---
- name: compute path to static certificate directory
  set_fact:
    static_cert_path: "{{ static_cert_config.path | default([static_cert_base_dir, static_cert_name] | path_join) }}"

- name: create directory for static certificate
  file:
    path: "{{ static_cert_path }}"
    state: directory
    mode: "{{ static_cert_config.mode | default('0700') }}"
    owner: "{{ static_cert_config.owner | default(omit) }}"
    group: "{{ static_cert_config.group | default(omit) }}"
  notify: reload services for x509 certificates

- name: install key for static certificate
  copy:
    content: "{{ static_cert_config.key.content }}"
    dest: "{{ static_cert_path }}/{{ static_cert_name }}-key.pem"
    mode: "{{ static_cert_config.key.mode | default('0600') }}"
    owner: "{{ static_cert_config.key.owner | default(omit) }}"
    group: "{{ static_cert_config.key.group | default(omit) }}"
  notify: reload services for x509 certificates

- name: install static certificate
  copy:
    content: "{{ static_cert_config.cert.content }}"
    dest: "{{ static_cert_path }}/{{ static_cert_name }}-crt.pem"
    mode: "{{ static_cert_config.cert.mode | default('0644') }}"
    owner: "{{ static_cert_config.cert.owner | default(omit) }}"
    group: "{{ static_cert_config.cert.group | default(omit) }}"
  notify: reload services for x509 certificates

- name: export paths to basic certificate files
  set_fact:
    x509_certificate_path_key: "{{ static_cert_path }}/{{ static_cert_name }}-key.pem"
    x509_certificate_path_fullchain: "{{ static_cert_path }}/{{ static_cert_name }}-crt.pem"
    x509_certificate_path_cert: "{{ static_cert_path }}/{{ static_cert_name }}-crt.pem"

- name: install chain and fullchain for static certificate
  when: "'chain' in static_cert_config"
  block:
  - name: install chain for static certificate
    copy:
      content: "{{ static_cert_config.chain.content }}"
      dest: "{{ static_cert_path }}/{{ static_cert_name }}-chain.pem"
      mode: "{{ static_cert_config.chain.mode | default('0644') }}"
      owner: "{{ static_cert_config.chain.owner | default(omit) }}"
      group: "{{ static_cert_config.chain.group | default(omit) }}"
    notify: reload services for x509 certificates

  - name: install fullchain for static certificate
    copy:
      content: |
        {{ static_cert_config.cert.content | trim }}
        {{ static_cert_config.chain.content }}
      dest: "{{ static_cert_path }}/{{ static_cert_name }}-fullchain.pem"
      mode: "{{ static_cert_config.cert.mode | default('0644') }}"
      owner: "{{ static_cert_config.cert.owner | default(omit) }}"
      group: "{{ static_cert_config.cert.group | default(omit) }}"
    notify: reload services for x509 certificates

  - name: export paths to additional certificate files
    set_fact:
      x509_certificate_path_chain: "{{ static_cert_path }}/{{ static_cert_name }}-chain.pem"
      x509_certificate_path_fullchain: "{{ static_cert_path }}/{{ static_cert_name }}-fullchain.pem"

- name: make sure chain and fullchain files are removed
  when: "'chain' not in static_cert_config"
  block:
  - name: remove chain/fullchain files
    loop:
    - chain
    - fullchain
    file:
      path: "{{ static_cert_path }}/{{ static_cert_name }}-{{ item }}.pem"
      state: absent
    notify: reload services for x509 certificates

  - name: make sure variable that points to the chain certificate file is unset
    set_fact:
      x509_certificate_path_chain: ""