- name: generate root ca
  command: openssl req \
                    -x509 \
                    -new \
                    -nodes \
                    -newkey rsa:2048 \
                    -keyout "{{ data_folder }}/nginx/rootca.key" \
                    -out "{{ data_folder }}/nginx/rootca.pem" \
                    -sha256 \
                    -days 3650 \
                    -subj "/C=CZ/L=Prague/CN=Homelab/emailAddress={{ admin_email }}"
- name: generate wildcard csr
  command: openssl req \
                    -new \
                    -nodes \
                    -newkey rsa:2048 \
                    -keyout "{{ data_folder }}/nginx/{{ base_domain }}.key" \
                    -out "{{ data_folder }}/nginx/{{ base_domain }}.csr" \
                    -subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
- name: sign wildcard csr with root ca
  command: openssl x509 \
                    -req \
                    -in "{{ data_folder }}/nginx/{{ base_domain }}.csr" \
                    -CA "{{ data_folder }}/nginx/rootca.pem" \
                    -CAkey "{{ data_folder }}/nginx/rootca.key" \
                    -CAcreateserial \
                    -out "{{ data_folder }}/nginx/{{ base_domain }}.crt" \
                    -days 3650 \
                    -sha256
- name: install root ca
  command: trust anchor "{{ data_folder }}/nginx/rootca.pem"
  become: yes
- name: copy .conf file
  template:
    src: nginx.conf.j2
    dest: "{{ data_folder }}/nginx/nginx.conf"
    mode: '0755'