---
- name: define private certificate path
  ansible.builtin.set_fact:
    nextcloud_tls_cert_file: "/etc/ssl/{{ nextcloud_instance_name }}.crt"
- name: define private key path
  ansible.builtin.set_fact:
    nextcloud_tls_cert_key_file: "/etc/ssl/{{ nextcloud_instance_name }}.key"
- name: "[selfsigned TLS] - create self-signed SSL cert"
  ansible.builtin.command: >
    openssl req -new -nodes -x509
    -subj "/C=US/ST=Oregon/L=Portland/O=IT/CN=${hostname --fqdn}"
    -days 365
    -keyout {{ nextcloud_tls_cert_key_file }}
    -out {{ nextcloud_tls_cert_file }}
    -extensions v3_ca
  args:
    creates: "{{ nextcloud_tls_cert_key_file }}"

- name: "[selfsigned TLS] - check TLS certificate permissions"
  ansible.builtin.file:
    path: "{{ nextcloud_tls_cert_file }}"
    mode: 0644
    group: "{{ nextcloud_websrv_group }}"

- name: "[selfsigned TLS] - check TLS key permissions"
  ansible.builtin.file:
    path: "{{ nextcloud_tls_cert_key_file }}"
    mode: 0640
    group: "{{ nextcloud_websrv_group }}"

#   cd /etc/haproxy
#   mkdir nextcloud.test
#   cd nextcloud.test/
#   openssl genrsa -out nextcloud.test.key 2048
#   openssl req -new -key nextcloud.test.key -out nextcloud.test.csr
#   openssl x509 -req -days 365 -in nextcloud.test.csr -signkey nextcloud.test.key -out nextcloud.test.crt
#   bash -c 'cat nextcloud.test.key nextcloud.test.crt >> nextcloud.test.pem'
#   cd /etc/haproxy
#   openssl dhparam -out /etc/haproxy/dhparams.pem 2048