#SPDX-License-Identifier: MIT-0
---
# tasks file for role-ipa-server
- name: install freeipa-server
  ansible.builtin.package:
    name: freeipa-server
    state: present

- name: install ipa-server-dns
  ansible.builtin.package:
    name: ipa-server-dns
    state: present

#this should be moved to a dedicated firewall role down the road
- name: permit ipa-server traffic through firewall
  ansible.posix.firewalld:
    service: freeipa-4
    state: enabled
    permanent: true
    immediate: true
    offline: true

- name: deploy replication script
  ansible.builtin.copy:
    src: files/replicate.sh
    dest: /scripts/replicate.sh

#this should be moved to dedicated selinux role down the road
- name: Disable SELinux
  ansible.posix.selinux:
    state: disabled

# create letsencrypt setup script if certbot is enabled
- name: check if letsencrypt is set up
  ansible.builtin.command: '[ -d "/etc/letsencrypt/" ]'
  register: result
  ignore_errors: true

- name: check if ipaserver is ready
  ansible.builtin.command: '[ -d "/var/lib/ipa/certs/" ]'
  register: result2
  ignore_errors: true

- name: deploy letsencrypt setup script
  ansible.builtin.copy:
    src: files/setup-le.sh
    dest: /scripts/setup-le.sh
  when: (result is succeeded) and (result2 is succeeded)