---
- name: Double check that nebula_ca_host is defined
  ansible.builtin.assert:
    that:
      - nebula_ca_host is defined
    success_msg: "Alright good, you did not modify this role."
    fail_msg: >-
      There should be no reason you have reached this. Did you modify this role?
      The nebula_ca_host MUST be defined with some value, whether you have set
      this as a regular var, or nebula_is_ca is defined as a hostvar for all the
      hosts you are running this for.

- name: Double check that nebula_ip is defined
  ansible.builtin.assert:
    that:
      - nebula_ip is defined
    success_msg: "nebula_ip has been defined"
    fail_msg: "You cannot be part of the mesh without nebula_ip defined"

# In rare cases, we may want to have dedicated certs already defined. Like, if
# for example, you need to rebuild a member of a mesh.
- name: Check that nebula_cert_private/public_key are defined or none
  ansible.builtin.assert:
    that:
      - (nebula_cert_private_key is defined and nebula_cert_public_key is defined) or
        (nebula_cert_private_key is not defined and nebula_cert_public_key is not defined)
    success_msg: "You did good!"
    fail_msg: "They need to be both none or defined."
...