tasks/main.yml

---
- name: Gather service facts
  service_facts:
  
- name: Determine DNS manager
  set_fact:
    dns_manager: >-
      {% if 'systemd-resolved.service' in ansible_facts.services and ansible_facts.services['systemd-resolved.service'].state == 'running' %}
        systemd-resolved
      {% elif 'NetworkManager.service' in ansible_facts.services and ansible_facts.services['NetworkManager.service'].state == 'running' %}
        NetworkManager
      {% else %}
        manual
      {% endif %}

- name: Configure DNS for systemd-resolved
  when: dns_manager == 'systemd-resolved'
  template:
    src: resolved.conf.j2
    dest: /etc/systemd/resolved.conf
    owner: root
    group: root
    mode: '0644'
  notify: Restart systemd-resolved

- name: Ensure /etc/resolv.conf points to systemd stub
  when: dns_manager == 'systemd-resolved'
  file:
    src: /run/systemd/resolve/stub-resolv.conf
    dest: /etc/resolv.conf
    state: link
    force: true

- name: Configure DNS via NetworkManager (nmcli)
  when: dns_manager == 'NetworkManager'
  block:
    - name: Set DNS servers with nmcli
      shell: >
        nmcli con mod "{{ nm_connection_name }}"
        ipv4.dns "{{ dns_servers | join(' ') }}"
        ipv4.ignore-auto-dns yes
      args:
        warn: false

    - name: Set search domain with nmcli
      shell: >
        nmcli con mod "{{ nm_connection_name }}"
        ipv4.dns-search "{{ dns_search }}"
      args:
        warn: false

    - name: Bring connection down and up to apply changes
      shell: >
        nmcli con down "{{ nm_connection_name }}" && nmcli con up "{{ nm_connection_name }}"
      ignore_errors: true

  when: dns_manager == 'manual'
  template:
    src: resolv.conf.j2
    dest: /etc/resolv.conf
    owner: root
    group: root
    mode: '0644'

- name: Install required packages
  apt:
    name:
      - samba
      - krb5-user
      - winbind
      - libpam-winbind
      - libnss-winbind
      - ntp
    state: present
  become: yes

- name: Configure /etc/resolv.conf for AD DNS resolution
  template:
    src: resolv.conf.j2
    dest: /etc/resolv.conf
    owner: root
    group: root
    mode: '0644'
  notify: Restart networking if required

# Backup original ntp.conf (optional safety)
- name: Backup original ntp.conf
  copy:
    src: /etc/ntp.conf
    dest: /etc/ntp.conf.bak
    remote_src: yes
    force: no
  ignore_errors: yes

# Configure ntp.conf to use AD DCs
- name: Ensure 'tinker panic 0' is present
  lineinfile:
    path: /etc/ntp.conf
    line: "tinker panic 0"
    insertafter: BOF
    state: present

- name: Configure ntp.conf with AD domain controllers
  blockinfile:
    path: /etc/ntp.conf
    marker: "# {mark} ANSIBLE_MANAGED_AD_NTP"
    block: |
      {% for server in ntp_servers %}
      server {{ server }} iburst
      {% endfor %}
  notify: Restart ntp

# Enable and start ntp service
- name: Ensure ntp is running and enabled
  service:
    name: ntp
    state: started
    enabled: yes

- name: Configure Kerberos
  template:
    src: krb5.conf.j2
    dest: /etc/krb5.conf
    owner: root
    group: root
    mode: '0644'

- name: Configure Samba
  template:
    src: smb.conf.j2
    dest: /etc/samba/smb.conf
    owner: root
    group: root
    mode: '0644'

- name: Join the domain
  shell: |
    echo "{{ ad_admin_password }}" | net ads join -U {{ ad_admin_user }}%{{ ad_admin_password }}
  args:
    warn: false
  register: join_result
  changed_when: "'Joined domain' in join_result.stdout"

# Ensure winbind is appended to passwd and group in /etc/nsswitch.conf
- name: Ensure winbind is appended to passwd and group NSS databases
  lineinfile:
    path: /etc/nsswitch.conf
    regexp: '^{{ item }}:'
    line: "{{ item }}: files winbind"
    backrefs: yes
  loop:
    - passwd
    - group

