---
- name: Install necessary packages
  ansible.builtin.dnf:
    name:
      - tlog
      - sssd

- name: Configure SSSD on the system for files domain
  community.general.ini_file:
    path: "/etc/sssd/sssd.conf"
    section: sssd
    option: enable_files_domain
    value: "true"
    mode: '0600'
  notify: restart_sssd

- name: Add session recording configuration
  ansible.builtin.template:
    src: "etc/sssd/conf.d/session-recording.conf"
    dest: "/etc/sssd/conf.d/session-recording.conf"
    owner: root
    group: root
    mode: '0600'
  notify: restart_sssd

- name: Enable the files domain through authselect
  ansible.builtin.command: >
        /usr/bin/authselect select custom/sssd-rocky
        without-nullok
        with-faillock
        with-mkhomedir
        with-sudo
        with-files-domain
        --force
  notify: restart_sssd
  changed_when: true

- name: Configure tlog itself
  ansible.builtin.template:
    src: "etc/tlog/tlog-rec-session.conf"
    dest: "/etc/tlog/tlog-rec-session.conf"
    owner: root
    group: root
    mode: '0644'
...