- name: ensure nextcloud db cert fetch script is installed
  copy:
    src: fetch-cert.py
    dest: /usr/local/libexec/nextcloud-fetch-cert.py
    owner: root
    group: root
    mode: u=rwx,go=rx
  notify:
  - restart nextcloud-fetch-cert.timer
  tags:
  - copy-script

- name: ensure nextcloud db cert fetch token credential exists
  copy:
    dest: /etc/credstore/nextcloud.fetchcert.token
    content: |+
      {{ nextcloud_fetchcert_token }}
    owner: root
    group: root
    mode: u=rw,go=
  diff: false
  tags:
  - credentials

- name: ensure kubernetes ca certificate is installed
  copy:
    src: kube-root-ca.crt
    dest: /etc/pki/ca-trust/kube-root-ca.crt
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - cacert

- name: ensure nextcloud cert fetch timer unit is installed
  template:
    src: nextcloud-fetch-cert.timer.j2
    dest: /etc/systemd/system/nextcloud-fetch-cert.timer
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - reload systemd
  - restart nextcloud-fetch-cert.timer
  tags:
  - systemd
- name: ensure nextcloud cert fetch service unit is installed
  copy:
    src: nextcloud-fetch-cert.service
    dest: /etc/systemd/system/nextcloud-fetch-cert.service
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - reload systemd
  - restart nextcloud-fetch-cert.timer
  tags:
  - systemd

- name: ensure nextcloud cert fetch timer is enabled
  systemd:
    name: nextcloud-fetch-cert.timer
    enabled: true
  tags:
  - service
- name: ensure nextcloud cert fetch timer is started
  systemd:
    name: nextcloud-fetch-cert.timer
    state: started
  tags:
  - service