---
- name: Copy the keys to the strongswan directory
  copy:
    src: "{{ ipsec_pki_path }}/{{ item.src }}"
    dest: "{{ config_prefix|default('/') }}etc/ipsec.d/{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  with_items:
    - src: cacert.pem
      dest: cacerts/ca.crt
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
    - src: certs/{{ IP_subject_alt_name }}.crt
      dest: certs/{{ IP_subject_alt_name }}.crt
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
    - src: private/{{ IP_subject_alt_name }}.key
      dest: private/{{ IP_subject_alt_name }}.key
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
  notify:
    - restart strongswan