# Append [success=continue] winbind to existing initgroups line
- name: Ensure [success=continue] winbind is present in initgroups line if it exists
  replace:
    path: /etc/nsswitch.conf
    regexp: '^(initgroups:.*?)(\s*winbind)?$'
    replace: '\1 [success=continue] winbind'
  when: "'initgroups:' in lookup('file', '/etc/nsswitch.conf')"
  

- name: Enable and start required services
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  loop:
    - smbd
    - nmbd
    - winbind
refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain. Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process. 2025-10-08 19:04:53 +02:00			`---`
refactor ♻️: Refactored the code to use a more structured approach for DNS configuration and added optional tests. Updated the role to include optional tests after running it, ensuring that DNS resolution is correctly configured. The code has been refactored to improve readability and maintainability. 2025-10-08 21:55:06 +02:00			`- name: Gather service facts`
			`service_facts:`

			`- name: Determine DNS manager`
			`set_fact:`
			`dns_manager: >-`
			`{% if 'systemd-resolved.service' in ansible_facts.services and ansible_facts.services['systemd-resolved.service'].state == 'running' %}`
			`systemd-resolved`
			`{% elif 'NetworkManager.service' in ansible_facts.services and ansible_facts.services['NetworkManager.service'].state == 'running' %}`
			`NetworkManager`
			`{% else %}`
			`manual`
			`{% endif %}`

			`- name: Configure DNS for systemd-resolved`
			`when: dns_manager == 'systemd-resolved'`
			`template:`
			`src: resolved.conf.j2`
			`dest: /etc/systemd/resolved.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`notify: Restart systemd-resolved`

			`- name: Ensure /etc/resolv.conf points to systemd stub`
			`when: dns_manager == 'systemd-resolved'`
			`file:`
			`src: /run/systemd/resolve/stub-resolv.conf`
			`dest: /etc/resolv.conf`
			`state: link`
			`force: true`

			`- name: Configure DNS via NetworkManager (nmcli)`
			`when: dns_manager == 'NetworkManager'`
			`block:`
			`- name: Set DNS servers with nmcli`
			`shell: >`
			`nmcli con mod "{{ nm_connection_name }}"`
			`ipv4.dns "{{ dns_servers \| join(' ') }}"`
			`ipv4.ignore-auto-dns yes`
			`args:`
			`warn: false`

			`- name: Set search domain with nmcli`
			`shell: >`
			`nmcli con mod "{{ nm_connection_name }}"`
			`ipv4.dns-search "{{ dns_search }}"`
			`args:`
			`warn: false`

			`- name: Bring connection down and up to apply changes`
			`shell: >`
			`nmcli con down "{{ nm_connection_name }}" && nmcli con up "{{ nm_connection_name }}"`
			`ignore_errors: true`

			`when: dns_manager == 'manual'`
			`template:`
			`src: resolv.conf.j2`
			`dest: /etc/resolv.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`

refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain. Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process. 2025-10-08 19:04:53 +02:00			`- name: Install required packages`
			`apt:`
			`name:`
			`- samba`
			`- krb5-user`
			`- winbind`
			`- libpam-winbind`
			`- libnss-winbind`
refactor ♻️: Refactoring the main.yml files to include NTP server configuration and backup of original ntp.conf. Updated the `defaults/main.yml`, `handlers/main.yml`, and `tasks/main.yml` files to add NTP server configuration and a backup of the original `ntp.conf` file. This ensures that the system uses AD DCs as time sources and maintains a backup for future reference. 2025-10-08 22:03:21 +02:00			`- ntp`
refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain. Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process. 2025-10-08 19:04:53 +02:00			`state: present`
			`become: yes`

refactor ♻️: Refactored the code to use a more structured approach for DNS configuration and added optional tests. Updated the role to include optional tests after running it, ensuring that DNS resolution is correctly configured. The code has been refactored to improve readability and maintainability. 2025-10-08 21:55:06 +02:00			`- name: Configure /etc/resolv.conf for AD DNS resolution`
			`template:`
			`src: resolv.conf.j2`
			`dest: /etc/resolv.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`notify: Restart networking if required`

