---

# ---
# - Remove unwanted users
# ---

- name: (nis_samba_user.yml) Check if samba user exists for removable nis user
  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
  register: samba_deleted_user_present
  changed_when: "samba_deleted_user_present.rc == 0"
  failed_when: "samba_deleted_user_present.rc > 1"
  with_items: 
    - "{{ nis_deleted_user }}"
  loop_control:
    label: '{{ item.name }}'
  tags:
    - samba-user


- name: (nis_samba_user.yml) Remove (old) users from samba
  shell: "smbpasswd -s -x {{ item.name }}"
  with_items: 
    - "{{ nis_deleted_user }}"
  loop_control:
    label: '{{ item.name }}'
  when: samba_deleted_user_present is changed
  tags:
    - samba-user


- name: (nis_samba_user.yml) Remove (old) users from system
  user:
    name: '{{ item.name }}'
    state: absent
  with_items: 
    - "{{ nis_deleted_user }}"
  loop_control:
    label: '{{ item.name }}'
  tags:
    - nis-user
    - system-user

- name: (nis_samba_user.yml) Remove home directory from deleted users
  file:
    path: '{{ nis_base_home }}/{{ item.name }}'
    state: absent
  with_items: 
    - "{{ nis_deleted_user }}"
  loop_control:
    label: '{{ item.name }}'
  tags:
    - nis-user
    - system-user

# ---
# - default user/groups
# ---

- name: (nis_samba_user.yml) Ensure nis groups exists
  group:
    name: '{{ item.name }}'
    state: present
    gid: '{{ item.group_id | default(omit) }}'
  loop: "{{ nis_groups }}"
  loop_control:
    label: '{{ item.name }}'
  when: item.group_id is defined
  notify: Renew nis databases
  tags:
    - nis-user
    - system-user
    
#- meta: end_host

- name: (nis_samba_user.yml) Ensure nis users exists
  user:
    name: '{{ item.name }}'
    state: present
    uid: '{{ item.user_id | default(omit) }}'
    #group: '{{ item.0.name | default(omit) }}'
    groups: "{{ item.groups|join(', ') }}"
    home: '{{ nis_base_home }}/{{ item.name }}'
    shell: '{{ item.shell|d("/bin/bash") }}'
    password: "{{ item.password | password_hash('sha512') }}"
    update_password: on_create
    append: yes
  loop: "{{ nis_user }}"
  loop_control:
    label: '{{ item.name }}'
  notify: Renew nis databases
  tags:
    - nis-user
    - system-user


- name: (nis_samba_user.yml) Check if samba user exists for nis user
  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
  register: samba_nis_user_present
  changed_when: "samba_nis_user_present.rc > 0"
  failed_when: "samba_nis_user_present.rc > 1"
  with_items: 
    - "{{ nis_user }}"
  loop_control:
    label: '{{ item.name }}'
  when:
    - item.is_samba_user is defined and item.is_samba_user|bool
  tags:
    - samba-user

- name: (nis_samba_user.yml) Add nis user to samba (with nis users password)
  shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
  loop: "{{ nis_user }}"
  loop_control:
    label: '{{ item.name }}'
  when: 
    - item.is_samba_user is defined and item.is_samba_user|bool
    - samba_nis_user_present is changed
  notify: Renew nis databases
  tags:
    - samba-user