---
- name: Deploy BaseUser auto-group sync
  hosts: all
  become: yes

  tasks:

    - name: Install script
      copy:
        src: auto-add-baseuser.sh
        dest: /usr/local/bin/auto-add-baseuser.sh
        mode: '0755'

    - name: Install systemd service
      copy:
        dest: /etc/systemd/system/baseuser-sync.service
        mode: '0644'
        content: |
          [Unit]
          Description=Sync FreeIPA BaseUser membership to local group
          After=sssd.service

          [Service]
          Type=oneshot
          ExecStart=/usr/local/bin/auto-add-baseuser.sh

    - name: Install systemd path unit
      copy:
        dest: /etc/systemd/system/baseuser-sync.path
        mode: '0644'
        content: |
          [Unit]
          Description=Trigger BaseUser sync on login

          [Path]
          PathExistsGlob=/run/user/*

          [Install]
          WantedBy=multi-user.target

    - name: Reload systemd
      command: systemctl daemon-reload

    - name: Enable and start path unit
      systemd:
        name: baseuser-sync.path
        enabled: yes
        state: started