- name: Cert gen
  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
  block:
    - name: Include vault
      ansible.builtin.include_vars:
        file: jaydee.yml
    - name: Create a directory for certs
      ansible.builtin.file:
        path: /tmp/certgen
        state: directory
        mode: '0700'
        owner: root
        group: root
    - name: Copy cert generation script
      ansible.builtin.copy:
        src: certs.sh
        dest: /tmp/certgen/certs.sh
        mode: '0700'
        owner: root
        group: root
    - name: Generate certs
      ansible.builtin.command: /tmp/certgen/certs.sh
      args:
        chdir: /tmp/certgen
      register: certgen
      changed_when: "certgen.rc == 0"

    - name: Copy generated certs to files
      ansible.builtin.copy:
        src: /tmp/certgen/server-key.pem
        dest: /etc/docker/certs/
        remote_src: true
        mode: '0600'
        owner: root
        group: root
    - name: Copy generated certs to files
      ansible.builtin.copy:
        src: /tmp/certgen/server-cert.pem
        dest: /etc/docker/certs/
        remote_src: true
        mode: '0600'
        owner: root
        group: root
    - name: Copy generated certs to files
      ansible.builtin.copy:
        src: /tmp/certgen/ca.pem
        dest: /etc/docker/certs/
        remote_src: true
        mode: '0600'
        owner: root
        group: root

    - name: Create a directory for certs on nas
      ansible.builtin.file:
        path: /media/nas/data/certs/docker/{{ inventory_hostname }}
        state: directory
        mode: '0777'
        owner: jd
        group: root
      when: inventory_hostname != 'sectorq.cloud'

    - name: Copy generated certs to files
      ansible.builtin.copy:
        src: /tmp/certgen/{{ cert1 }}
        dest: /media/nas/data/certs/docker/{{ inventory_hostname }}
        remote_src: true
        mode: '0644'
        owner: jd
        group: root
      when: inventory_hostname != 'sectorq.cloud'
      loop_control:
        loop_var: cert1
      loop:
        - ca.pem
        - cert.pem
        - key.pem

    - name: Install sshpass
      ansible.builtin.apt:
        name: sshpass
        state: present
      when: inventory_hostname != 'nas.home.lan'
    - name: Create cert directory on nas server
      ansible.builtin.command: |
        sshpass -p {{ nas_password }} \
        ssh  -p2222 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null admin@sectorq.eu "mkdir -p /share/Data/certs/docker/{{ inventory_hostname }}"
      register: certgen
      changed_when: "certgen.rc == 0"
      ignore_errors: true
      when: inventory_hostname != 'nas.home.lan'
    - name: Generate certs
      ansible.builtin.command: |
        sshpass -p {{ nas_password }} \
        scp -P2222 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null {{ cert2 }} admin@sectorq.eu:/share/Data/certs/docker/{{ inventory_hostname }}/
      register: certgen
      changed_when: "certgen.rc == 0"
      args:
        chdir: /tmp/certgen
      loop_control:
        loop_var: cert2
      loop:
        - ca.pem
        - cert.pem
        - key.pem
        - server-cert.pem
        - server-key.pem