# tasks/provision_step_ca.yml
---
- name: Create Step-CA data directory
  file:
    path: "{{ stepca_data_dir }}"
    state: directory
    owner: "{{ svc_stepca }}"
    group: "{{ svc_stepca }}"
    mode: '0755'

- name: Deploy Step-CA container with Podman
  containers.podman.podman_container:
    name: step-ca
    image: smallstep/step-ca:latest
    state: started
    restart_policy: always
    ports:
      - "{{ stepca_port }}:9000"
    volumes:
      - "{{ stepca_data_dir }}:/home/step"
    env:
      STEPCA_PASSWORD: "{{ stepca_password }}"
      STEPCA_ADMIN_EMAIL: "{{ global_admin_email }}"
      STEPCA_DNS_NAMES: "{{ domain_name }}"