---

- name: Copy the keys to the strongswan directory
  copy:
    src: "{{ ipsec_pki_path }}/{{ item.src }}"
    dest: "{{ config_prefix|default('/') }}etc/ipsec.d/{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  with_items:
    - src: "cacert.pem"
      dest: "cacerts/ca.crt"
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
    - src: "certs/{{ IP_subject_alt_name }}.crt"
      dest: "certs/{{ IP_subject_alt_name }}.crt"
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
    - src: "private/{{ IP_subject_alt_name }}.key"
      dest: "private/{{ IP_subject_alt_name }}.key"
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
  notify:
    - restart strongswan