- block:
    - name: deploy ecc384 cert
      include_role:
        name: certs
      vars:
        certs:
          cert: "{{ coredns_cert_file }}"
          key: "{{ coredns_key_file }}"
          ecc: yes
          post_hook: service coredns restart
          owner: "{{ coredns_user }}"
          group: "{{ coredns_group }}"


    - name: template tls snippet file
      template:
        src: tls.j2
        dest: "{{ coredns_tls_file }}"
        force: yes
        owner: "{{ coredns_user }}"
        group: "{{ coredns_group }}"
        mode: 0400
      notify: restart coredns

  when: host_tls