- name: Generate PrivateKey
  community.crypto.openssl_privatekey:
    path: /opt/netmaker_server/certs/node.key
    owner: 1883   #  Set owner to mosquitto-user (all other containers seem to run as root)

- name: Generate Certificate-Signing-Request from privateKey
  community.crypto.openssl_csr:
    path: /opt/netmaker_server/certs/node.csr
    privatekey_path: /opt/netmaker_server/certs/node.key
    common_name: "{{ ansible_facts.nodename }}"
    subject_alt_name: 
     "DNS:{{ netmaker_rqlite.http_host }}.{{ ansible_facts.nodename }},\
      DNS:{{ netmaker_rqlite.cluster_host }}.{{ ansible_facts.nodename }},\
      DNS:{{ netmaker_broker.tls_host }}.{{ netmaker_base_domain }},\
      DNS:{{ netmaker_api.host }}.{{ netmaker_base_domain }},\
      DNS:{{ netmaker_ui.host }}.{{ netmaker_base_domain }}"

- name: Fetch CSR
  ansible.builtin.fetch:
    src: /opt/netmaker_server/certs/node.csr
    dest: tmp_files/

- name: Sign CSR locally with CA
  local_action: community.crypto.x509_certificate
  args:
    path: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/certs/node.crt
    csr_path: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/certs/node.csr
    ownca_path: secret_files/netmaker_server/ca/ca.crt
    ownca_privatekey_path: secret_files/netmaker_server/ca/ca.key
    provider: ownca
  
- name: Copy Signed Certificate
  ansible.builtin.copy:
    src: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/certs/node.crt
    dest: /opt/netmaker_server/certs/node.crt

- name: Copy CA Certificate
  ansible.builtin.copy:
    src: secret_files/netmaker_server/ca/ca.crt
    dest: /opt/netmaker_server/certs/ca.crt