---
- name: Install FreeIPA client packages
  ansible.builtin.package:
    name:
      - freeipa-client
      - sssd
      - sssd-tools
      - oddjob
      - oddjob-mkhomedir
    state: present

- name: Set hostname FQDN
  ansible.builtin.hostname:
    name: "{{ inventory_hostname }}.im.lab"

- name: Check if FreeIPA client is already configured
  ansible.builtin.stat:
    path: /etc/ipa/default.conf
  register: ipa_client_conf

- name: Enroll to FreeIPA
  ansible.builtin.command:
    argv:
      - ipa-client-install
      - --domain=im.lab
      - --realm=IM.LAB
      - --server=ipa.im.lab
      - "--hostname={{ inventory_hostname }}.im.lab"
      - --mkhomedir
      - --principal=admin
      - --password={{ ipa_admin_password }}
      - --unattended
      - --force-join
  no_log: false
  when: not ipa_client_conf.stat.exists

- name: Enable mkhomedir
  ansible.builtin.command:
    argv:
      - authselect
      - enable-feature
      - with-mkhomedir
  register: authselect_mkhomedir
  changed_when: "'already enabled' not in authselect_mkhomedir.stdout"
  failed_when: false

- name: Enable and start oddjobd
  ansible.builtin.service:
    name: oddjobd
    state: started
    enabled: true

- name: Enable and start SSSD
  ansible.builtin.service:
    name: sssd
    state: started
    enabled: true