---
- name: install needed packages
  apt:
    name:
      - libpam-mount
      - cifs-utils
      - sshfs
    state: latest

- name: configure pam_mount
  blockinfile:
    dest: /etc/security/pam_mount.conf.xml
    block: |
      <volume
        fstype="fuse"
        path="sshfs#%(USER)@{{ home_server }}:"
        mountpoint="/home/%(USER)"
        options="allow_other,default_permissions,reconnect,password_stdin"
        ssh="0" noroot="0"
      ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user></or></not></volume>

      <volume
        fstype="cifs"
        server="{{ smb_server }}"
        path="{{ smb_home }}"
        mountpoint="/media/%(USER)/winhome"
        options="dir_mode=0750,file_mode=0640"
      ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user></or></not></volume>

      <volume
        fstype="cifs"
        server="{{ smb_server }}"
        path="{{ smb_share }}"
        mountpoint="/media/%(USER)/winshare"
        options="dir_mode=0750,file_mode=0640"
      ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user></or></not></volume>
    insertafter: "<!-- Volume definitions -->"

- name: make sure .ssh exists
  file:
    path: /root/.ssh
    state: directory
    mode: '0700'

- name: provide public key of home server
  lineinfile:
    path: /root/.ssh/known_hosts
    line: "{{ ssh_hostkey }}"
    create: yes