---
- name: Ensure the ntp package is installed
  ansible.builtin.package:
    name: ntp
    state: present

- name: Search common Samba locations for the 'ntp_signd' directory
  ansible.builtin.find:
    paths:
      # Common paths for Samba installations
      - /var/lib/samba/
      - /usr/local/samba/
      - /etc/samba/
    pattern: ntp_signd
    file_type: directory
  register: find_ntp_signd

- name: Set the path variable, failing if not found
  ansible.builtin.set_fact:
    ntp_signd_path: '{{ find_ntp_signd.files[0].path }}'
  # This conditional logic ensures the playbook stops if the directory is missing,
  # or if more than one directory named 'ntp_signd' is found (which is unlikely/undesirable).
  when: find_ntp_signd.matched == 1
  failed_when: find_ntp_signd.matched != 1
  
- name: Verify permissions on the detected 'ntp_signd' directory
  ansible.builtin.stat:
    path: '{{ ntp_signd_path }}'
  register: ntp_signd_stats

- name: Assert that the permissions allow read access
  ansible.builtin.assert:
    that:
      # Check if the directory exists and has permissions that grant read/execute to 'other' (r-x)
      - ntp_signd_stats.stat.exists
      - ntp_signd_stats.stat.mode is search('[rwx-]{2}[rwx-]{2}[4-7]')
    fail_msg: 'FATAL: The detected ntp_signd directory ({{ ntp_signd_path }}) does not have necessary read permissions (mode: {{ ntp_signd_stats.stat.mode }}).'
    success_msg: 'SUCCESS: Permissions on {{ ntp_signd_path }} are correctly configured.'

- name: Configure ntp.conf for Active Directory Domain Controller (AD DC)
  ansible.builtin.template:
    src: templates/ntp.conf.j2  # Path to your NTP template file
    dest: /etc/ntp.conf
    owner: root
    group: root
    mode: '0644'
  notify: 
    - Restart ntp service

- name: Enable and start the ntp service
  ansible.builtin.service:
    name: ntp
    state: started
    enabled: true