---
# hashistack generate certificates playbook
- name: "Generate credentials"
  hosts: localhost
  strategy: linear
  gather_facts: true
  become: true
  tasks:
    - name: "Generate consul credentials"
      block:
        - name: "Generate consul gossip encryption key"
          ansible.builtin.set_fact:
            _consul_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"

        - name: "Generate consul root credentials"
          ansible.builtin.set_fact:
            _consul_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"

        - name: "Generate consul agents credentials"
          ansible.builtin.set_fact:
            _consul_agents_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
            _consul_agents_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"

        - name: "Generate consul vault credentials"
          ansible.builtin.set_fact:
            _consul_vault_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
            _consul_vault_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"

        - name: "Generate consul nomad server credentials"
          ansible.builtin.set_fact:
            _consul_nomad_server_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
            _consul_nomad_server_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"

        - name: "Generate consul nomad client credentials"
          ansible.builtin.set_fact:
            _consul_nomad_client_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
            _consul_nomad_client_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"

    - name: "Generate nomad credentials"
      block:
        - name: "Generate nomad gossip encryption key"
          ansible.builtin.set_fact:
            _nomad_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"

        - name: "Generate nomad root credentials"
          ansible.builtin.set_fact:
            _nomad_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"

    - name: "Write credentials file"
      ansible.builtin.template:
        src: templates/credentials.yml.j2
        dest: "{{ sub_configuration_directories['secrets'] }}/{{ configuration_credentials_vars_file }}"
        owner: "{{ lookup('env', 'USER') }}"
        group: "{{ lookup('env', 'USER') }}"
        mode: '0644'