ansible-roles/roles/nomad/templates/agent.crt.tpl.j2

{{ with secret "[[ nomad_vault.pki.path ]]/issue/[[ nomad_vault.pki.role ]]" "common_name=[[ (nomad_conf.server.enabled) | ternary('server', 'client') ]].[[ nomad_conf.region | default('global') ]].nomad" "ttl=[[ nomad_vault.pki.ttl ]]" "alt_names=localhost,[[ inventory_hostname ]],{% if nomad_conf.server.enabled and nomad_conf.client.enabled %}client.[[ nomad_conf.region | default('global') ]].nomad{% endif %}" "ip_sans=127.0.0.1,[[ ansible_default_ipv4.address ]]"}}
{{ .Data.certificate }}
{{ end }}
	`{{ with secret "[[ nomad_vault.pki.path ]]/issue/[[ nomad_vault.pki.role ]]" "common_name=[[ (nomad_conf.server.enabled) \| ternary('server', 'client') ]].[[ nomad_conf.region \| default('global') ]].nomad" "ttl=[[ nomad_vault.pki.ttl ]]" "alt_names=localhost,[[ inventory_hostname ]],{% if nomad_conf.server.enabled and nomad_conf.client.enabled %}client.[[ nomad_conf.region \| default('global') ]].nomad{% endif %}" "ip_sans=127.0.0.1,[[ ansible_default_ipv4.address ]]"}}`
	`{{ .Data.certificate }}`
	`{{ end }}`