{% set cas = [] %}
{% for service in services %}
{% if service.activate is true and 'certificates' in service %}
{% for certificate in service.certificates %}
{% if "owner" in certificate %}
{% set owner = certificate['owner'] %}
{% else %}
{% set owner = 'root' %}
{% endif %}
{% if "group" in certificate %}
{% set group = certificate['group'] %}
{% set mode = 440 %}
{% else %}
{% set group = 'root' %}
{% set mode = 400 %}
{% endif %}
{% if certificate['format'] == 'cert_key' %}
{% if certificate['name'] is string %}
C {{ tls_cert_directory }}/{{ certificate['name'] }}.crt 444 root root - /usr/local/lib{{ tls_cert_directory }}/{{ certificate['name'] }}.crt
C {{ tls_key_directory }}/{{ certificate['name'] }}.key {{ mode }} {{ owner }} {{ group }} - /usr/local/lib{{ tls_key_directory }}/{{ certificate['name'] }}.key
{% else %}
{% for cert in certificate['name'] %}
C {{ tls_cert_directory }}/{{ cert }}.crt 444 root root - /usr/local/lib{{ tls_cert_directory }}/{{ cert }}.crt
C {{ tls_key_directory }}/{{ cert }}.key {{ mode }} {{ owner }} {{ group }} - /usr/local/lib{{ tls_key_directory }}/{{ cert }}.key
{% endfor %}
{% endif %}
{% else %}
{% if certificate['name'] is string %}
C {{ tls_key_directory }}/{{ certificate['name'] }}.pem {{ mode }} {{ owner }} {{ group }} - /usr/local/lib{{ tls_key_directory }}/{{ certificate['name'] }}.pem
{% else %}
{% for cert in certificate['name'] %}
C {{ tls_key_directory }}/{{ cert }}.pem {{ mode }} {{ owner }} {{ group }} - /usr/local/lib{{ tls_key_directory }}/{{ cert }}.pem
{% endfor %}
{% endif %}
{% endif %}
{% if certificate['authority'] not in cas and ('provider' not in certificate or certificate['provider'] == 'autosigne') %}
{{ cas.append(certificate['authority']) }}
C {{ tls_ca_directory }}/{{ certificate['authority'] }}.crt 444 root root - /usr/local/lib{{ tls_ca_directory }}/{{ certificate['authority'] }}.crt
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}