---
- include_tasks: ubuntu.yml
  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

- name: Ensure that the strongswan user exists
  user:
    name: strongswan
    group: nogroup
    shell: "{{ strongswan_shell }}"
    home: "{{ strongswan_home }}"
    state: present

- name: Install strongSwan
  package: name=strongswan state=present

- import_tasks: ipsec_configuration.yml
- import_tasks: openssl.yml
  tags: update-users
- import_tasks: distribute_keys.yml
- import_tasks: client_configs.yml
  delegate_to: localhost
  become: no
  tags: update-users

- name: strongSwan started
  service:
    name: strongswan
    state: started
    enabled: true

- meta: flush_handlers

- name: Delete the PKI directory
  file:
    path: "{{ ipsec_pki_path }}"
    state: absent
  become: false
  delegate_to: localhost
  when:
    - not algo_store_pki
    - not pki_in_tmpfs