---
- name: install packages
  package:
    name: autofs
    state: installed

- name: allow nfs home directories for selinux
  seboolean:
    name: use_nfs_home_dirs
    state: true
    persistent: true

- name: configure ldap server for autofs
  lineinfile:
    dest: /etc/autofs.conf
    regexp: '^#?ldap_uri\s*=.*'
    line: "ldap_uri = {% for u in ldap_server %}ldaps://{{ u }} {% endfor %}"
  notify: restart autofs

- name: configure ldap schema for autofs
  lineinfile:
    dest: /etc/autofs.conf
    line: "{{ item }}"
    insertbefore: "^# auth_conf_file"
  notify: restart autofs
  with_items:
    - value_attribute = automountInformation
    - entry_attribute = automountKey
    - map_attribute = ou
    - entry_object_class = automount
    - map_object_class = organizationalUnit

- name: configure ldap auth for autofs
  template:
    dest: /etc/autofs_ldap_auth.conf
    src: autofs_ldap_auth.conf.j2
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart autofs

- name: create auto.master config
  template:
    dest: /etc/auto.master
    src: auto.master.j2
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart autofs

- name: start autofs service
  service:
    name: autofs
    state: started
    enabled: true

- name: disable authorized_keys file from users
  lineinfile:
    path: /etc/ssh/sshd_config
    line: AuthorizedKeysFile none
    regexp: '^AuthorizedKeysFile\s+.*'
  notify: restart sshd

- name: enable authorized_keys file for root
  blockinfile:
    path: /etc/ssh/sshd_config
    block: |
      Match User root
          AuthorizedKeysFile .ssh/authorized_keys
  notify: restart sshd

- name: move user cache from home directory to tmpfs
  copy:
    dest: "/etc/profile.d/{{ item }}"
    src: "{{ item }}"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  with_items:
    - usercache.sh
    - usercache.csh