Kapisi/roles/Aether/tasks/main.yml

---

 - name: Install the package
   become: true
   ignore_errors: true
   package:
     name: Aether
     state: present

 - name: Validate the user
   vars:
     service_account: aether
   include_tasks: ../roles/common/service_account.yml

 - name: Ensure the Aether identity is protected.
   become: true
   file:
     path: "{{ item }}"
     state: directory
     owner: aether
     group: aether
     mode: 0700
   loop:
     - /home/aether/.ssh
     - /usr/local/etc/Aether
     - /usr/local/etc/Aether/backup-entries
     - /usr/local/backup

 - name: Ensure the Aether identity exists
   delegate_to: Core # Core will track the identity that will then be shared to everyone else.
   become: true
   command:
     creates: /home/aether/.ssh/aether
     chdir: /home/aether/.ssh/
     cmd: ssh-keygen -t ed25519 -N "" -f ./aether

 - name: Read the Aether identity
   become: true
   delegate_to: Core
   command: cat /home/aether/.ssh/aether
   register: aether_key

 - name: Read the Aether public identity
   become: true
   delegate_to: Core
   command: cat /home/aether/.ssh/aether.pub
   register: aether_pubkey

 - include_tasks: source.yml
   when: "{{ inventory_hostname }} is 'Core'"

 - include_tasks: client.yml
   when: "{{ inventory_hostname }} is 'Core'"

 - name: Ensure the Aether identity files are protected.
   become: true
   file:
     path: "{{ item }}"
     owner: aether
     group: aether
     mode: 0600
   loop:
     - /home/aether/.ssh/aether
     - /home/aether/.ssh/aether.pub