---
- name: install package
  ansible.builtin.package:
    name:
      - strongswan
  tags: strongswan

- name: copy configuration
  ansible.builtin.template:
    src: ipsec.conf.j2
    dest: /etc/ipsec.conf
    owner: root
    group: root
    mode: 0644
  notify: restart strongswan
  tags: strongswan

- name: copy secret configuration
  ansible.builtin.template:
    src: ipsec.secrets.j2
    dest: /etc/ipsec.secrets
    owner: root
    group: root
    mode: 0600
  notify: restart strongswan
  tags: strongswan

- name: enable and start service
  ansible.builtin.service:
    name: ipsec
    enabled: true
    state: started
  tags: strongswan