- name: ensure xrdp and dependencies are installed
  apt:
    name:
      - xrdp
      - xorg
      - tigervnc-xorg-extension
      - tigervnc-standalone-server
    state: present
    update_cache: true
    cache_valid_time: 86400

- name: configure polkit rules for xrdp sessions
  copy:
    src: xrdp_polkit.rules
    dest: /etc/polkit-1/rules.d/50-xrdp-session.rules
    mode: '0644'

- name: apply sysctl optimizations for rdp
  blockinfile:
    path: /etc/sysctl.conf
    block: |
      net.ipv4.tcp_wmem = 4096 262144 33554432
      net.ipv4.tcp_rmem = 4096 262144 33554432
      net.core.wmem_max = 33554432
      net.core.rmem_max = 33554432
      net.ipv4.tcp_window_scaling = 1
      net.ipv4.tcp_fastopen = 3
      net.core.netdev_max_backlog = 3000
      net.core.somaxconn = 2048
      net.ipv4.tcp_slow_start_after_idle = 0
      net.ipv4.tcp_adv_win_scale = 1
      net.core.default_qdisc = fq
      net.ipv4.tcp_congestion_control = bbr

- name: apply sysctl settings
  command: sysctl -p
  changed_when: false

- name: install xrdp logo
  copy:
    src: logo.bmp
    dest: /etc/xrdp/logo.bmp
    mode: '0644'

- name: backup sesman.ini
  copy:
    src: /etc/xrdp/sesman.ini
    dest: /etc/xrdp/sesman.ini.bak
    remote_src: true

- name: disable root login in sesman.ini
  lineinfile:
    path: /etc/xrdp/sesman.ini
    regexp: '^AllowRootLogin='
    line: 'AllowRootLogin=false'

- name: deploy custom xrdp.ini from template
  template:
    src: xrdp.ini.j2
    dest: /etc/xrdp/xrdp.ini
    mode: '0644'

- name: restart xrdp
  systemd:
    name: xrdp
    state: restarted
    enabled: true
  when: ansible_service_mgr == 'systemd'

- name: restart xrdp-sesman
  systemd:
    name: xrdp-sesman
    state: restarted
    enabled: true
  when: ansible_service_mgr == 'systemd'