[
	{
		"name": "install packages",
		"become": true,
		"ansible.builtin.apt": {
			"update_cache": true,
			"pkg": [
				"openssl",
				"python3-cryptography"
			]
		}
	},
	{
		"name": "setup directories",
		"become": true,
		"loop": [
			"{{var_tlscert_selfsigned_ssl_directory}}/private",
			"{{var_tlscert_selfsigned_ssl_directory}}/csr",
			"{{var_tlscert_selfsigned_ssl_directory}}/certs",
			"{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
		],
		"ansible.builtin.file": {
			"state": "directory",
			"path": "{{item}}"
		}
	},
	{
		"name": "csr | generate private key",
		"become": true,
		"community.crypto.openssl_privatekey": {
			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
		}
	},
	{
		"name": "csr | execute",
		"become": true,
		"community.crypto.openssl_csr": {
			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
			"common_name": "{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}",
			"subject_alt_name": [
				"DNS:{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}"
			],
			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
		},
		"register": "temp_csr"
	},
	{
		"name": "generate certificate",
		"become": true,
		"community.crypto.x509_certificate": {
			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
			"csr_path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
			"provider": "selfsigned",
			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
		}
	},
	{
		"name": "compose fullchain",
		"become": true,
		"ansible.builtin.shell": {
			"cmd": "cat {{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem > {{var_tlscert_selfsigned_ssl_directory}}/fullchains/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
		}
	}
]