---
# tasks/main.yml - Identity Role Orchestration

- name: Install and configure Keycloak
  include_tasks: install_keycloak.yml

- name: Configure Keycloak realm, groups, and users
  include_tasks: configure_realm.yml

- name: Integrate SSO with registered services (Nextcloud, Mailcow, etc.)
  include_tasks: integrate_sso.yml

- name: Apply MFA enforcement policies
  include_tasks: setup_mfa.yml

- name: Provision Step-CA container and config
  include_tasks: provision_step_ca.yml

- name: Enroll default internal clients into Step-CA
  include_tasks: enroll_clients.yml

- name: Generate initial CA root and intermediate certificates
  include_tasks: generate_ca_certs.yml