---
- name: Ensure the desktop user exists
  ansible.builtin.user:
    name: "{{ plasma_user }}"
    shell: "{{ plasma_user_shell }}"
    create_home: true
    state: present
    password_lock: false
  become: true
  when: plasma_manage_user | bool

- name: Fail when the desktop user password is not provided
  ansible.builtin.assert:
    that:
      - plasma_user_password_plaintext | length > 0
    fail_msg: >-
      plasma_user_password_plaintext must be set so XRDP can authenticate the
      desktop user.
  when: plasma_manage_user | bool

- name: Set desktop user password for XRDP login
  ansible.builtin.user:
    name: "{{ plasma_user }}"
    password: "{{ plasma_user_password_plaintext | password_hash('sha512') }}"
    update_password: always
    password_lock: false
  become: true
  no_log: true
  when: plasma_manage_user | bool

- name: Ensure the desktop user can sudo
  ansible.builtin.user:
    name: "{{ plasma_user }}"
    groups: "{{ plasma_user_groups }}"
    append: true
    state: present
  become: true
  when:
    - plasma_manage_user | bool
    - plasma_user_groups | length > 0

- name: Ensure Plasma session file is present
  ansible.builtin.template:
    src: xsession.j2
    dest: "{{ plasma_xsession_file }}"
    owner: "{{ plasma_user }}"
    group: "{{ plasma_user }}"
    mode: "0644"
  become: true
  when: plasma_manage_user | bool
  notify:
    - Restart xrdp
    - Restart xrdp sesman