---

- name: Register p12 PayloadContent
  shell: cat private/{{ item }}.p12 | base64
  register:  PayloadContent
  args:
    chdir: "configs/{{ IP_subject_alt_name }}/pki/"
  with_items: "{{ users }}"

- name: Set facts for mobileconfigs
  set_fact:
    PayloadContentCA: "{{ lookup('file' , 'configs/{{ IP_subject_alt_name }}/pki/cacert.pem')|b64encode }}"

- name: Build the mobileconfigs
  template:
    src: mobileconfig.j2
    dest: configs/{{ IP_subject_alt_name }}/{{ item.0 }}.mobileconfig
    mode: 0600
  with_together:
    - "{{ users }}"
    - "{{ PayloadContent.results }}"
  no_log: True

- name: Build the client ipsec config file
  template:
    src: client_ipsec.conf.j2
    dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.conf
    mode: 0600
  with_items:
    - "{{ users }}"

- name: Build the client ipsec secret file
  template:
    src: client_ipsec.secrets.j2
    dest: configs/{{ IP_subject_alt_name }}/ipsec_{{ item }}.secrets
    mode: 0600
  with_items:
    - "{{ users }}"

- name: Build the windows client powershell script
  template:
    src: client_windows.ps1.j2
    dest: configs/{{ IP_subject_alt_name }}/windows_{{ item.0 }}.ps1
    mode: 0600
  when: algo_windows
  with_together:
    - "{{ users }}"
    - "{{ PayloadContent.results }}"

- name: Restrict permissions for the local private directories
  file:
    path: "{{ item }}"
    state: directory
    mode: 0700
  with_items:
    - configs/{{ IP_subject_alt_name }}