---

- name: Ensure di-secure-server is present
  apt:
    name: "{{ item }}"
    state: latest
    update_cache: yes
    cache_valid_time: 3600
  with_items:
    - "di-secure-server"

- name: Restrict /etc/di directory
  file:
    path: "/etc/di"
    owner: "root"
    group: "di-config"
    mode: "0750"
    state: directory

- name: Template di-secure-server config
  template:
    src: "secure-server.conf.j2"
    dest: "{{ di_secure_server_config_file }}"
    owner: "di"
    group: "di-config"
    mode: "0640"
  notify:
    - restart di-secure-server

- name: enable di-secure-server
  service:
    name: "di-secure-server"
    enabled: yes