---
- name: generate the server dc cert
  ansible.builtin.command:
    cmd: consul tls cert create -server -dc {{ consul_dc_name }} -ca /etc/consul/consul-agent-ca.pem
  args:
    chdir: /etc/consul
    creates: "/etc/consul/{{ consul_dc_name }}-server-consul-0.pem"
  become: true

- name: set permissions on generated files
  ansible.builtin.file:
    path: "{{ item }}"
    mode: 0640
    owner: consul
    group: consul
  become: true
  loop:
    - "/etc/consul/{{ consul_dc_name }}-server-consul-0.pem"
    - "/etc/consul/{{ consul_dc_name }}-server-consul-0-key.pem"