- name: Gather Facts
  setup:

- name: Enable IPv6
  set_fact:
    ipv6_support: true
  when: ansible_default_ipv6.gateway is defined

- name: Generate password for the CA key
  shell: >
    openssl rand -hex 6
  register: CA_password

- set_fact:
    easyrsa_p12_export_password: "{{ p12_export_password|default((ansible_date_time.iso8601_basic|sha1|to_uuid).split('-')[0]) }}"
    easyrsa_CA_password: "{{ CA_password.stdout }}"
    IP_subject_alt_name: "{{ IP_subject_alt_name }}"

- name: Change the algorithm to RSA
  set_fact:
    algo_params: "rsa:2048"
  when: Win10_Enabled is defined and Win10_Enabled == "Y"

- name: Ensure that the strongswan group exist
  group: name=strongswan state=present

- name: Ensure that the strongswan user exist
  user: name=strongswan group=strongswan state=present

- include: ubuntu.yml
  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

- include: freebsd.yml
  when: ansible_distribution == 'FreeBSD'

- name: Install StrongSwan
  package: name=strongswan state=present

- include: ipec_configuration.yml
- include: openssl.yml
- include: distribute_keys.yml
- include: client_configs.yml

- meta: flush_handlers

- name: StrongSwan started
  service: name=strongswan state=started