#SPDX-License-Identifier: MIT-0
---
# tasks file for bootstrap
- name: Provide requisite SSL signed certificate for FQDN
  ansible.builtin.copy:
    backup: true
    checksum: string
    dest: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.crt"
    force: true
    group: root
    owner: root
    src: "ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.crt"
    # validate: string
- name: Provide requisite SSL private key for FQDN
  ansible.builtin.copy:
    backup: true
    dest: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.key"
    force: true
    group: root
    mode: "0600"
    owner: root
    src: "ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.key"
    # validate: string
- name: Provide requisite SSL public key for FQDN
  ansible.builtin.copy:
    backup: true
    checksum: string
    dest: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.pem"
    force: true
    group: root
    owner: root
    src: "ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.pem"
    # validate: string
- name: Update system registration of SSL certificates
  ansible.builtin.command:
    cmd: update-ca-certificates
    creates: "/etc/ssl/certs/{{ hostvars[inventory_hostname].fqdn }}.pem"