---
- name: Set system settings to registry
  xoxys.general.ucr:
    path: "{{ item.path }}"
    value: "{{ item.value }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ __usc_registry_settings + ucs_registry_extra }}"
  loop_control:
    label: "{{ item.path }}={{ item.value }}"

- name: Create system groups
  community.general.udm_group:
    name: "{{ item.name }}"
    description: "{{ item.description | default(omit) }}"
    subpath: "{{ item.subpath | default(omit) }}"
    ou: "{{ item.ou | default(omit) }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ ucs_system_groups }}"
  loop_control:
    label: "{{ item.name }}"

- name: Set acl for shares
  ansible.posix.acl:
    path: "{{ item.path }}"
    entity: "{{ item.entity }}"
    etype: "{{ item.etype }}"
    permissions: "{{ item.permissions }}"
    state: "{{ item.state | default('query') }}"
    recursive: "{{ item.recursive | default('no') }}"
    default: "{{ item.default | default('no') }}"
  loop: "{{ ucs_filesystem_acl }}"
  loop_control:
    label: "{{ item.path }}"

- name: Setup custom cronjobs
  ansible.builtin.cron:
    name: "{{ item.name }}"
    minute: "{{ item.minute | default(0) }}"
    hour: "{{ item.hour | default(3) }}"
    day: "{{ item.day | default('*') }}"
    weekday: "{{ item.weekday | default('*') }}"
    month: "{{ item.month | default('*') }}"
    user: "{{ item.user | default('root') }}"
    cron_file: univention-custom
    job: "{{ item.job }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ ucs_cronjobs }}"
  loop_control:
    label: "{{ item.name }}"

- name: Configure custom TLS certificates
  when: ucs_custom_tls_enabled | bool
  block:
    - name: Set apache2 ucr vars
      xoxys.general.ucr:
        path: "{{ item.path }}"
        value: "{{ item.value }}"
      loop:
        - path: apache2/ssl/certificate
          value: "{{ ucs_custom_tls_cert_path }}"
        - path: apache2/ssl/key
          value: "{{ ucs_custom_tls_key_path }}"
        - path: saml/apache2/ssl/certificate
          value: "{{ ucs_custom_tls_cert_path }}"
        - path: saml/apache2/ssl/key
          value: "{{ ucs_custom_tls_key_path }}"
      loop_control:
        label: "{{ item.path }}={{ item.value }}"
      notify: __ucs_apache_restart
      when: ucs_custom_tls_apache2_enabled

    - name: Set dovecot ucr vars
      xoxys.general.ucr:
        path: "{{ item.path }}"
        value: "{{ item.value }}"
      loop:
        - path: mail/dovecot/ssl/certificate,
          value: "{{ ucs_custom_tls_cert_path }}"
        - path: mail/dovecot/ssl/key
          value: "{{ ucs_custom_tls_key_path }}"
      loop_control:
        label: "{{ item.path }}={{ item.value }}"
      notify: __ucs_dovecot_restart
      when: ucs_custom_tls_dovecot_enabled

    - name: Set postfix ucr vars
      xoxys.general.ucr:
        path: "{{ item.path }}"
        value: "{{ item.value }}"
      loop:
        - path: mail/postfix/ssl/certificate
          value: "{{ ucs_custom_tls_cert_path }}"
        - path: mail/postfix/ssl/key
          value: "{{ ucs_custom_tls_key_path }}"
      loop_control:
        label: "{{ item.path }}={{ item.value }}"
      notify: __ucs_postfix_restart
      when: ucs_custom_tls_postfix_enabled