---
- name: Install File Server role
  ansible.windows.win_feature:
    name: FS-FileServer
    state: present
    include_management_tools: true
  register: fs_role

- name: Reboot if File Server role install requires it
  ansible.windows.win_reboot:
  when: fs_role.reboot_required

- name: Create share directories
  ansible.windows.win_file:
    path: "{{ item.path }}"
    state: directory
  loop: "{{ smb_shares }}"

- name: Create SMB shares
  ansible.windows.win_share:
    name: "{{ item.name }}"
    path: "{{ item.path }}"
    description: "{{ item.description | default('') }}"
    full: "{{ item.full_access | default([]) | join(',') or omit }}"
    change: "{{ item.change_access | default([]) | join(',') or omit }}"
    state: present
  loop: "{{ smb_shares }}"

- name: Disable SMB1 protocol
  ansible.windows.win_powershell:
    script: |
      Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force

- name: Open SMB firewall port
  community.windows.win_firewall_rule:
    name: "File and Printer Sharing (SMB-In)"
    localport: 445
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: true