---
- name: create SSH key
  command: ssh-keygen -b 4096 -C {{ ansible_nodename }} -f {{ certsync_key }}
  args:
    creates: "{{ certsync_key }}"
  tags: certsync

- name: template certsync script
  template:
    src: certsync
    dest: /usr/local/sbin/
    owner: root
    group: staff
    mode: 0550
  tags: certsync

- name: template certsync timer
  template:
    src: "{{ item }}"
    dest: /lib/systemd/system/
  with_items:
    - certsync.service
    - certsync.timer

- name: enable certsync timer
  systemd:
    name: certsync.timer
    state: started
    enabled: yes
    daemon_reload: yes