---
- name: make sure sync client config directory exists
  file:
    path: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync"
    state: directory

- name: generate ssh config for whawty-auth store sync client
  copy:
    content: |
      Host whawty-auth-server
      Hostname {{ whawty_auth_store.sync.hostname }}
      {% if 'port' in whawty_auth_store.sync %}
      Port {{ whawty_auth_store.sync.port }}
      {% endif %}
      User {{ whawty_auth_store.sync.user }}
      IdentityFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519
      IdentitiesOnly yes
      UserKnownHostsFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts
    dest: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/ssh_config"

- name: generate ssh keypair for sync client
  openssh_keypair:
    path: /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519
    type: ed25519
    comment: "whawty-auth-sync-{{ whawty_auth_store.name }}@{{ inventory_hostname }}"

- name: generate known_hosts file
  shell: "ssh-keyscan{% if 'port' in whawty_auth_store.sync %} -p {{ whawty_auth_store.sync.port }}{% endif %} {{ whawty_auth_store.sync.hostname }} > /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts"
  args:
    creates: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts"

- name: install systemd units for whawty-auth store sync client
  loop:
  - service
  - timer
  template:
    src: "systemd.{{ item }}.j2"
    dest: "/etc/systemd/system/whawty-auth-store-sync-{{ whawty_auth_store.name }}.{{ item }}"

- name: make sure whawty-auth store sync client timer is enabled and started
  systemd:
    daemon_reload: yes
    name: "whawty-auth-store-sync-{{ whawty_auth_store.name }}.timer"
    state: started
    enabled: yes