---
- block:
    - name: Install dependencies
      package:
        name: "{{ item }}"
        state: present
      loop: "{{ openvpn_client_packages_extra }}"

    - name: Install required packages
      package:
        name: "{{ item }}"
        state: present
      loop:
        - openvpn

    - name: Write client config
      template:
        src: etc/openvpn/client.conf.j2
        dest: "/etc/openvpn/{{ openvpn_client_name }}.conf"
        mode: 0600
      notify: __openvpn_restart

    - name: Create certs folder
      file:
        path: /etc/openvpn/certs
        state: directory
        mode: 0750

    - name: Copy cert files (if defined)
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        mode: "{{ item.mode }}"
      loop:
        - src: "{{ openvpn_client_ca_source | default('') }}"
          dest: "/etc/openvpn/certs/{{ openvpn_client_ca_file }}"
          mode: "0640"
        - src: "{{ openvpn_client_cert_source | default('') }}"
          dest: "/etc/openvpn/certs/{{ openvpn_client_cert_file }}"
          mode: "0640"
        - src: "{{ openvpn_client_key_source | default('') }}"
          dest: "/etc/openvpn/certs/{{ openvpn_client_key_file }}"
          mode: "0600"
        - src: "{{ openvpn_client_ta_source | default('') }}"
          dest: "/etc/openvpn/certs/{{ openvpn_client_ta_file }}"
          mode: "0600"
      loop_control:
        label: "{{ item.dest }}"
      when: item.src | length > 0
      notify: __openvpn_restart

    - name: Ensure openvpn service is up and running
      service:
        name: "{{ __openvpn_service_prefix }}@{{ openvpn_client_name }}"
        state: "{{ openvpn_service_state }}"
        enabled: yes
  become: True
  become_user: root