---
- name: Deploy step_ca container with Podman
  containers.podman.podman_container:
    name: step_ca
    image: "{{ step_ca_image }}"
    state: started
    restart_policy: always
    volumes:
      - "{{ step_ca_data_dir }}:/data:z"
    env:
      CONFIG_PATH: "/data/config"

- name: Ensure systemd service is enabled for step_ca
  copy:
    dest: "/etc/systemd/system/podman-step_ca.service"
    content: |
      [Unit]
      Description=Podman container for step_ca
      Wants=network.target
      After=network.target

      [Service]
      ExecStart=/usr/bin/podman start -a step_ca
      ExecStop=/usr/bin/podman stop -t 10 step_ca
      Restart=always

      [Install]
      WantedBy=multi-user.target
    owner: root
    group: root
    mode: "0644"

- name: Reload systemd and enable service for step_ca
  systemd:
    daemon_reload: yes
    name: podman-step_ca.service
    enabled: yes
    state: started