- name: Install SSL dependencies
  package:
    name: "{{ package }}"
    state: present
  loop:
    - ssl-cert
    - python3-openssl
  loop_control:
    loop_var: package
  tags: selfsigned_install

- name: Create SSL config directories
  file:
    path: "{{ config_dir }}"
    state: directory
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "711"
  loop:
  - "{{ acme_config_dir }}"
  - "{{ acme_keys_dir }}"
  - "{{ acme_accounts_dir }}"
  - "{{ acme_csr_dir }}"
  loop_control:
    loop_var: config_dir
  tags: selfsigned_install

- name: Create {{ domain_name }} certificates directory
  file:
    path: "{{ acme_certs_dir }}/{{ domain_name }}.d"
    state: directory
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "755"
  tags: selfsigned_install

- name: Generate private key for {{ domain_name }} certificate
  openssl_privatekey:
    path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "640"
    type: RSA
    size: 4096

- name: Generate CSR for {{ domain_name }} certificate
  openssl_csr:
    path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "644"
    privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
    common_name: "{{ domain_name }}"

- name: Generate self-signed certificate
  openssl_certificate:
    path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem" 
    csr_path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
    privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
    provider: selfsigned 
    state: present
    owner: root 
    group: "{{ acme_ssl_group }}" 
    mode: "644"