---

- name: Install systemd unit
  template: src=vault-agent.service.j2 dest=/etc/systemd/system/vault-agent.service
  register: vault_agent_unit
  notify: restart vault-agent
  tags: vault,consul,nomad

- name: Install Nomad templates
  template: src=nomad/{{ item }}.j2 dest={{ vault_agent_root_dir }}/templates/nomad/{{ item }}
  loop:
    - vault.env.tpl
    - agent_bundle.pem.tpl
    - cli_bundle.pem.tpl
    - consul_bundle.pem.tpl
    - consul.env.tpl
  notify: restart vault-agent
  tags: vault,consul,nomad

- name: Install Consul templates
  template: src=consul/{{ item }}.j2 dest={{ vault_agent_root_dir }}/templates/consul/{{ item }}
  loop:
    - agent_bundle.pem.tpl
  notify: restart vault-agent
  tags: vault,consul,nomad

- name: Create tmpfile fragment
  copy:
    content: |
      d /run/vault_agent 770 root root
    dest: /etc/tmpfiles.d/vault-agent.conf
  register: vault_tmpfiles
  tags: vault,consul,nomad

- name: Create tmpfiles
  command: systemd-tmpfiles --create
  when: vault_tmpfiles.changed
  tags: vault,consul,nomad

- name: Reload systemd
  systemd: daemon_reload=True
  when: vault_agent_unit.changed
  tags: vault,consul,nomad

- name: Install Nomad API access updater
  template: src=nomad/update_nomad_cert.sh.j2 dest={{ vault_agent_root_dir }}/bin/update_nomad_cert.sh mode=755
  tags: vault,consul,nomad