---
- name: Ensure Step-CA data directory exists
  file:
    path: "{{ stepca_data_dir }}"
    state: directory
    owner: "{{ svc_stepca }}"
    group: "{{ svc_stepca }}"
    mode: "0750"

- name: Template Step-CA podman-compose.yml
  template:
    src: step_ca/podman-compose.yml.j2
    dest: "{{ stepca_data_dir }}/podman-compose.yml"
    owner: "{{ svc_stepca }}"
    group: "{{ svc_stepca }}"
    mode: "0644"

- name: Template Step-CA systemd unit file
  template:
    src: step_ca/step-ca.service.j2
    dest: "/etc/systemd/system/step-ca.service"
    mode: "0644"

- name: Template Step-CA environment file
  template:
    src: step_ca/.env.j2
    dest: "{{ stepca_data_dir }}/.env"
    owner: "{{ svc_stepca }}"
    group: "{{ svc_stepca }}"
    mode: "0600"

- name: Reload systemd and enable Step-CA
  systemd:
    name: step-ca
    enabled: true
    daemon_reload: true
    state: restarted

- name: Log deployment for Step-CA
  debug:
    msg: "Step-CA deployment complete"
  notify:
    - Document Step-CA Deployment
    - Archive Step-CA Logs