- name: Install packages
  package:
    name:
      - py3-cryptography
      - nss_wrapper
      - nss
      - musl-nscd
      - samba-libnss-winbind
      - chrony
      - samba
      - samba-winbind
      - heimdal

- name: Create share directory
  file:
    path: /shares/scan
    state: directory

- name: Enable smbd, nmbd, winbindd in samba config
  lineinfile:
    path: /etc/conf.d/samba
    regexp: '^daemon_list='
    line: daemon_list="smbd nmbd winbindd"

- name: Configure samba
  template:
    dest: /etc/samba/smb.conf
    src: smb.conf.j2
    mode: 0600
  notify: reload smbd

- name: Check domain membership
  command: 'net ads testjoin'
  changed_when: false
  failed_when: false
  register: ad_join

- name: Join host to AD domain
  when: ad_join.rc != 0
  block:
    - pause:
        prompt: 'AD username'
      register: ad_user

    - pause:
        prompt: 'AD password'
        echo: no
      register: ad_pass

    # work around https://gitlab.freedesktop.org/realmd/adcli/-/merge_requests/52
    #- name: Get and store domain SID
    #  expect:
    #    command: net -U {{ ad_user.user_input }} rpc getsid -S {{ domain }} -D {{ domain }}
    #    responses:
    #      'Password for': '{{ ad_pass.user_input }}'

    # work around https://bugzilla.redhat.com/show_bug.cgi?id=1665794
    #- name: Set missing keys in secrets.tdb
    #  command: tdbtool /var/lib/samba/private/secrets.tdb store {{ item }}/{{ domain | upper | split('.') | first }} '\0'
    #  loop:
    #    - SECRETS/MACHINE_LAST_CHANGE_TIME
    #    - SECRETS/MACHINE_PASSWORD
    #    - SECRETS/MACHINE_PASSWORD.PREV

    - name: Join AD
      command: samba-tool domain join {{ domain | upper }} MEMBER -U {{ ad_user.user_input | upper }} --password="{{ad_pass.user_input}}"

- name: Add winbind to nsswitch.conf
  copy:
    src: nsswitch.conf
    dest: /etc/nsswitch.conf
  notify: reload nscd

- name: Enable services
  service:
    name: '{{ item }}'
    enabled: true
    state: started
  loop:
    - samba
    # - winbind