---
- name: Install FreeIPA client packages
  ansible.builtin.package:
    name:
      - freeipa-client
      - sssd
      - sssd-tools
      - oddjob
      - oddjob-mkhomedir
    state: present

- name: Set hostname
  ansible.builtin.hostname:
    name: "{{ inventory_hostname }}"


- name: Enroll to FreeIPA
  ansible.builtin.command: >
    ipa-client-install
    --domain=im.lab
    --realm=IPA.IM.LAB
    --server=ipa.im.lab
    --hostname={{ inventory_hostname }}
    --mkhomedir
    --unattended
  args:
    creates: /etc/ipa/default.conf

- name: Configure SSSD
  freeipa.ansible_freeipa.ipaclient_setup_sssd:
    servers: ["ipa.im.lab"]
    domain: im.lab
    realm: IPA.IM.LAB
    hostname: "{{ inventory_hostname }}"
    no_krb5_offline_passwords: yes
  notify: Restart SSSD

- name: Enable and start SSSD
  ansible.builtin.service:
    name: sssd
    state: started
    enabled: true