- name: deploy ecc384 cert
  include_role:
    name: ca
  vars:
    function: certs
    ca_options:
      mode: '0400'
      owner: "{{ coredns_user }}"
      group: "{{ coredns_group }}"
      concat_inter: true
      preset: web
      ocsp_must_staple: false
      notify: restart coredns
    ca_certs:
      - type: ecc384
        key: "{{ coredns_key_file }}"
        cert: "{{ coredns_cert_file }}"


- name: template tls snippet file
  template:
    src: tls.j2
    dest: "{{ coredns_tls_file }}"
    force: yes
    owner: "{{ coredns_user }}"
    group: "{{ coredns_group }}"
    mode: 0400
  notify: restart coredns