---
# tasks file for Ansible-Lldap-Role

- name: Ensure install dir exist
  ansible.builtin.file:
    path: "{{ lldap_install_dir }}"
    owner: "root"
    group: "root"
    mode: "755"
    state: directory

- name: Download lldap
  ansible.builtin.unarchive:
    src: "{{ lldap_dowload_url }}"
    dest: "{{ lldap_install_dir }}"
    remote_src: true
    extra_opts:
      - --strip-components=1

- name: Create lldap user
  ansible.builtin.user:
    name: "{{ lldap_run_user }}"
    system: true
    shell: /bin/bash
    home: "/var/lib/lldap"
    create_home: true

- name: Add lldap service file
  ansible.builtin.template:
    src: lldap.service.j2
    dest: /etc/systemd/system/lldap.service
    mode: "644"

- name: Ensure lldap data dir exist
  ansible.builtin.file:
    path: "{{ lldap_data_dir }}"
    owner: "{{ lldap_run_user }}"
    group: "{{ lldap_run_group }}"
    mode: "750"
    state: directory

- name: Ensure lldap config dir exist
  ansible.builtin.file:
    path: "{{ lldap_config_dir }}"
    owner: "root"
    group: "{{ lldap_run_group }}"
    mode: "770"
    state: directory

- name: Update lldap config
  ansible.builtin.template:
    src: lldap-config.toml.j2
    dest: "{{ lldap_config_dir }}/lldap-config.toml"
    owner: "root"
    group: "{{ lldap_run_group }}"
    mode: "640"
  notify: Restart lldap

- name: Enable and start lldap service
  ansible.builtin.systemd:
    name: lldap
    daemon_reload: true
    enabled: true
    state: started