---
- name: Create service folders
  win_file:
    path: '{{ item }}'
    state: 'directory'
  with_items:
    - '{{ beacon_node_service_path }}'
    - '{{ beacon_node_config_path }}'
    - '{{ beacon_node_service_logs_path }}'
    - '{{ beacon_node_data_path }}'

- name: Fix service folder permissions
  win_owner:
    path: '{{ beacon_node_data_path }}'
    user: '{{ beacon_node_service_user_name }}'

# Remove all inherited access ACL and grant full access rights to user.
# https://github.com/status-im/nimbus-eth2/blob/unstable/scripts/makedir.sh
- name: Fix data folder permissions
  become: true
  become_user: '{{ beacon_node_service_user_name }}'
  vars:
    ansible_become_user: '{{ beacon_node_service_user_name }}'
    ansible_become_pass: '{{ beacon_node_service_user_pass }}'
  win_shell: |
    icacls '{{ beacon_node_data_path }}' /inheritance:r /grant:r '{{ inventory_hostname_short }}\{{ beacon_node_service_user_name }}:(OI)(CI)(F)'

- name: Create data folders
  become: true
  become_user: '{{ beacon_node_service_user_name }}'
  vars:
    ansible_become_user: '{{ beacon_node_service_user_name }}'
    ansible_become_pass: '{{ beacon_node_service_user_pass }}'
  win_file:
    path: '{{ item }}'
    state: 'directory'
  with_items:
    - '{{ beacon_node_era_dir_path }}'
    - '{{ beacon_node_secrets_path }}'
    - '{{ beacon_node_validators_path }}'
    - '{{ beacon_node_service_bin_path }}'

- name: Create JWT secret file (optional)
  when: beacon_node_exec_layer_jwt_secret is defined
  copy:
    dest:    '{{ beacon_node_exec_layer_jwt_secret_path }}'
    content: '{{ beacon_node_exec_layer_jwt_secret }}'

- name: Fix JWT secret file permissions
  when: beacon_node_exec_layer_jwt_secret is defined
  win_owner:
    path: '{{ beacon_node_exec_layer_jwt_secret_path }}'
    user: '{{ beacon_node_service_user_name }}'

- name: Create node config
  win_template:
    src:  'config.toml.j2'
    dest: '{{ beacon_node_config_file_path }}'
  register: beacon_node_config_file