- name: ensure strongswan is installed
  package:
    name=strongswan
    state=present
  tags:
  - install

- name: ensure strongswan ipsec.conf is configured
  template:
    src=ipsec.conf.j2
    dest=/etc/strongswan/ipsec.conf
    mode=0644
  notify: restart strongswan
- name: ensure strongswan conns directory exists
  file:
    path=/etc/strongswan/ipsec.d/conns
    mode=0755
    state=directory
- name: ensure strongswan ipsec.secrets is configured
  copy:
    src=ipsec.secrets
    dest=/etc/strongswan/ipsec.secrets
    mode=0600
  notify: restart strongswan
- name: ensure strongswan ipsec.secrets.d directory exists
  file:
    path=/etc/strongswan/ipsec.secrets.d
    mode=0700
    state=directory

- name: ensure strongswan starts at boot
  service:
    name=strongswan-starter
    enabled=yes