---
- name: Gather service facts
  service_facts:
  
- name: Determine DNS manager
  set_fact:
    dns_manager: >-
      {% if 'systemd-resolved.service' in ansible_facts.services and ansible_facts.services['systemd-resolved.service'].state == 'running' %}
        systemd-resolved
      {% elif 'NetworkManager.service' in ansible_facts.services and ansible_facts.services['NetworkManager.service'].state == 'running' %}
        NetworkManager
      {% else %}
        manual
      {% endif %}

- name: Configure DNS for systemd-resolved
  when: dns_manager == 'systemd-resolved'
  template:
    src: resolved.conf.j2
    dest: /etc/systemd/resolved.conf
    owner: root
    group: root
    mode: '0644'
  notify: Restart systemd-resolved

- name: Ensure /etc/resolv.conf points to systemd stub
  when: dns_manager == 'systemd-resolved'
  file:
    src: /run/systemd/resolve/stub-resolv.conf
    dest: /etc/resolv.conf
    state: link
    force: true

- name: Configure DNS via NetworkManager (nmcli)
  when: dns_manager == 'NetworkManager'
  block:
    - name: Set DNS servers with nmcli
      shell: >
        nmcli con mod "{{ nm_connection_name }}"
        ipv4.dns "{{ dns_servers | join(' ') }}"
        ipv4.ignore-auto-dns yes
      args:
        warn: false

    - name: Set search domain with nmcli
      shell: >
        nmcli con mod "{{ nm_connection_name }}"
        ipv4.dns-search "{{ dns_search }}"
      args:
        warn: false

    - name: Bring connection down and up to apply changes
      shell: >
        nmcli con down "{{ nm_connection_name }}" && nmcli con up "{{ nm_connection_name }}"
      ignore_errors: true

  when: dns_manager == 'manual'
  template:
    src: resolv.conf.j2
    dest: /etc/resolv.conf
    owner: root
    group: root
    mode: '0644'

- name: Install required packages
  apt:
    name:
      - samba
      - krb5-user
      - winbind
      - libpam-winbind
      - libnss-winbind
      - ntp
    state: present
  become: yes

- name: Configure /etc/resolv.conf for AD DNS resolution
  template:
    src: resolv.conf.j2
    dest: /etc/resolv.conf
    owner: root
    group: root
    mode: '0644'
  notify: Restart networking if required

# Backup original ntp.conf (optional safety)
- name: Backup original ntp.conf
  copy:
    src: /etc/ntp.conf
    dest: /etc/ntp.conf.bak
    remote_src: yes
    force: no
  ignore_errors: yes

# Configure ntp.conf to use AD DCs
- name: Configure ntp.conf with AD domain controllers
  blockinfile:
    path: /etc/ntp.conf
    marker: "# {mark} ANSIBLE_MANAGED_AD_NTP"
    block: |
      {% for server in ntp_servers %}
      server {{ server }} iburst
      {% endfor %}
  notify: Restart ntp

# Enable and start ntp service
- name: Ensure ntp is running and enabled
  service:
    name: ntp
    state: started
    enabled: yes

- name: Configure Kerberos
  template:
    src: krb5.conf.j2
    dest: /etc/krb5.conf
    owner: root
    group: root
    mode: '0644'

- name: Configure Samba
  template:
    src: smb.conf.j2
    dest: /etc/samba/smb.conf
    owner: root
    group: root
    mode: '0644'

- name: Join the domain
  shell: |
    echo "{{ ad_admin_password }}" | net ads join -U {{ ad_admin_user }}%{{ ad_admin_password }}
  args:
    warn: false
  register: join_result
  changed_when: "'Joined domain' in join_result.stdout"

- name: Enable and start required services
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  loop:
    - smbd
    - nmbd
    - winbind