    dest: /etc/samba/smb.conf
    owner: root
    group: root
    mode: '0644'
  notify: restart samba-ad-dc server
  tags:
    - ad-server

- name: ensure smbd is stopped and disabled
  service:
    name: smbd
    state: stopped
    enabled: false
  tags:
    - ad-server

- name: ensure nmbd is stopped and disabled
  service:
    name: nmbd
    state: stopped
    enabled: false
  tags:
    - ad-server

- name: ensure samba-ad-dc unit is running, enabled and not masked
  systemd:
    name: samba-ad-dc
    masked: false
    state: started
    enabled: true
  tags:
    - ad-server

- name: ensure samba-ad-dc is running and enabled
  service:
    name: samba-ad-dc
    state: started
    enabled: true
  tags:
    - ad-server

- meta: flush_handlers