---
- block:
    - name: Install dependencies
      package:
        name: "{{ item }}"
        state: present
      loop: "{{ openvpn_client_packages_extra }}"

    - name: Install required packages
      package:
        name: "{{ item }}"
        state: present
      loop:
        - openvpn

    - name: Write client config
      template:
        src: etc/openvpn/client.conf.j2
        dest: "/etc/openvpn/{{ openvpn_name }}.conf"
        mode: 0600
      notify: __openvpn_restart

    - name: Copy cert files (if defined)
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        mode: "{{ item.mode }}"
        state: "{{ 'absent' if not item.src else 'present' }}"
      loop:
        - { src: "{{ openvpn_client_ca_source | default(False) }}", dest: "/etc/openvpn/certs/{{ openvpn_client_ca_file }}", mode: "0650" }
        - { src: "{{ openvpn_client_cert_source | default(False) }}", dest: "/etc/openvpn/certs/{{ openvpn_client_cert_file }}", mode: "0650" }
        - { src: "{{ openvpn_client_key_source | default(False) }}", dest: "/etc/openvpn/certs/{{ openvpn_client_key_file }}", mode: "0600" }
        - { src: "{{ openvpn_client_ta_source | default(False) }}", dest: "/etc/openvpn/certs/{{ openvpn_client_ta_file }}", mode: "0600" }
      loop_control:
        label: "{{ item.dest }}"
      notify: __nginx_reload
  become: True
  become_user: root