ansible_samba_ad_dc/tasks/install.yml

---
- name: Install required packages
  ansible.builtin.apt:  
    pkg: '{{ samba_packages }}'
    state: latest
    update_cache: yes
    autoclean: yes
    autoremove: yes
    purge: true

# - name: Install required packages
#   ansible.builtin.package:  
#     name: '{{ samba_packages }}'
#     state: latest

# - name: Stop samba-ad-dc before provisioning (if running)
#   ansible.builtin.service:
#     name: samba-ad-dc
#     state: stopped
#     enabled: no
#   ignore_errors: true

# known regression in certain Samba 4.22.x builds

- name: Check installed Samba version
  ansible.builtin.command: samba --version
  register: samba_version
  changed_when: false
  failed_when: false

- name: Show installed Samba version
  ansible.builtin.debug:
    msg: "Samba version: {{ samba_version.stdout }}"

- name: Warn if Samba version is 4.22.4
  ansible.builtin.debug:
    msg: "⚠️ Detected buggy Samba version 4.22.4 — upgrade recommended!"
  when: "'4.22.4' in samba_version.stdout"

- name: Add Samba Team Debian GPG key (modern method)
  ansible.builtin.get_url:
    # url: https://pkg.samba.org/keys/samba-pubkey.asc
    url: https://download.samba.org/pub/samba/samba-pubkey.asc
    dest: /usr/share/keyrings/samba-team-archive-keyring.gpg
    mode: '0644'
  when: "'4.22.4' in samba_version.stdout"

- name: Add Samba Team Debian repository (modern method)
  ansible.builtin.apt_repository:
    # repo: "deb [signed-by=/usr/share/keyrings/samba-team-archive-keyring.gpg] http://pkg.samba.org/packages/debian {{ ansible_lsb.codename | default('bookworm') }} samba-422"
    repo: "deb [signed-by=/usr/share/keyrings/samba-team-archive-keyring.gpg] http://download.samba.org/pub/samba/packages/debian {{ ansible_lsb.codename }} samba-422"
    state: present
    filename: samba-team
  when: "'4.22.4' in samba_version.stdout"

# - name: Add Samba Team Debian GPG key (only if upgrade is needed)
#   ansible.builtin.apt_key:
#     url: https://pkg.samba.org/keys/samba-pubkey.asc
#     state: present
#   when: "'4.22.4' in samba_version.stdout"

# - name: Add Samba Team Debian repository (only if upgrade is needed)
#   ansible.builtin.apt_repository:
#     repo: "deb http://pkg.samba.org/packages/debian $(lsb_release -cs) samba-422"
#     state: present
#     filename: samba-team
#   when: "'4.22.4' in samba_version.stdout"

- name: Update APT cache (only if upgrade is needed)
  ansible.builtin.apt:
    update_cache: yes
  when: "'4.22.4' in samba_version.stdout"

- name: Upgrade Samba packages if version is 4.22.4
  ansible.builtin.apt:
    name:
      - samba
      - samba-dsdb-modules
      - samba-common-bin
      - python3-samba
    state: latest
  when: "'4.22.4' in samba_version.stdout"

- name: Verify installed Samba version
  ansible.builtin.command: samba --version
  register: samba_version
  changed_when: false

- name: Display upgraded Samba version
  ansible.builtin.debug:
    msg: "✅ Samba version after upgrade: {{ samba_new_version.stdout }}"

- name: Stop Samba services before provisioning
  ansible.builtin.service:
    name: '{{ item }}'
    state: stopped
  ignore_errors: true
  loop:
    - samba-ad-dc
    - smbd
    - nmbd
    - winbind









# - name: Check if backup exist

# - name: Provision AD domain
#   include_tasks: provision.yml

# - name: Deploy smb.conf
#   ansible.builtin.template:
#     src: smb.conf.j2
#     dest: '{{ samba_conf_path }}'
#     owner: root
#     group: root
#     mode: '0644'
#   notify: Restart Samba AD DC

# - name: Enable and start samba-ad-dc service
#   ansible.builtin.service:
#     name: samba-ad-dc
#     state: started
#     enabled: yes

# - name: Configure Kerberos
#   include_tasks: kerberos.yml

# - name: Set DNS resolver and hosts entry
#   include_tasks: dns_hosts.yml

# - name: Run verification checks
#   include_tasks: verify.yml
#   when: samba_verify | bool