{##only run if freeipa is enabled##}
{%- if grains['freeipa_enabled'] is defined -%}
  {%- if grains['freeipa_enabled'] == true %}
{% set hostname=grains['host'] %}
{% set ip=grains['fqdn_ip4'][0] %}
install_sssd:
  pkg.installed:
    - name: sssd

/etc/sssd/sssd.conf:
  file.managed:
    - source: salt://systems/core/freeipa/manual/sssd.conf
    - user: root
    - group: root
    - mode: 600
    - template: jinja
    - context:
      hostname: {{hostname}}

/etc/nsswitch.conf:
  file.managed:
    - source: salt://systems/core/freeipa/manual/nsswitch.conf
    - user: root
    - group: root
    - mode: 644

/etc/nscd.conf:
  file.managed:
    - source: salt://systems/core/freeipa/manual/nscd.conf
    - user: root
    - group: root
    - mode: 644

/etc/krb5.conf:
  file.managed:
    - source: salt://systems/core/freeipa/manual/krb5.conf
    - user: root
    - group: root
    - mode: 644

/etc/pam.d:
  file.recurse:
    - source: salt://systems/core/freeipa/manual/pam.d/
    - user: root
    - group: root
    - dir_mode: 755
    - file_mode: 644

/etc/sudoers.d/freeipa:
  file.managed:
    - source: salt://systems/core/freeipa/manual/sudoers
    - user: root
    - group: root
    - mode: 644

freeipa_sssd_service:
  service.running:
    - name: sssd
    - enable: true
    - watch:
      - file: /etc/sssd/sssd.conf
      - file: /etc/nsswitch.conf
      - file: /etc/nscd.conf
      - file: /etc/krb5.conf
      - file: /etc/pam.d

freeipa_nscd_service:
  service.running:
    - name: nscd
    - enable: true
    - watch:
      - file: /etc/sssd/sssd.conf
      - file: /etc/nsswitch.conf
      - file: /etc/nscd.conf
      - file: /etc/krb5.conf
      - file: /etc/pam.d
  {% endif %}
{% endif %}