---
- name: Include OS-specific variables
  ansible.builtin.include_vars: '{{ item }}'
  with_first_found:
    - files:
        - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
        - '{{ ansible_os_family }}.yml'
- name: Add hashicorp repo
  ansible.builtin.get_url:
    url: 'https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo'
    dest: '/etc/yum.repos.d/hashicorp.repo'
    owner: root
    group: root
    mode: "0644"
  when: ansible_os_family == "RedHat"

- name: Add Vault/Hashicorp apt key
  ansible.builtin.apt_key:
    url: '{{ vault_debian_repository_key_url }}'
    state: present
  become: true
  when: ansible_pkg_mgr == 'apt'

- name: Add Vault/Hashicorp apt repo
  ansible.builtin.apt_repository:
    repo: 'deb {{ vault_debian_repository_url }} {{ ansible_distribution_release }} main'
    state: present
  become: true
  when: ansible_pkg_mgr == 'apt'

- name: Install package
  ansible.builtin.package:
    name: '{{ vault_os_package }}'
    state: present
  when: not ansible_architecture == 'aarch64' or not ansible_os_family == 'Archlinux'

- name: Create /opt/vault folder
  ansible.builtin.file:
    state: directory
    path: /opt/vault/raft
    owner: vault
    mode: "0755"

- name: Apply config template
  block:
    - name: Server template
      ansible.builtin.template:
        src: config.hcl.j2
        dest: '{{ vault_config_path }}'
        owner: vault
        group: vault
        mode: "0400"
      register: vault_config_change
    - name: Restart service if change
      ansible.builtin.service:
        name: '{{ vault_os_service }}'
        state: restarted
      when: vault_config_change.changed == true

- name: Ensure service is started
  ansible.builtin.systemd:
    name: '{{ vault_os_service }}'
    state: started
    enabled: true

- name: configure backup
  block:
    - name: copy backup script
      copy:
        dest: "/opt/vault/vault-backup.sh"
        mode: 0744
        owner: vault
        src: vault-backup.sh
    - name: vault snaphot cron.d
      cron:
        name: vault backup
        user: vault
        state: present
        job: "/opt/vault/vault-backup.sh {{ vault_backup_location }} {{vault_roleID}} {{vault_secretID}}"
        hour: "{{vault_cron_hour}}"
  when: vault_snapshot
- name: Import Init
  ansible.builtin.import_tasks: init.yml
- name: Import UnSeal
  ansible.builtin.import_tasks: unseal.yml