refactor ♻️: Refactoring the main.yml files to include NTP server configuration and backup of original ntp.conf. Updated the `defaults/main.yml`, `handlers/main.yml`, and `tasks/main.yml` files to add NTP server configuration and a backup of the original `ntp.conf` file. This ensures that the system uses AD DCs as time sources and maintains a backup for future reference. 2025-10-08 22:03:21 +02:00			`# Backup original ntp.conf (optional safety)`
			`- name: Backup original ntp.conf`
			`copy:`
			`src: /etc/ntp.conf`
			`dest: /etc/ntp.conf.bak`
			`remote_src: yes`
			`force: no`
			`ignore_errors: yes`

			`# Configure ntp.conf to use AD DCs`
refactor ♻️: Update ntp.conf to use AD DCs, configure winbind, and enable SMB service with appropriate ID mapping. Refactored the ntp configuration to include AD domain controllers, updated winbind settings for local BUILTIN accounts, and enabled SMB service with proper ID mapping. 2025-10-09 17:25:12 +02:00			`- name: Ensure 'tinker panic 0' is present`
			`lineinfile:`
			`path: /etc/ntp.conf`
			`line: "tinker panic 0"`
			`insertafter: BOF`
			`state: present`

refactor ♻️: Refactoring the main.yml files to include NTP server configuration and backup of original ntp.conf. Updated the `defaults/main.yml`, `handlers/main.yml`, and `tasks/main.yml` files to add NTP server configuration and a backup of the original `ntp.conf` file. This ensures that the system uses AD DCs as time sources and maintains a backup for future reference. 2025-10-08 22:03:21 +02:00			`- name: Configure ntp.conf with AD domain controllers`
			`blockinfile:`
			`path: /etc/ntp.conf`
			`marker: "# {mark} ANSIBLE_MANAGED_AD_NTP"`
			`block: \|`
			`{% for server in ntp_servers %}`
			`server {{ server }} iburst`
			`{% endfor %}`
			`notify: Restart ntp`

			`# Enable and start ntp service`
			`- name: Ensure ntp is running and enabled`
			`service:`
			`name: ntp`
			`state: started`
			`enabled: yes`

refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain. Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process. 2025-10-08 19:04:53 +02:00			`- name: Configure Kerberos`
			`template:`
			`src: krb5.conf.j2`
			`dest: /etc/krb5.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`

			`- name: Configure Samba`
			`template:`
			`src: smb.conf.j2`
			`dest: /etc/samba/smb.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`

			`- name: Join the domain`
			`shell: \|`
			`echo "{{ ad_admin_password }}" \| net ads join -U {{ ad_admin_user }}%{{ ad_admin_password }}`
			`args:`
			`warn: false`
			`register: join_result`
			`changed_when: "'Joined domain' in join_result.stdout"`

refactor ♻️: Update ntp.conf to use AD DCs, configure winbind, and enable SMB service with appropriate ID mapping. Refactored the ntp configuration to include AD domain controllers, updated winbind settings for local BUILTIN accounts, and enabled SMB service with proper ID mapping. 2025-10-09 17:25:12 +02:00			`# Ensure winbind is appended to passwd and group in /etc/nsswitch.conf`
			`- name: Ensure winbind is appended to passwd and group NSS databases`
			`lineinfile:`
			`path: /etc/nsswitch.conf`
			`regexp: '^{{ item }}:'`
			`line: "{{ item }}: files winbind"`
			`backrefs: yes`
			`loop:`
			`- passwd`
			`- group`

			`# Append [success=continue] winbind to existing initgroups line`
			`- name: Ensure [success=continue] winbind is present in initgroups line if it exists`
			`replace:`
			`path: /etc/nsswitch.conf`
			`regexp: '^(initgroups:.?)(\swinbind)?$'`
			`replace: '\1 [success=continue] winbind'`
			`when: "'initgroups:' in lookup('file', '/etc/nsswitch.conf')"`


refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain. Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process. 2025-10-08 19:04:53 +02:00			`- name: Enable and start required services`
			`service:`
			`name: "{{ item }}"`
			`state: started`
			`enabled: yes`
			`loop:`
			`- smbd`
			`- nmbd`
			`- winbind`