- name: Generate private key for {{ domain }}
  command: >
    openssl genrsa -out {{ seaweed_cert_dir }}/{{ domain }}.key 2048
  args:
    creates: "{{ seaweed_cert_dir }}/{{ domain }}.key"
  register: gen_key_result

- name: Generate CSR for {{ domain }}
  command: >
    openssl req -new -key {{ seaweed_cert_dir }}/{{ domain }}.key
    -out {{ seaweed_cert_dir }}/{{ domain }}.csr
    -subj "/CN={{ domain }}"
  args:
    creates: "{{ seaweed_cert_dir }}/{{ domain }}.csr"
  register: gen_csr_result

- name: Generate certificate signed by CA for {{ domain }}
  command: >
    openssl x509 -req
    -in {{ seaweed_cert_dir }}/{{ domain }}.csr
    -CA {{ seaweed_ca_cert }}
    -CAkey {{ seaweed_ca_key }}
    -CAcreateserial
    -out {{ seaweed_cert_dir }}/{{ domain }}.crt
    -days 3650
    -sha256
  args:
    creates: "{{ seaweed_cert_dir }}/{{ domain }}.crt"
  register: gen_crt_result

- name: Set certificate permissions
  file:
    path: "{{ item }}"
    owner: "{{ seaweed_user }}"
    group: "{{ seaweed_group }}"
    mode: '0644'
    recurse: true
  loop:
    - "{{ seaweed_cert_dir }}/{{ domain }}.crt"
    - "{{ seaweed_cert_dir }}/{{ domain }}.csr"
    - "{{ seaweed_cert_dir }}/{{ domain }}.key"