- name: Install Samba
  ansible.builtin.apt:
    name: samba
    state: present

- name: Create nologin shell accounts for Samba
  ansible.builtin.user:
    name: "{{ item.name }}"
    state: present
    shell: /usr/sbin/nologin
    createhome: false
    system: yes
  loop: "{{ samba.users }}"
  when: item.manage_user is defined and item.manage_user is true

- name: Create Samba users
  ansible.builtin.shell: "smbpasswd -a {{ item.name }}"
  args:
    stdin: "{{ item.password }}\n{{ item.password }}"
  loop: "{{ samba.users }}"
  register: samba_users
  changed_when: "'User added' in samba_users.stdout"

- name: Ensure share directories exist
  ansible.builtin.file:
    path: "{{ item.path }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    state: directory
    mode: 0755
  loop: "{{ samba.shares }}"

- name: Configure Samba shares
  ansible.builtin.template:
    src: smb.conf.j2
    dest: /etc/samba/smb.conf
  notify: restart_samba

- name: Start smbd and enable on boot
  ansible.builtin.service:
    name: smbd
    state: started
    enabled: true

- name: Allow SMB connections
  community.general.ufw:
    rule: allow
    port: 445
    proto: tcp
    from: "{{ item }}"
    state: enabled
  loop: "{{ samba.firewall }}"