---

- name: Ensure di-legacy-secure is present
  apt:
    name: "{{ item }}"
    state: latest
    update_cache: yes
    cache_valid_time: 3600
  with_items:
    - "di-legacy-secure"

- name: Restrict /etc/di directory
  file:
    path: "/etc/di"
    owner: "root"
    group: "di-config"
    mode: "0750"
    state: directory

- name: Template di-legacy-secure config
  template:
    src: "legacy-secure.conf.j2"
    dest: "{{ di_legacy_secure_config_file }}"
    owner: "di"
    group: "di-config"
    mode: "0640"
  notify:
    - restart di-legacy-secure

- name: Template di-legacy-secure-db config
  template:
    src: "legacy-secure-db.conf.j2"
    dest: "{{ di_legacy_secure_db_config_file }}"
    owner: "di"
    group: "di-config"
    mode: "0640"
  notify:
    - restart di-legacy-secure