# vim: set ft=yaml.jinja :
- name: load secrets
  include_vars: vault/dkms

- name: ensure prerequisite packages are installed
  package:
    name:
    - dkms
    - dnf-command(copr)
    - mokutil
    - openssl
    state: present
  tags:
  - install

- name: ensure dkms module signing key is present
  command:
    openssl req
    -new
    -x509
    -newkey rsa:4096
    -keyout /etc/pki/tls/private/dkms.key
    -nodes
    -subj '/CN=DKMS Modules'
    -days 3650
    -outform DER
    -out /etc/pki/tls/certs/dkms.der
  args:
    creates: /etc/pki/tls/certs/dkms.der
  notify:
  - enroll uefi mok
  tags:
  - cert
  - dkms

- name: ensure dkms is configured to sign modules with the mok
  copy:
    src: sign.dkms.conf
    dest: /etc/dkms/framework.conf.d/10-sign.conf
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - config
  - dkms

- name: flush handlers
  meta: flush_handlers

- name: ensure gasket dkms copr is enabled
  command:
    dnf copr enable -y {{ gasket_dkms_copr }}
  args:
    creates: /etc/yum.repos.d/{{ gasket_dkms_copr_repo_filename }}
  tags:
  - copr
  - repo

- name: ensure gasket-dkms is installed
  package:
    name: gasket-dkms
    state: present
  tags:
  - install