---
- name: "create certificate dir"
  ansible.builtin.file:
    path: /var/reactance/ocserv/certs/
    state: directory
    owner: _vpn
    group: _vpn

- name: "generate server certs and key"
  ansible.builtin.shell: "openssl req -x509 -newkey rsa:4096 -keyout /var/reactance/hysteria/certs/server-key.pem -out /var/reactance/hysteria/certs/server-cert.pem -sha256 -days 3650 -nodes -subj '/CN=JohnDane'"

- name: "template out ocserv config"
  ansible.builtin.template:
    src: ocserv.conf.j2
    dest: /var/reactance/ocserv/ocserv.conf
  notify:
    - hysteria_start