ansible-roles/roles/openxpki/tasks/main.yml

---

- include_tasks: user.yml
  tags: always

- include_tasks: directories.yml
  tags: always

- include_tasks: facts.yml
  tags: always

- include_tasks: archive_pre.yml
  when: pki_install_mode | default('none') == 'upgrade'
  tags: always

- include_tasks: install.yml
  tags: always

- include_tasks: conf.yml
  tags: always

- include_tasks: selinux.yml
  when: ansible_selinux.status == 'enabled'
  tags: always

- include_tasks: pki.yml
  tags: always

- include_tasks: service.yml
  tags: always

- include_tasks: write_version.yml
  tags: always

- include_tasks: archive_post.yml
  when: pki_install_mode | default('none') == 'upgrade'
  tags: always

- include_tasks: cleanup.yml
  tags: always

#### TODO #####
# * Cron to renew at least issuing CA (and maybe Root CA later)
# * Add/Modify workflow to allow passwordless certs to be stored
# * Profile for OCSP signing
# * OCSP responder