---
- name: Ensure the desktop user exists
  ansible.builtin.user:
    name: "{{ gnome_user }}"
    shell: "{{ gnome_user_shell }}"
    create_home: true
    state: present
    password_lock: false
  become: true
  when: gnome_manage_user | bool

- name: Fail when the desktop user password is not provided
  ansible.builtin.assert:
    that:
      - gnome_user_password_plaintext | length > 0
    fail_msg: >-
      gnome_user_password_plaintext must be set so XRDP can authenticate the
      desktop user.
  when: gnome_manage_user | bool

- name: Set desktop user password for XRDP login
  ansible.builtin.user:
    name: "{{ gnome_user }}"
    password: "{{ gnome_user_password_plaintext | password_hash('sha512') }}"
    update_password: always
    password_lock: false
  become: true
  no_log: true
  when: gnome_manage_user | bool

- name: Ensure the desktop user can sudo
  ansible.builtin.user:
    name: "{{ gnome_user }}"
    groups: "{{ gnome_user_groups }}"
    append: true
    state: present
  become: true
  when:
    - gnome_manage_user | bool
    - gnome_user_groups | length > 0

- name: Ensure GNOME session file is present
  ansible.builtin.template:
    src: xsession.j2
    dest: "{{ gnome_xsession_file }}"
    owner: "{{ gnome_user }}"
    group: "{{ gnome_user }}"
    mode: "0644"
  become: true
  when: gnome_manage_user | bool
  notify:
    - Restart xrdp
    - Restart xrdp sesman