[
	{
		"name": "show vars",
		"when": "switch_show_vars",
		"ansible.builtin.debug": {
			"var": "vars.cfg_authelia"
		}
	},
	{
		"name": "packages",
		"block": [
			{
				"name": "prerequisites",
				"become": true,
				"ansible.builtin.apt": {
					"update_cache": true,
					"pkg": [
						"apt-transport-https",
						"ca-certificates",
						"gpg"
					]
				}
			},
			{
				"name": "keys",
				"become": true,
				"ansible.builtin.get_url": {
					"url": "https://www.authelia.com/keys/authelia-security.gpg",
					"dest": "/usr/share/keyrings/authelia-security.gpg"
				}
			},
			{
				"name": "repository",
				"become": true,
				"ansible.builtin.shell": {
					"cmd": "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/authelia-security.gpg] https://apt.authelia.com stable main\" > /etc/apt/sources.list.d/authelia.list",
					"creates": "/etc/apt/sources.list.d/authelia.list"
				}

			},
			{
				"name": "installation",
				"become": true,
				"ansible.builtin.apt": {
					"update_cache": true,
					"pkg": [
						"openssl",
						"python3-cryptography",
						"python3-yaml",
						"authelia"
					]
				}
			}
		]
	},
	{
		"name": "generate private key for signing OIDC JWTs",
		"become": true,
		"community.crypto.openssl_privatekey": {
			"type": "RSA",
			"size": 4096,
			"path": "/etc/ssl/private/authelia-key.pem",
			"return_content": true
		},
		"register": "temp_tls_result"
	},
	{
		"name": "configuration",
		"block": [
			{
				"name": "compose script",
				"become": true,
				"ansible.builtin.copy": {
					"src": "conf-compose.py",
					"dest": "/usr/bin/authelia-conf-compose",
					"mode": "0700"
				}
			},
			{
				"name": "directories",
				"become": true,
				"loop": [
					"/etc/authelia/conf.d",
					"/etc/authelia/conf.d/clients"
				],
				"ansible.builtin.file": {
					"state": "directory",
					"path": "{{item}}"
				}
			},
			{
				"name": "main",
				"become": true,
				"ansible.builtin.template": {
					"src": "conf-main.json.j2",
					"dest": "/etc/authelia/conf.d/main.json"
				}
			},
			{
				"name": "compose",
				"become": true,
				"ansible.builtin.command": {
					"cmd": "/usr/bin/authelia-conf-compose --main-file-path=/etc/authelia/conf.d/main.json --clients-directory-path=/etc/authelia/conf.d/clients --output-format=yaml --output-path=/etc/authelia/configuration.yml"
				}
			}
		]
	},
	{
		"name": "setup log directory",
		"become": true,
		"ansible.builtin.file": {
			"state": "directory",
			"path": "{{cfg_authelia.log_file_path | dirname}}"
		}
	},
	{
		"name": "users",
		"block": [
			{
				"name": "directory",
				"become": true,
				"ansible.builtin.file": {
					"state": "directory",
					"path": "{{cfg_authelia.users_file_path | dirname}}"
				}
			},
			{
				"name": "initial file",
				"become": true,
				"ansible.builtin.template": {
					"src": "users.yml.j2",
					"dest": "{{cfg_authelia.users_file_path}}",
					"force": false
				}
			},
			{
				"name": "management script",
				"become": true,
				"ansible.builtin.copy": {
					"src": "user-manage.py",
					"dest": "/usr/bin/authelia-user-manage",
					"mode": "0700"
				}
			}
		]
	},
	{
		"name": "apply",
		"become": true,
		"ansible.builtin.systemd_service": {
			"state": "restarted",
			"enabled": true,
			"name": "authelia"
		}
	}
]