tasks/main.yml

---
- name: Gather service facts
  service_facts:
  
- name: Determine DNS manager
  set_fact:
    dns_manager: >-
      {% if 'systemd-resolved.service' in ansible_facts.services and ansible_facts.services['systemd-resolved.service'].state == 'running' %}
        systemd-resolved
      {% elif 'NetworkManager.service' in ansible_facts.services and ansible_facts.services['NetworkManager.service'].state == 'running' %}
        NetworkManager
      {% else %}
        manual
      {% endif %}

- name: Configure DNS for systemd-resolved
  when: dns_manager == 'systemd-resolved'
  template:
    src: resolved.conf.j2
    dest: /etc/systemd/resolved.conf
    owner: root
    group: root
    mode: '0644'
  notify: Restart systemd-resolved

- name: Ensure /etc/resolv.conf points to systemd stub
  when: dns_manager == 'systemd-resolved'
  file:
    src: /run/systemd/resolve/stub-resolv.conf
    dest: /etc/resolv.conf
    state: link
    force: true

- name: Configure DNS via NetworkManager (nmcli)
  when: dns_manager == 'NetworkManager'
  block:
    - name: Set DNS servers with nmcli
      shell: >
        nmcli con mod "{{ nm_connection_name }}"
        ipv4.dns "{{ dns_servers | join(' ') }}"
        ipv4.ignore-auto-dns yes
      args:
        warn: false

    - name: Set search domain with nmcli
      shell: >
        nmcli con mod "{{ nm_connection_name }}"
        ipv4.dns-search "{{ dns_search }}"
      args:
        warn: false

    - name: Bring connection down and up to apply changes
      shell: >
        nmcli con down "{{ nm_connection_name }}" && nmcli con up "{{ nm_connection_name }}"
      ignore_errors: true

  when: dns_manager == 'manual'
  template:
    src: resolv.conf.j2
    dest: /etc/resolv.conf
    owner: root
    group: root
    mode: '0644'

- name: Install required packages
  apt:
    name:
      - samba
      - krb5-user
      - winbind
      - libpam-winbind
      - libnss-winbind
    state: present
  become: yes

- name: Configure /etc/resolv.conf for AD DNS resolution
  template:
    src: resolv.conf.j2
    dest: /etc/resolv.conf
    owner: root
    group: root
    mode: '0644'
  notify: Restart networking if required

- name: Configure Kerberos
  template:
    src: krb5.conf.j2
    dest: /etc/krb5.conf
    owner: root
    group: root
    mode: '0644'

- name: Configure Samba
  template:
    src: smb.conf.j2
    dest: /etc/samba/smb.conf
    owner: root
    group: root
    mode: '0644'

- name: Join the domain
  shell: |
    echo "{{ ad_admin_password }}" | net ads join -U {{ ad_admin_user }}%{{ ad_admin_password }}
  args:
    warn: false
  register: join_result
  changed_when: "'Joined domain' in join_result.stdout"

- name: Enable and start required services
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  loop:
    - smbd
    - nmbd
    - winbind
refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain. Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process. 2025-10-08 19:04:53 +02:00			`---`
refactor ♻️: Refactored the code to use a more structured approach for DNS configuration and added optional tests. Updated the role to include optional tests after running it, ensuring that DNS resolution is correctly configured. The code has been refactored to improve readability and maintainability. 2025-10-08 21:55:06 +02:00			`- name: Gather service facts`
			`service_facts:`

			`- name: Determine DNS manager`
			`set_fact:`
			`dns_manager: >-`
			`{% if 'systemd-resolved.service' in ansible_facts.services and ansible_facts.services['systemd-resolved.service'].state == 'running' %}`
			`systemd-resolved`
			`{% elif 'NetworkManager.service' in ansible_facts.services and ansible_facts.services['NetworkManager.service'].state == 'running' %}`
			`NetworkManager`
			`{% else %}`
			`manual`
			`{% endif %}`

			`- name: Configure DNS for systemd-resolved`
			`when: dns_manager == 'systemd-resolved'`
			`template:`
			`src: resolved.conf.j2`
			`dest: /etc/systemd/resolved.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`notify: Restart systemd-resolved`

			`- name: Ensure /etc/resolv.conf points to systemd stub`
			`when: dns_manager == 'systemd-resolved'`
			`file:`
			`src: /run/systemd/resolve/stub-resolv.conf`
			`dest: /etc/resolv.conf`
			`state: link`
			`force: true`

			`- name: Configure DNS via NetworkManager (nmcli)`
			`when: dns_manager == 'NetworkManager'`
			`block:`
			`- name: Set DNS servers with nmcli`
			`shell: >`
			`nmcli con mod "{{ nm_connection_name }}"`
			`ipv4.dns "{{ dns_servers \| join(' ') }}"`
			`ipv4.ignore-auto-dns yes`
			`args:`
			`warn: false`

			`- name: Set search domain with nmcli`
			`shell: >`
			`nmcli con mod "{{ nm_connection_name }}"`
			`ipv4.dns-search "{{ dns_search }}"`
			`args:`
			`warn: false`

			`- name: Bring connection down and up to apply changes`
			`shell: >`
			`nmcli con down "{{ nm_connection_name }}" && nmcli con up "{{ nm_connection_name }}"`
			`ignore_errors: true`

			`when: dns_manager == 'manual'`
			`template:`
			`src: resolv.conf.j2`
			`dest: /etc/resolv.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`

refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain. Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process. 2025-10-08 19:04:53 +02:00			`- name: Install required packages`
			`apt:`
			`name:`
			`- samba`
			`- krb5-user`
			`- winbind`
			`- libpam-winbind`
			`- libnss-winbind`
			`state: present`
			`become: yes`

refactor ♻️: Refactored the code to use a more structured approach for DNS configuration and added optional tests. Updated the role to include optional tests after running it, ensuring that DNS resolution is correctly configured. The code has been refactored to improve readability and maintainability. 2025-10-08 21:55:06 +02:00			`- name: Configure /etc/resolv.conf for AD DNS resolution`
			`template:`
			`src: resolv.conf.j2`
			`dest: /etc/resolv.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`notify: Restart networking if required`

refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain. Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process. 2025-10-08 19:04:53 +02:00			`- name: Configure Kerberos`
			`template:`
			`src: krb5.conf.j2`
			`dest: /etc/krb5.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`

			`- name: Configure Samba`
			`template:`
			`src: smb.conf.j2`
			`dest: /etc/samba/smb.conf`
			`owner: root`
			`group: root`
			`mode: '0644'`

			`- name: Join the domain`
			`shell: \|`
			`echo "{{ ad_admin_password }}" \| net ads join -U {{ ad_admin_user }}%{{ ad_admin_password }}`
			`args:`
			`warn: false`
			`register: join_result`
			`changed_when: "'Joined domain' in join_result.stdout"`

			`- name: Enable and start required services`
			`service:`
			`name: "{{ item }}"`
			`state: started`
			`enabled: yes`
			`loop:`
			`- smbd`
			`- nmbd`
			`- winbind`