---
- name: create TLS certificate and key
  import_tasks: tls.yml

- name: generate openvpn config
  template:
    src: conf.j2
    dest: "/etc/openvpn/server/{{ openvpn_zone.name }}.conf"
  notify: restart openvpn-server

- name: create client-config directory
  file:
    path: "/etc/openvpn/server/{{ openvpn_zone.name }}-ccd"
    state: directory

- name: generate client-config snippets
  loop: "{{ openvpn_zone.offsets | list | difference([inventory_hostname]) }}"
  loop_control:
    loop_var: client
  template:
    src: client.j2
    dest: "/etc/openvpn/server/{{ openvpn_zone.name }}-ccd/{{ client }}"

- name: make sure openvpn-server systemd unit is enabled and started
  systemd:
    name: "openvpn-server@{{ openvpn_zone.name }}"
    state: started
    enabled: yes