---

- name: create hostkey group
  group:
    name: hostkey
    system: true

- name: copy ca certificate
  copy:
    src: "/srv/ca/certs/ca.crt"
    dest: "{{ tls_certs }}/ca.crt"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: get ca certificate hash
  command: "openssl x509 -in /srv/ca/certs/ca.crt -noout -hash"
  delegate_to: localhost
  register: result
- name: store ca certificate hash
  set_fact:
    pki_cacert_hash: "{{ result.stdout }}"

- name: copy host certificate
  copy:
    src: "/srv/ca/certs/{{ inventory_hostname }}.crt"
    dest: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"

- name: copy host key
  copy:
    src: "/srv/ca/private/{{ inventory_hostname }}.key"
    dest: "{{ tls_private }}/{{ inventory_hostname }}.key"
    mode: 0640
    owner: root
    group: hostkey