---

- name: Manage Public Key Infrastructure
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debian10' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  vars:
    pki_internal: True
    pki_acme: False

  pre_tasks:

    - name: Prepare pki environment
      import_role:
        name: 'pki'
        tasks_from: 'main_env'
      tags: [ 'role::pki', 'role::pki:secret', 'role::secret' ]

  roles:

    - role: secret
      tags: [ 'role::secret', 'role::pki', 'role::pki:secret' ]
      secret_directories:
        - '{{ pki_env_secret_directories }}'

    - role: cron
      tags: [ 'role::cron', 'skip::cron' ]

    - role: pki
      tags: [ 'role::pki', 'skip::pki' ]