---
- name: install needed packages
  apt:
    name:
      - sssd-ldap
      - libpam-mount
      - cifs-utils
    state: latest

- name: add URI to ldap.conf
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "URI ldaps://{{ ldap_server }}/"
    insertafter: "#URI.*"

- name: add BASE to ldap.conf
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "BASE {{ basedn }}"
    insertafter: "#BASE.*"

- name: do not verify cert
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "LDAPTLS_REQCERT      never"

    #- name: enable pam_umask
    #  lineinfile:
    #    dest: /etc/pam.d/common-session
    #    line: "session optional	pam_umask.so usergroups"

- name: enable pam_mkhomedir.so
  lineinfile:
    dest: /etc/pam.d/common-session
    line: "session	optional	pam_mkhomedir.so  umask=0027"
    insertbefore: "session	optional	pam_mount.so"

- name: configure pam_mount
  blockinfile:
    dest: /etc/security/pam_mount.conf.xml
    block: |
      <volume
        fstype="cifs"
        server="{{ smb_server }}"
        path="{{ smb_home }}"
        mountpoint="/media/%(USER)/winhome"
        options="dir_mode=0750,file_mode=0640"
      />
      <volume
        fstype="cifs"
        server="{{ smb_server }}"
        path="{{ smb_share }}"
        mountpoint="/media/%(USER)/winshare"
        options="dir_mode=0750,file_mode=0640"
      />
      <!--volume
        fstype="fuse"
        path="sshfs#%(USER)@homes:"
        mountpoint="/home/%(USER)"
        options="StrictHostKeyChecking=no,allow_root"
      />
      <volume
        path="/home/%(USER)"
        mountpoint="~"
        options="bind"
      /-->
    insertafter: "<!-- Volume definitions -->"

- name: provide identities from directory
  template:
    src: sssd.conf.j2
    dest: /etc/sssd/sssd.conf
    mode: 0600
  notify: restart sssd

  ## FIXME: preseeding grub nvram does not work
- name: reset boot order
  command: efibootmgr --delete-bootorder
  when: run_in_installer|default(false)|bool