---

- name: Check if password file exists
  stat: path={{ pass_file }}
  register: pass_file_exists
  tags: always

#- name: Check if a vault password file exists
#  stat: path={{ pass_file }}.vault
#  register: pass_file_vault_exists
#  tags: always
#
## Generate a pass and store it encrypted
#- when: not pass_file_exists.stat.exists and not pass_file_vault_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
#  block:
#    - package: name=pwgen
#    - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
#      register: rand_pass
#      # Now write this new pass
#    - copy: content={{ rand_pass.stdout | trim | vault(vault_encryption_key) }} dest={{ pass_file }}.vault mode=600
#  tags: always

# When no pass exist, create one
- when: not pass_file_exists.stat.exists # and (not encryption or vault_encryption_key is not defined)
  block:
    - package: name=pwgen
    - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
      register: rand_pass
      # Now write this new pass
    - copy: content={{ rand_pass.stdout | trim }} dest={{ pass_file }} mode=600
  tags: always

# Read the encrypted pass
#- when: not pass_file_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
#  block:
#    - name: Read the password
#      slurp: src={{ pass_file }}.vault
#      register: rand_pass
#    - set_fact: rand_pass={{ rand_pass.content | b64decode | trim | unvault(vault_encryption_key) }}
#  tags: always

# Read unencrypted pass file (compat)
- block:
    - name: Read the password
      slurp: src={{ pass_file }}
      register: rand_pass
    - set_fact: rand_pass={{ rand_pass.content | b64decode | trim }}
  tags: always