#!/bin/bash
# Generator for nonmanaged certs for {{ item.key }}
{{ nebula_bin_dir }}/nebula-cert sign \
  -name "{{ item.key }}" \
  -ip "{{ item.value.ip | mandatory }}" \
  -groups "{{ (item.value.groups | default([])) | join(',') }}" \
  -ca-key "{{ nebula_config_dir }}/ca.key" \
  -ca-crt "{{ nebula_config_dir }}/ca.crt" \
{% if item.value['public_key'] is defined %}
  -in-pub "{{ nebula_config_dir }}/{{ item.key }}.pub" \
{% else %}
  -out-key "{{ nebula_config_dir }}/{{ item.key }}.key" \
{% endif %}
  -out-crt "{{ nebula_config_dir }}/{{ item.key }}.crt"