---

# ---
# - default user/groups
# ---

# To be precise, samba groups are system groups. 
#
- name: (samba-user.yml) Ensure samba groups exists
  group:
    name: '{{ item.name }}'
    state: present
    gid: '{{ item.group_id | default(omit) }}'
  loop: "{{ samba_groups }}"
  loop_control:
    label: '{{ item.name }}'
  when: item.group_id is defined
  tags:
    - samba-server
    - samba-group
    - system-group

# get all user of the system
#
# Note:
#    the result ist avalable in variable getent_passwd
#
- name: (samba_user.yml) Get database of (system) users
  getent:
    database: passwd
  tags:
    - samba-server
    - samba-user
    - system-user


# Samba users mut be also system users
#
- name: (samba_user.yml) Add (system) users if not yet exists..
  shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
  loop: "{{ samba_user }}"
  loop_control:
    label: '{{ item.name }}'
  when:
    - item.name not in getent_passwd
  tags:
    - samba-server
    - samba-user
    - system-user

- name: (samba_user.yml) Ensure samba users exists in system with given group membership
  user:
    name: '{{ item.name }}'
    state: present
    uid: '{{ item.user_id | default(omit) }}'
    #group: '{{ item.0.name | default(omit) }}'
    groups: "{{ item.groups|join(', ') }}"
    password: "{{ item.password | password_hash('sha512') }}"
    update_password: on_create
    append: yes
  loop: "{{ samba_user }}"
  loop_control:
    label: '{{ item.name }}'
  tags:
    - samba-server
    - samba-user
    - system-user

- name: (samba-user.yml) Check if samba user exists
  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep -e "^{{ item.name }}"
  register: samba_user_present
  changed_when: "samba_user_present.rc == 1"
  failed_when: "samba_user_present.rc > 1"
  loop: "{{ samba_user }}"
  loop_control:
    label: '{{ item.name }}'
  tags:
    - samba-server
    - samba-user

- name: (samba-user.yml) Add user to samba (with system users password)
  shell: >
    (echo '{{ item.item.password }}'; echo '{{ item.item.password }}') 
    | smbpasswd -s -a {{ item.item.name }}
  loop: "{{ samba_user_present.results }}"
  when: item.changed
  loop_control:
    label: '{{ item.item.name }}'
  tags:
    - samba-server
    - samba-user



# Only on fileservers:
#    zapata.opp.netz

- name: (samba_user.yml) Check if folder '/data/backup'  exists using file module
  stat:
    path: /data/backup
  register: data_backup_dir
  when: 
    - inventory_hostname == 'zapata.opp.netz'
  tags:
    - samba-server
    - samba-user
    - system-user

- name: (samba_user.yml) Ensure folder /data/backup/<user-name> exists for all (samba) users on host zapata
  file:
    path: '/data/backup/{{ item.name }}'
    state: directory
    owner: '{{ item.name }}'
    group: '{{ item.name }}'
    mode: "2770"
  loop: "{{ samba_user }}"
  loop_control:
    label: '{{ item.name }}'
  when: 
    - inventory_hostname == 'zapata.opp.netz'
    - data_backup_dir.stat.isdir is defined and data_backup_dir.stat.isdir
  tags:
    - samba-server
    - samba-user
    - system-user