---
- name: Ensure CA cert/key exists
  command:
    chdir: /opt/nebula
    cmd: ./nebula-cert ca -name "{{ nebula_network_name }}" -duration "{{ nebula_ca_cert_duration }}"
    creates: /opt/nebula/ca.crt

- name: Ensure lighthouse cert/key exists
  command:
    chdir: /opt/nebula
    cmd: ./nebula-cert sign -name "{{ nebula_lighthouse_hostname }}" -ip "{{ nebula_lighthouse_internal_ip_addr }}/{{ nebula_network_cidr }}" -duration "{{ nebula_client_cert_duration }}"
    creates: "/opt/nebula/{{ nebula_lighthouse_hostname }}.crt"

- name: Ensure lighthouse is configured
  template:
    src: lighthouse_config.yml.j2 
    dest: /opt/nebula/config.yml
    owner: root
    group: root
    mode: '0400'
  notify: restart nebula

- name: Ensure lighthouse service exists
  template:
    src: lighthouse.service.j2
    dest: /etc/systemd/system/lighthouse.service
    owner: root
    group: root
    mode: '0644'

- name: Ensure lighthouse service is enabled and running
  systemd: 
    name: lighthouse
    daemon_reload: yes
    enabled: yes
    masked: no
    state: started