---
- name: Copy Package to host
  copy:
    src: files/{{ item }}
    dest: "/opt/ansiblepackages/{{ item }}"
    owner: root
    group: root
    mode: '0600'
    backup: yes
  with_items:
    - step-cli_0.15.16_amd64.deb
    - step-ca_0.15.15_amd64.deb

- name: install package
  apt:
    deb: "/opt/ansiblepackages/{{ item }}"
  with_items:
    - step-cli_0.15.16_amd64.deb
    - step-ca_0.15.15_amd64.deb

- name: create user for step-ca
  user:
    name: step
    state: present
    shell: /bin/false
    system: yes
    createhome: yes
    home: /etc/step-ca

- name: generate /etc/step-ca/password.txt
  template:
    src: password.txt.j2
    dest: /etc/step-ca/password.txt
    owner: step
    group: step
    mode: "0640"

- name: link .step to /etc/step-ca
  file:
    state: link
    src: /etc/step-ca
    dest: ~/.step

- name: init step-ca
  command: step ca init --name="{{ pki_name }}" --dns stats --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
  args:
    creates: /etc/step-ca/config

- name: create /etc/step-ca/db
  file:
    state: directory
    path: /etc/step-ca/db
    owner: step
    group: step
    mode: "0770"

- name: set permissions correct
  file:
    dest: /etc/step-ca
    owner: step
    group: step
    mode: "0770"
    recurse: yes

- name: correct paths
  replace:
    path: "{{ item }}"
    regexp: '\/root\/.step'
    replace: "\/etc\/step-ca"
  with_items:
  - /etc/step-ca/config/ca.json
  - /etc/step-ca/config/defaults.json

- name: list provisioners
  command: step ca provisioner list
  register: povisionerlist

- name: add acme provisioner
  command: step ca provisioner add acme --type ACME
  when: povisionerlist.stdout.find ("ACME") == -1
  notify:
    - restart step-ca

- name: remove jwk provisioner
  command: step ca provisioner remove "{{ pki_name }}" --type JWK
  when: povisionerlist.stdout.find ("ACME") == 1
  notify:
    - restart step-ca

- name: generate /etc/systemd/system/step-ca.service
  template:
    src: step-ca.service.j2
    dest: /etc/systemd/system/step-ca.service
    owner: root
    group: root
    mode: "0644"
  notify:
    - reload systemd

- name: enable step-ca
  systemd:
    name: step-ca
    enabled: yes
    masked: no