---
- name: Change workstation administrator password
  win_user:
    account_locked: no
    name: Administrator
    password: "{{ workstation_password }}"
    password_expired: no
    update_password: always
    password_never_expires: yes
    state: present

- name: Change ansible password for this server
  set_fact:
    ansible_password: "{{ workstation_password }}"

- name: Remove domain student account from Remote Desktop Users
  win_group_membership:
    name: "Remote Desktop Users"
    members:
    - "{{ dns_domain_name_short }}\\{{ user_prefix }}"
    state: absent

- name: Remove specific users from Remote Management
  win_group_membership:
    name: "Remote Management Users"
    members:
    - "{{ dns_domain_name_short }}\\Ansible Users"
    - "devops"
    state: absent

- name: Remove specific users from Administrators
  win_group_membership:
    name: "Administrators"
    members:
    - "{{ dns_domain_name_short }}\\Ansible Users"
    - "devops"
    state: absent

- name: Add local student user to workstation
  win_user:
    account_locked: no
    description: "Workstation Training account"
    fullname: "Training User"
    groups:
      - Administrators
    name: "{{ workstation_user }}"
    password: "{{ workstation_password }}"
    state: present
    user_cannot_change_password: yes

# TODO figure out why this doesn't work
# JR: Ansible just ignores this and runs as Administrator but when I set
#     "become" vars via set_fact it uses them - go figure????
# - become: yes
#   become_user: "{{ workstation_user }}"
#   become_method: runas
#   become_flags: logon_type=new_credentials logon_flags=netcredentials_only
#   vars:
#     ansible_become_password: "{{ windows_password }}"
- block:
  - name: Become student the hackish way
    set_fact:
      ansible_become_user: "{{ workstation_user }}"
      ansible_become: yes
      ansible_become_password: "{{  workstation_password }}"
      ansible_become_method: runas

  - name: install Chocolatey
    win_chocolatey:
      name: chocolatey
      state: present

  - name: disable enhanced exit codes
    win_chocolatey_feature:
      name: useEnhancedExitCodes
      state: disabled
    when: ansible_version.full is version_compare('2.8', '<')

  - name: Install Visual Studio Code, Git, and Chrome
    win_chocolatey:
      name:
        - visualstudiocode
        - git
        - googlechrome
      ignore_checksums: true

  - name: Create a shortcut to Tower site
    win_shortcut:
      src: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe'
      dest: '%UserProfile%\Desktop\Ansible Tower.lnk'
      args: --new-window http://tower.{{ dns_domain_name }}/
      directory: '%ProgramFiles(x86)%\Google\Chrome\Application'
      icon: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe,0'

  - name: Create a shortcut to the user's Gitlab ansible-playbooks repository
    win_shortcut:
      src: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe'
      dest: '%UserProfile%\Desktop\GitLab.lnk'
      args: --new-window https://gitlab.{{ dns_domain_name }}/{{ user_prefix }}
      directory: '%ProgramFiles(x86)%\Google\Chrome\Application'
      icon: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe,0'

  - name: Create a shortcut to Ansible Docs site
    win_shortcut:
      src: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe'
      dest: '%UserProfile%\Desktop\Ansible Docs.lnk'
      args: --new-window http://docs.ansible.com/
      directory: '%ProgramFiles(x86)%\Google\Chrome\Application'
      icon: '%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe,0'

  - name: Set git to cache credentials
    win_command: git config --global credential.helper manager

  - name: Allow insecure git repos for self signed certificates
    win_command: git config --global http.sslVerify "false"

  - name: Set git user
    win_command: git config --global user.name "{{ user_prefix }}"

  - name: Set git user email
    win_command: git config --global user.email "{{ user_prefix }}@{{ dns_domain_name }}"

  - name: Set git password
    win_shell: cmdkey /generic:LegacyGeneric:target=git:https://gitlab.{{ dns_domain_name }} /user:{{ user_prefix }} /pass:"{{ windows_password }}"

  - name: Set git password
    win_shell: cmdkey /generic:LegacyGeneric:target=git:https://{{ user_prefix }}@gitlab.{{ dns_domain_name }} /user:{{ user_prefix }} /pass:"{{ windows_password }}"

  - name: Copy .gitconfig to user directory
    win_copy:
      src: C:\Windows\.gitconfig
      dest: C:\Users\{{ workstation_user }}\.gitconfig
      remote_src: True

  # - name: Clone student git repo
  #   win_command: git clone https://gitlab.{{ dns_domain_name }}/{{ user_prefix }}/{{ user_prefix }}.git
  #   args:
  #     chdir: C:\Users\{{ workstation_user }}\Documents
  #     creates: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}
  #
  # - name: Create Readme file to intialize the repo
  #   win_copy:
  #     dest: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}\README.md
  #     content: ""
  #   register: initialize
  #
  # - name: Add initial file
  #   win_command: git add C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}\README.md
  #   args:
  #     chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}
  #   when: initialize.changed
  #
  # - name: Commit initial file
  #   win_command: git commit -m "Initialize"
  #   args:
  #     chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}
  #   when: initialize.changed
  #
  # - name: Push initial commit
  #   win_command: git push
  #   args:
  #     chdir: C:\Users\{{ workstation_user }}\Documents\{{ user_prefix }}
  #   when: initialize.changed

  - name: Create VS Code Settings Directory
    win_file:
      path: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\
      state: directory

  - name: Create VS Code Settings Directory
    win_file:
      path: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\
      state: directory

  - name: Configure VS Code Settings File
    win_copy:
      src: files/settings.json
      dest: C:\Users\{{ workstation_user }}\AppData\Roaming\Code\User\settings.json

  - name: Set Chrome to default Browser
    win_regedit:
      path: HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\{{ item }}\UserChoice
      name: ProgId
      data: ChromeHTML
    with_items:
      - http
      - https

  - name: Set Chrome to not ask about default browser
    win_regedit:
      path: HKLM:\Software\Policies\Google\Chrome
      name: DefaultBrowserSettingEnabled
      data: 0
      type: dword

  - name: Disable Chrome Welcome Screen
    win_regedit:
      path: HKLM:\Software\Policies\Google\Chrome
      name: "{{ item }}"
      data: 0
      type: dword
    with_items:
      - PromotionalTabsEnabled
      - WelcomePageOnOSUpgradeEnabled

  - name: Disable Chrome Syncing
    win_regedit:
      path: HKLM:\Software\Policies\Google\Chrome
      name: SyncDisabled
      data: 1
      type: dword

  - name: Disable Server Management at Startup
    win_regedit:
      path: HKCU:\Software\Microsoft\ServerManager\
      name: DoNotOpenServerManagerAtLogon
      data: 1
      type: dword

  - name: Remove EC2 Feedback Icon
    win_file:
      path: C:\Users\{{ workstation_user }}\Desktop\EC2 Feedback.website
      state: absent

  - name: Remove EC2 Website Icon
    win_file:
      path: C:\Users\{{ workstation_user }}\Desktop\EC2 Microsoft Windows Guide.website
      state: absent
  always:
  - name: Restore ansible user info
    set_fact:
      ansible_become: no

  # become: yes
  # become_user: "{{ workstation_user }}"
  # become_method: runas
  # become_flags: logon_type=new_credentials logon_flags=netcredentials_only
  # vars:
  #   ansible_become_password: "{{ windows_password }}"

- include_tasks: myrtille.yml

- include_tasks: git_lab.yml
  when: git_lab | d(false) | bool

- include_tasks: adv_lab.yml
  when: advanced_lab | d(false) | bool