algo/roles/client/tasks/main.yml

- name: Gather Facts
  setup:

- name: Include system based facts and tasks
  include: systems/main.yml

- name: Install prerequisites
  package: name="{{ item }}" state=present
  with_items:
    - "{{ prerequisites }}"

- name: Install strongSwan
  package: name=strongswan state=present

- name: Setup the ipsec config
  template:
    src: "roles/vpn/templates/client_ipsec.conf.j2"
    dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
    mode: '0644'
  with_items:
    - "{{ vpn_user }}"
  notify:
    - restart strongswan

- name: Setup the ipsec secrets
  template:
    src: "roles/vpn/templates/client_ipsec.secrets.j2"
    dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
    mode: '0600'
  with_items:
    - "{{ vpn_user }}"
  notify:
    - restart strongswan

- name: Include additional ipsec config
  lineinfile:
    dest: "{{ item.dest }}"
    line: "{{ item.line }}"
    create: yes
  with_items:
    - dest: "{{ configs_prefix }}/ipsec.conf"
      line: "include ipsec.*.conf"
    - dest: "{{ configs_prefix }}/ipsec.secrets"
      line: "include ipsec.*.secrets"
  notify:
    - restart strongswan

- name: Setup the certificates and keys
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ vpn_user }}.crt"
      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ IP_subject_alt_name }}_{{ vpn_user }}.crt"
    - src: "configs/{{ IP_subject_alt_name }}/pki/cacert.pem"
      dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
    - src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ vpn_user }}.key"
      dest: "{{ configs_prefix }}/ipsec.d/private/{{ IP_subject_alt_name }}_{{ vpn_user }}.key"
  notify:
    - restart strongswan