---
- name: 'Ensure config directory exists for "{{ service }}"'
  file:
    path: "{{ remote_service_path }}/config"
    state: directory
    owner: "{{ ansible_user }}"
  tags:
    - config

- name: 'Generate inventory file for "{{ service }}"'
  template:
    src: "{{ service_path }}/templates/inventory.ini.j2"
    dest: "{{ remote_service_path }}/config/inventory.ini"
  register: inventory_config
  tags:
    - config

- name: 'Generate users file for "{{ service }}"'
  template:
    src: "{{ service_path }}/templates/users.yml.j2"
    dest: "{{ remote_service_path }}/config/users.yaml"
  register: users_config
  tags:
    - config

- name: 'Generate vault password file for "{{ service }}"'
  when: api_server_vault_password is defined
  copy:
    dest: "{{ remote_service_path }}/config/vault-password"
    content: "{{ api_server_vault_password }}"
  register: vault_password
  tags:
    - config

- name: 'Ensure SSH config directory exists for "{{ service }}'
  file:
    path: "{{ remote_service_path }}/ssh"
    state: directory
    owner: "{{ ansible_user }}"
  tags:
    - config

- name: 'Generate SSH key pair for "{{ service }}"'
  community.crypto.openssh_keypair:
    path: "{{ remote_service_path }}/ssh/id_rsa"