---
- name: Ensure mountpoints are present
  ansible.builtin.file:
    path: "{{ item.path }}"
    recurse: True
    state: directory
  loop: "{{ pve_disk_mount }}"
  loop_control:
    label: "{{ item.path }}"

- name: Add diskmounts to fstab
  ansible.posix.mount:
    path: "{{ item.path }}"
    src: "{{ item.src }}"
    fstype: "{{ item.fstype }}"
    opts: "{{ item.opts | default(omit) }}"
    state: "{{ item.state | default('mounted') }}"
  loop: "{{ pve_disk_mount }}"
  loop_control:
    label: "{{ item.src }}   {{ item.path }}"

- name: Remove motd from oam stack
  community.general.pamd:
    name: "{{ item.name }}"
    type: "{{ item.type }}"
    control: "{{ item.control }}"
    module_path: "{{ item.path }}"
    state: absent
  loop:
    - name: "login"
      type: "session"
      control: "optional"
      path: "pam_motd.so"
    - name: "sshd"
      type: "session"
      control: "optional"
      path: "pam_motd.so"
  when: not pve_pamd_motd_enabled | bool

- name: Create tmp folder for pve
  ansible.builtin.file:
    path: "{{ __pve_tmp_dir }}"
    recurse: True
    state: directory

- name: Configure auth provider
  ansible.builtin.template:
    src: etc/pve/domains.cfg.j2
    dest: "{{ __pve_tmp_dir }}/domains.cfg"
    owner: root
    group: www-data
    mode: "0640"
  register: __pve_domains_copy

- name: Copy auth provider to pve filesystem
  ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
  changed_when: __pve_domains_copy.changed

- name: Configure LDAP auth
  ansible.builtin.include_tasks: ldap.yml
  when:
    - pve_auth_ldap_enabled | bool
    - pve_auth_ldap_bind_password is defined

- name: Configure pveproxy
  ansible.builtin.import_tasks: tls.yml
  when: pve_tls_enabled | bool
  tags: tls_renewal