---
- name: Share a directory with SMB
  hosts: serverc.lab.example.com
  become: true
  vars_files:
    - smb_vars.yml

  tasks:
    - name: the package for a Samba server is installed
      yum:
        name: samba
        state: present

    - name: the Linux group for Samba users exists
      group:
        name: "{{ allowed_group }}"

    - name: the Linux user for Samba exists
      user:
        name: "{{ samba_user }}"
        password: "{{ samba_user_password | password_hash('sha512', 'secretsalt') }}"
        groups:
          - "{{ allowed_group }}"

    - name: the Linux user is in Samba database
      command: smbpasswd -s -a {{ samba_user }}
      args:
        stdin: "{{ samba_user_password }}\n{{ samba_user_password }}"

    - name: the Linux user for Samba mount exists
      user:
        name: "{{ samba_usermount }}"
        shell: /sbin/nologin
        create_home: no
        system: yes

    - name: the Samba user for Samba mount exists
      command: smbpasswd -s -a {{ samba_usermount }}
      args:
        stdin: "{{ samba_passmount }}\n{{ samba_passmount }}"

    - name: the directory exists
      file:
        path: "{{ shared_dir }}"
        owner: "{{ samba_usermount }}"
        group: "{{ allowed_group }}"
        mode: '2570'
        state: directory
        setype: samba_share_t

    - name: the directory is shared
      template:
        src: templates/smb.conf.j2
        dest: /etc/samba/smb.conf
        owner: root
        group: root
        mode: '0644'
        setype: samba_etc_t
      notify: reload smb

    - name: the SMB service is started and enabled
      service:
        name: smb
        state: started
        enabled: yes

    - name: the firewall is opened for SMB
      firewalld:
        service: samba
        state: enabled
        immediate: yes
        permanent: yes

  handlers:
    - name: reload smb
      service:
        name: smb
        state: reloaded