# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Install and configure FREERADIUS TOTP
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# install packages if there are not present in the system
- name: install packagesfor freeradiusotp if is not in the system
  apt:
    name: "{{ item }}"
    state: present
  with_items:
    - freeradius
    - freeradius-ldap
    - libpam-google-authenticator
    - python3-qrcode
    - zip
    - mutt
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config symbolic files to enable modules
- name: create a symbolic link
  ansible.builtin.file:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: freerad
    group: freerad
    state: link
    force: yes
  loop:
#    - { src: '"{{ freeradius_mods_enabled_folder }}"ldap', dest: '"{{ freeradius_mods_available_folder }}"ldap' }
#    - { src: '"{{ freeradius_mods_enabled_folder }}"pam', dest: '"{{ freeradius_mods_available_folder }}"pam' }
    - { src: '{{ freeradius_mods_available_folder }}ldap', dest: '{{ freeradius_mods_enabled_folder }}ldap' }
    - { src: '{{ freeradius_mods_available_folder }}pam', dest: '{{ freeradius_mods_enabled_folder }}pam' }
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/sites-enabled/default
- name: config default file
  ansible.builtin.template:
    src: default.j2
    dest: "{{ freeradius_default_config }}"
    owner: freerad
    group: freerad
    mode: '0640'
    backup: yes
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/mods-available/ldap
#- name: config ldap file
#  ansible.builtin.template:
#    src: ldap.j2
#    dest: "{{ freeradius_mod_ldap }}"
#    owner: freerad
#    group: freerad
#    mode: '0640'
#    backup: yes
# paso1 - copy
- name: copy file ldap
  copy:
    src: ldap
    dest: "{{ freeradius_mod_ldap }}"
    owner: freerad
    group: freerad
    mode: '0640'
    backup: yes
# paso2 - lineinfile password with vault
- name: add password with ansible vault to file ldap
  lineinfile:
    dest: "{{ freeradius_mod_ldap }}"
    regexp: "{{item.regexp}}"
    line: "{{item.line}}"
    state: present
  with_items: 
    - regexp: "^	password ="
      line: "	password = {{ bindradiusldap_password }}"
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/dictionary
- name: config dictionary file
  ansible.builtin.template:
    src: dictionary.j2
    dest: "{{ freeradius_dictionary_config }}"
    owner: freerad
    group: freerad
    mode: '0640'
    backup: yes
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/clients.conf
- name: config clients.conf file
  ansible.builtin.template:
    src: clients.j2
    dest: "{{ freeradius_clients_config }}"
    owner: freerad
    group: freerad
    mode: '0640'
    backup: yes
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/policy.d/filter
- name: config filter file
  ansible.builtin.template:
    src: filter.j2
    dest: "{{ freeradius_filter_config }}"
    owner: freerad
    group: freerad
    mode: '0640'
    backup: yes
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/radiusd.conf
- name: config radius.conf file
  ansible.builtin.template:
    src: radiusd.j2
    dest: "{{ freeradius_base_config }}"
    owner: freerad
    group: freerad
    mode: '0640'
    backup: yes
  notify: restart freeradius
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/pam.d/radiusd
- name: config pam radiusd file
  ansible.builtin.template:
    src: radiusdpam.j2
    dest: "{{ freeradius_pam_config }}"
    owner: root
    group: root
    mode: '0644'
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /lib/systemd/system/freeradius.service
- name: config freeradius systemd service file
  ansible.builtin.template:
    src: freeradiusservice.j2
    dest: "{{ freeradius_service_config }}"
    owner: root
    group: root
    mode: '0644'
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# force systemd to reread configs
- name: Just force systemd to reread configs (2.4 and above)
  ansible.builtin.systemd_service:
    daemon_reload: true
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++