---
- name: Create tmp folder for pve
  ansible.builtin.file:
    path: "{{ __pve_tmp_dir }}"
    recurse: True
    state: directory

- name: Configure auth provider
  ansible.builtin.template:
    src: etc/pve/domains.cfg.j2
    dest: "{{ __pve_tmp_dir }}/domains.cfg"
    owner: root
    group: www-data
    mode: "0640"
  register: __pve_domains_copy

- name: Copy auth provider to pve filesystem
  ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
  changed_when: __pve_domains_copy.changed

- when:
    - pve_auth_ldap_enabled | bool
    - pve_auth_ldap_bind_password is defined
  block:
    - name: Ensure path for auth file exists
      ansible.builtin.file:
        path: "{{ __pve_base_dir }}/priv/ldap"
        recurse: True
        state: directory

    - name: Add passwd file for ldap bind
      ansible.builtin.template:
        src: etc/pve/priv/ldap.pw.j2
        dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
        owner: root
        group: www-data
        mode: "0640"
      register: __pve_auth_copy

    - name: Copy passwd file to pve filesystem
      ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
      changed_when: __pve_auth_copy.changed