- name: Create self-signed certs
  become: yes
  become_user: nextcloud
  command:
    chdir: /home/nextcloud/
    creates: "/home/nextcloud/{{ inventory_hostname }}.key"
    argv:
      - openssl
      - req
      - -x509
      - -newkey
      - rsa:4096
      - -sha256
      - -nodes
      - -keyout
      - "{{ inventory_hostname }}.key"
      - -out
      - "{{ inventory_hostname }}.crt"
      - -days
      - 3650
      - -subj
      - "/C=CA/ST=ON/L=Toronto/O=EquilibrateIT/OU=SecretManagement/CN={{ inventory_hostname}}"
      - -addext
      - "subjectAltName = DNS:{{ inventory_hostname }},DNS:localhost,IP:127.0.0.1"

      #- name: Add certificate trust
      #  become: yes
      #  become_user: nextcloud
      #  command:
      #    chdir: /home/nextcloud/
      #    creates: "/home/nextcloud/{{ inventory_hostname }}.crt"
      #    argv:
      #      - openssl
      #      - x509
      #      - -trustout
      #      - -in
      #      - "{{ inventory_hostname}}.normal.crt"
      #      - -out
      #      - "{{ inventory_hostname}}.crt"


- copy:
    src: "/home/nextcloud/{{ inventory_hostname }}.crt"
    remote_src: true
    dest: /home/nextcloud/nginx/certs/
    owner: 100999
  
- copy:
    src: "/home/nextcloud/{{ inventory_hostname }}.key"
    remote_src: true
    dest: /home/nextcloud/nginx/certs/
    owner: 100999
  
- file:
    path: "/home/nextcloud/{{ item }}"
    state: absent
  with_items:
    - "{{ inventory_hostname }}.normal.crt"
    - "{{ inventory_hostname }}.crt"
    #- "{{ inventory_hostname }}.key"