---
- name: Include OS specific vars
  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_lsb.id | default('') | lower }}.yml"
        - "{{ ansible_os_family | lower }}.yml"
      paths:
        - "vars"
      errors: "ignore"

- name: Install required packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: present
  loop: "{{ cacerts_packages_extra + cacerts_packages }}"

- name: Ensure ca path exists '{{ __cacerts_ca_trust_source }}'
  ansible.builtin.file:
    path: "{{ __cacerts_ca_trust_source }}"
    state: directory
    mode: "0755"

- name: Install custom ca certs
  ansible.builtin.copy:
    src: "{{ item.path }}"
    dest: "{{ __cacerts_ca_trust_source }}/{{ item.name }}"
    owner: root
    group: root
    mode: "0640"
  register: __ca_add
  loop: "{{ cacerts_ca_certs }}"
  loop_control:
    label: "{{ item.name }}"

- name: Update cert index
  ansible.builtin.command: "{{ __cacerts_ca_update_command }}"
  changed_when: __ca_add.changed