## This playbook deploys a FvS web server machine.
---
- name: apply configuration to the web server
  hosts: all
  remote_user: ansible
  become: yes
  pre_tasks:
    - pause:
        prompt: "Enter global-admin AD password. Leave empty to skip domain join"
        echo: false
      register: adpw
      no_log: true
      when: "ansible_cmdline.adpw is not defined"
  vars:
    domain: "pn.steinbeis.schule"
    extra_pkgs:
      - vim
      - apache2
      - python3-flask

    extra_pkgs_bpo: [ ]  # [ libreoffice ]

  roles:
    - up2date_debian
    - lmn_sssd
    - kerberize

  tasks:
    - name: Override home dir location
      lineinfile:
        dest: /etc/sssd/sssd.conf
        line: override_homedir = /home/%u

    - name: enable pam_mkhomedir.so
      lineinfile:
        dest: /etc/pam.d/common-session
        line: "session	optional	pam_mkhomedir.so  umask=0026"
        insertbefore: "session	optional	pam_mount.so"

    - name: enable apache mod userdir
      apache2_module:
        state: present
        name: userdir