- name: ca installation
  include_tasks: install.yml
  when: function == 'install'


- name: install roots
  include_tasks: add_root.yml
  loop: "{{ ca_default_items if (ca_roots is not defined) or (ca_roots == None) or ((ca_roots | length) == 0) else ca_roots }}"
  when: function == 'roots'


- block:
    - name: wait until ca becomes available
      wait_for_connection:
        timeout: 10
      delegate_to: "{{ services.ca.hostname }}"


    - name: check if acme can be used
      include_tasks: check_acme.yml


    - name: process roots if no acme will be used
      include_tasks: add_root.yml
      loop: "{{ ca_default_items if (ca_roots is not defined) or (ca_roots == None) or ((ca_roots | length) == 0) else ca_roots }}"
      when: not has_acme


    - name: ensure cryptography toolkit is installed
      include_tasks: tasks/install_packages.yml
      vars:
        package:
          - alpine: py3-cryptography
            debian: python3-cryptography


    - name: process certificates
      include_tasks: add_cert.yml
      loop: "{{ ca_default_items if (ca_certs is not defined) or (ca_certs == None) or ((ca_certs | length) == 0) else ca_certs }}"

  when: function == 'certs'


- name: generate dhparams
  include_tasks: gen_dhparam.yml
  when: (function == 'dhparam' or function == 'dhparams')


- name: check acme availability
  include_tasks: check_acme.yml
  when: function == 'check_acme'