---
- name: Install the Easy RSA suite on EL
  block:
  - name: Install the easyRSA package
    yum: pkg={{ easy_rsa_package }} state=present

  when:
    - easy_rsa_install | bool
    - ansible_distribution_file_variety == "RedHat"
  tags: [ 'easyrsa', 'easy_rsa', 'ca' ]

- name: Install the Easy RSA suite on Deb
  block:
  - name: Create the easy rsa base directory
    file: dest={{ easy_rsa_base_dir_path }} state=directory owner=root group=root

  - name: Download the easy-rsa distribution from github
    unarchive: remote_src=yes src={{ easy_rsa_github_distribution }} dest={{ easy_rsa_github_install_dir }} owner=root group=root

  - name: Link to the downloaded distribution
    file: src={{ easy_rsa_github_install_dir }}/{{ easy_rsa_github_name }} dest={{ easy_rsa_base_dir }} state=link

  when:
    - easy_rsa_install | bool
    - ansible_distribution_file_variety == "Debian"
  tags: [ 'easyrsa', 'easy_rsa', 'ca' ]

- name: Configure the pki directory and install the helper scripts
  block:
  - name: Create the PKI directory
    file: dest={{ easy_rsa_pki_basedir }} state=directory owner=root group=root mode=0750

  - name: Link the executable
    file: src={{ easy_rsa_executable }} dest={{ easy_rsa_pki_basedir }}/easyrsa state=link

  - name: Link the x509 directory
    file: src={{ easy_rsa_base_dir }}/x509-types dest={{ easy_rsa_pki_basedir }}/x509-types state=link

  - name: Install the vars file
    template: src=vars.j2 dest={{ easy_rsa_pki_basedir }}/vars owner=root group=root mode=0640

  - name: Install the helper scripts
    template: src={{ item }}.sh.j2 dest=/usr/local/bin/{{ item }} owner=root group=root mode=0544
    with_items: '{{ easy_rsa_helper_scripts }}'
    tags: [ 'easyrsa', 'easy_rsa', 'ca', 'easy_rsa_helper_scripts' ]

  - name: Check if the CA has been initialized yet
    stat: path={{ easy_rsa_pki_basedir }}/pki/private/ca.key
    register: easy_rsa_ca_key_file

  - name: Display the easyrsa initialization commands if the CA has not been
    debug:
      msg: "Run the '{{ easy_rsa_pki_basedir }}/easyrsa init-pki' and '{{ easy_rsa_pki_basedir }}/easyrsa build-ca' commands"
    when: not easy_rsa_ca_key_file.stat.exists

  when: easy_rsa_install | bool
  tags: [ 'easyrsa', 'easy_rsa', 'ca' ]