---
# task/configure file for hashicorp_vault
- name: "Ensure default vault.hcl is removed"
  ansible.builtin.file:
    path: /etc/vault.d/vault.hcl
    state: absent

- name: "Copy vault.json template"
  ansible.builtin.template:
    src: vault.json.j2
    dest: "{{ hashi_vault_config_dir }}/vault.json"
    owner: "{{ hashi_vault_user }}"
    group: "{{ hashi_vault_group }}"
    mode: '0600'
  notify:
    - "systemctl-enable-vault"
    - "systemctl-restart-vault"

- name: "Create vault.env"
  ansible.builtin.template:
    src: vault.env.j2
    dest: "{{ hashi_vault_config_dir }}/vault.env"
    owner: "{{ hashi_vault_user }}"
    group: "{{ hashi_vault_group }}"
    mode: '0600'

- name: "Copy extra configuration files"
  when: hashi_vault_extra_files
  block:
    - name: "Create directory {{ hashi_vault_extra_files_dst }}"
      ansible.builtin.file:
        path: "{{ hashi_vault_extra_files_dst }}"
        state: directory
        owner: "{{ hashi_vault_user }}"
        group: "{{ hashi_vault_group }}"
        mode: '0755'

    - name: "Copy extra configuration files"
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ hashi_vault_extra_files_dst }}/{{ (item | basename).split('.')[:-1] | join('.')}}"
        owner: "{{ hashi_vault_user }}"
        group: "{{ hashi_vault_group }}"
        mode: '0600'
      with_fileglob:
        - "{{ hashi_vault_extra_files_src }}/*"