-   hosts: '{{ variable_host | default("lab15_standard") }}'
    gather_facts: no
    become: yes
    tasks:
      - name: Install dependencies to LDAP and autofs
        apt:
          pkg:
            - ssh
            - openssh-server
            - nscd
            - autofs
            - autofs-ldap
            - libpam-ldap
            - ldap-utils
            - libnss-ldap

      - name: /etc/ldap.conf set base dc=root,dc=kcir,dc=pwr,dc=edu,dc=pl
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'base dc'
          line: 'base dc=root,dc=kcir,dc=pwr,dc=edu,dc=pl'
          backrefs: yes

      - name: /etc/ldap.conf set uri ldap://whitney.kcir.pwr.edu.pl/
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'ldapi'
          line: 'uri ldap://whitney.kcir.pwr.edu.pl/'
          backrefs: yes

      - name: /etc/ldap.conf set ldap_version 3
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'ldap_version'
          line: 'ldap_version 3'
          backrefs: yes

      - name: /etc/ldap.conf set binddn cn=ldap,dc=kcir,dc=pwr,dc=edu,dc=pl
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'binddn cn'
          line: 'binddn cn=ldap,dc=kcir,dc=pwr,dc=edu,dc=pl'
          backrefs: yes

      - name: /etc/ldap.conf set bindpw .1kcir1.
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'bindpw'
          line: 'bindpw .1kcir1.'
          backrefs: yes

      - name: /etc/ldap.conf set ssl start_tls
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'ssl start_tls'
          line: 'ssl start_tls'
          backrefs: yes

      - name: /etc/nsswitch.conf automount files ldap
        lineinfile:
            path: /etc/nsswitch.conf
            line: "automount:\tfiles ldap"

      - name:  /etc/nsswitch.conf passwd files systemd ldap
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'passwd:'
          line: "passwd:\tfiles systemd ldap"
          backrefs: yes

      - name:  /etc/nsswitch.conf group files systemd ldap
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'group:'
          line: "group:\tfiles systemd ldap"
          backrefs: yes

      - name:  /etc/nsswitch.conf shadow files ldap
        lineinfile: 
          path: /etc/ldap.conf
          regexp: 'shadow:'
          line: "shadow:\tfiles ldap"
          backrefs: yes

      - name: Set /etc/autofs.conf ldap_uri = "ldap://whitney.kcir.pwr.edu.pl/"
        ini_file:
          path: /etc/autofs.conf
          section: autofs
          option: ldap_uri
          value: '"ldap://whitney.kcir.pwr.edu.pl/"'

      - name: Set /etc/autofs.conf search_base = "dc=kcir,dc=pwr,dc=edu,dc=pl"
        ini_file:
          path: /etc/autofs.conf
          section: autofs
          option: search_base
          value: dc=kcir,dc=pwr,dc=edu,dc=pl

      - name: Set /etc/autofs_ldap_auth.conf usetls
        xml:
          path: /etc/autofs_ldap_auth.conf
          xpath: /autofs_ldap_sasl_conf
          attribute: usetls
          value: 'yes'
          state: present

      - name: Set /etc/autofs_ldap_auth.conf tlsrequired
        xml:
          path: /etc/autofs_ldap_auth.conf
          xpath: /autofs_ldap_sasl_conf
          attribute: tlsrequired
          value: 'yes'
          state: present

      - name: Set /etc/autofs_ldap_auth.conf authrequired
        xml:
          path: /etc/autofs_ldap_auth.conf
          xpath: /autofs_ldap_sasl_conf    
          attribute: authrequired
          value: simple
          state: present

      - name: Set /etc/autofs_ldap_auth.conf user
        xml:
          path: /etc/autofs_ldap_auth.conf
          xpath: /autofs_ldap_sasl_conf
          attribute: user
          value: cn=ldap,dc=kcir,dc=pwr,dc=edu,dc=pl
          state: present

      - name: Set /etc/autofs_ldap_auth.conf secret
        xml:
          path: /etc/autofs_ldap_auth.conf
          xpath: /autofs_ldap_sasl_conf
          attribute: secret
          value: .1kcir1.
          state: present

      - name: make /etc/auto.home
        file:
          path: /etc/auto.home
          state: touch


      - name:  /etc/auto.home lab	localhost:/export/home/lab
        lineinfile: 
          path: /etc/auto.home
          line: "lab\tlocalhost:/export/home/lab"

      - name:  /etc/auto.home student	localhost:/export/home/student
        lineinfile: 
          path: /etc/auto.home
          line: "student\tlocalhost:/export/home/student"

      - name:  /etc/auto.home +auto.home
        lineinfile: 
          path: /etc/auto.home
          line: '+auto.home'

      - name:  /etc/auto.master /home auto.home
        lineinfile: 
          path: /etc/auto.master
          line: "/home\tauto.home"

      - name: mkdir mkdir -p /export/home
        file:
          path: /export/home
          state: directory

      - name: mv /home/* /export/home/
        copy:
          remote_src: true
          src: /home/
          dest: /export/home
          owner: lab
          group: lab

      - name: Create folder /etc/systemd/system/systemd-logind.service.d/
        file: 
          path: /etc/systemd/system/systemd-logind.service.d/
          state: directory
      
      - name: Create file /etc/systemd/system/systemd-logind.service.d/override.conf 
        copy: 
          dest: /etc/systemd/system/systemd-logind.service.d/override.conf
          content: |
            [Service]
            RestrictAddressFamilies=AF_INET
            IPAddressAllow=156.17.9.28   

          #FSTAB overlay /export/home/student    overlay lowerdir=/export/home/student.base,upperdir=/export/home/student.upper,workdir=/export/home/student.work        0       0


          #resolv.conf