- name: Install packages
  yum:
    name:
      - adcli
      - sssd
      - authconfig
      - krb5-workstation
      - oddjob-mkhomedir
      - sssd-tools
    state: latest

- name: Delete existing keytab
  file:
    path: /etc/krb5.keytab
    state: deleted
  ignore_errors: yes

- name: Wipe existing resolv.conf
  copy:
    content: ''
    dest: /etc/resolv.conf

- name: Create resolv.conf
  blockinfile:
    path: /etc/resolv.conf
    marker: "###...{mark} adcli {mark}...###"
    block: |
      domain {{ ad_domain }}
      nameserver {{ ad_dc1 }}
      nameserver {{ ad_dc2 }}

- name: Create parent home directory for ad users
  file:
    state: directory
    path: "/home/{{ ad_domain }}"
    mode: 0755

- name: Update krb5.conf
  block:
    - copy:
        content: ''
        dest: /etc/krb5.conf
        backup: yes

    - blockinfile:
        path: /etc/krb5.conf
        marker: "###...{mark} adcli {mark}...###"
        block: |
          [libdefaults]
          rdns = false
          default_realm = {{ ad_domain|upper }}
          dns_lookup_realm = true
          dns_lookup_kdc = true
          ticket_lifetime = 24h
          renew_lifetime = 7d
          forwardable = true

- name: Join AD
  shell: echo '{{ ad_joinpw }}' | adcli join --verbose --domain={{ ad_domain|upper }} -U {{ ad_joinusr }} --computer-name={{ ad_netbios_name | default(inventory_hostname) }} --stdin-password 2>&1 | tee /var/log/adcli.log

- name: Run authconfig
  shell: authconfig --enablesssd --enablesssdauth --enablemkhomedir --update

- name: Update sssd.conf
  block:
    - copy:
        content: ''
        dest: /etc/sssd/sssd.conf
        backup: yes

    - blockinfile:
        path: /etc/sssd/sssd.conf
        mode: 0600
        marker: "###...{mark} adcli {mark}...###"
        block: |
          [sssd]
          services = nss, pam, ssh, autofs
          config_file_version = 2
          domains = {{ ad_domain|upper }}
          [nss]
          filter_groups = dpadmin
          [domain/{{ ad_domain|upper }}]
          id_provider = ad
          default_shell = /bin/bash
          override_homedir = /home/%u
          create_homedir = true
          homedir_umask = 077
          use_fully_qualified_names = false
          ad_hostname = "{{ ad_netbios_name | default(inventory_hostname) }}"

- name: Start sssd service
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  with_items:
  - sssd
  - oddjobd

- name: Enable password auth on sshd
  block:
    - replace:
        path: /etc/ssh/sshd_config
        regexp: '^PasswordAuthentication.*$'
        replace: 'PasswordAuthentication yes'

    - service:
        name: sshd
        state: restarted

- name: Add client group to sudoers
  lineinfile:
    path: /etc/sudoers.d/ad_sudoers
    line: '%{{ ad_sudoers_group }} ALL=(ALL) NOPASSWD: ALL'
    state: present
    create: yes
  when: ad_sudoers_group is defined

- name: Check if {{ ad_joinusr }}@{{ ad_domain }} exists
  shell: id {{ ad_joinusr }}@{{ ad_domain }}
  register: idOut

- debug:
    var: idOut.stdout_lines