---
- name: Sanity checks
  assert:
    that:
      - selfsignedcert_basename|default("") != ""


- name: Generate private key
  openssl_privatekey:
    path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_key }}'
    size: '{{ selfsignedcert_keysize|default(2048) }}'
    mode: 0600
  register: selfsignedcert_result_key


- name: Generate CSR
  openssl_csr:
    path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_csr }}'
    privatekey_path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_key }}'
    common_name: '{{ selfsigned_cn|default(ansible_hostname) }}'
    subject_alt_name: '{{ selfsigned_san|default([]) }}'


- name: Generate certificate
  openssl_certificate:
    path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_crt }}'
    privatekey_path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_key }}'
    csr_path: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_csr }}'
    provider: selfsigned
  register: selfsignedcert_result_crt


- name: Combine key and certificate
  template:
    src: combined.j2
    dest: '{{ selfsignedcert_basename }}.{{ selfsignedcert_suffix_combined }}'
    mode: 0600
    backup: yes


- debug: var=xxx1
- debug: var=xxx2