install_freeipa-server:
  cmd.run:
    - name: "dnf module install -y idm:DL1/{server,client,dns}"

set_dm_password:
  environ.setenv:
    - name: DM_PASSWORD
    - value: "{%- include 'secure/passwords/ipa_DM_password.txt' -%}"

set_admin_password:
  environ.setenv:
    - name: ADMIN_PASSWORD
    - value: "{%- include 'secure/passwords/ipa_ADMIN_password.txt' -%}"

setup_freeipa:
  cmd.run:
    - name: "ipa-server-install -U -p $DM_PASSWORD -a $ADMIN_PASSWORD --hostname=ipa.actcur.com -r ACTCUR.COM --mkhomedir"

unset_dm_password:
  environ.setenv:
    - name: DM_PASSWORD
    - value: "False"
    - false_unsets: true

unset_admin_password:
  environ.setenv:
    - name: ADMIN_PASSWORD
    - value: "False"
    - false_unsets: true

update_firewall:
  cmd.run:
    - name: "firewall-cmd --permanent --add-service={http,https,ldap,ldaps,kerberos,dns,ntp}"