---
# tasks file for nebula

- name: get the vagrant network interface and set fact
  set_fact:
    vagrant_ifce: "ansible_{{ ansible_interfaces | difference(['lo',ansible_default_ipv4.alias]) | sort | first }}"
  tags:
    - nebula-conf
  
- name: install built nebula binary
  copy: src=../../../../../{{ item }} dest=/usr/local/bin mode=0755
  with_items:
    - nebula
    - nebula-cert

- name: create nebula config directory
  file: path="{{ nebula_config_directory }}" state=directory mode=0755
 
- name:  temporarily copy over root.crt and root.key to sign
  copy: src={{ item }} dest=/opt/{{ item }}
  with_items:
    - vagrant-test-ca.key
    - vagrant-test-ca.crt

- name: sign using the root key
  command: nebula-cert sign -ca-crt /opt/vagrant-test-ca.crt -ca-key /opt/vagrant-test-ca.key -duration 4320h -groups vagrant -ip {{ hostvars[inventory_hostname][vagrant_ifce]['ipv4']['address'] | to_nebula_ip }}/9 -name {{ ansible_hostname }}.nebula -out-crt /etc/nebula/host.crt -out-key /etc/nebula/host.key

- name: remove root.key used to sign
  file: dest=/opt/{{ item }} state=absent
  with_items:
    - vagrant-test-ca.key

- name: write the content of the trusted ca certificate
  copy: src="vagrant-test-ca.crt" dest="/etc/nebula/vagrant-test-ca.crt"
  notify: restart nebula

- name: Create config directory
  file: path="{{ nebula_config_directory }}" owner=root group=root mode=0755 state=directory

- name: nebula config
  template: src=config.yml.j2 dest="/etc/nebula/config.yml" mode=0644 owner=root group=root
  notify: restart nebula
  tags:
    - nebula-conf

- name: nebula systemd
  copy: src=systemd.nebula.service dest="/etc/systemd/system/nebula.service" mode=0644 owner=root group=root
  register: addconf
  notify: restart nebula

- name: maybe reload systemd
  shell: systemctl daemon-reload
  when: addconf.changed

- name: nebula running
  service: name="nebula" state=started enabled=yes