---

- name: Set Default umask for Users
  lineinfile:
    dest: '/etc/login.defs'
    regexp: "UMASK"
    line: "UMASK 027"
    state: present

- include: xrdp.yml
- include: app_common.yml
- include: samba.yml

- include: lightburn.yml
- include: estlcam.yml
- include: slicer.yml

- name: Create tsadmin group
  group: name={{ tsadmin_group }}

- name: Create tsadmin_user
  user: name={{ tsadmin_user }} password={{ tsadmin_pass | password_hash('sha512', tsadmin_salt) }} home=/home/{{ tsadmin_user }} group={{ tsadmin_group }}

- name: Allow 'tsadmin_user' group to have passwordless sudo to other users
  lineinfile:
    dest: /etc/sudoers
    state: present
    regexp: '^{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'
    line: '{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'
    validate: visudo -cf %s
  with_dict:
  - "{{ xrdp_applications }}"

- name: Create tsadmin_user .xsession
  template: src=tsadmin_xsession.j2 dest=/home/{{ tsadmin_user }}/.xsession