---
 
# ---
# TLS Certificate
# ---

# - method 'generate'

- name: Generate Pure-FTPd TLS certificate.
  command: openssl req -x509 -nodes -newkey rsa:{{ pureftpd_tls_certificate_openssl.size | default(4096) }} -sha256 -days {{ pureftpd_tls_certificate_openssl.days | default(365) }} -keyout {{ pureftpd_tls_certificate_pem }} -out {{ pureftpd_tls_certificate_pem }} -subj "/C={{ pureftpd_tls_certificate_openssl.country | default('') }}/ST={{ pureftpd_tls_certificate_openssl.state | default('') }}/L={{ pureftpd_tls_certificate_openssl.locality | default('') }}/O={{ pureftpd_tls_certificate_openssl.organization | default('') }}/OU={{ pureftpd_tls_certificate_openssl.unit | default('') }}/CN={{ pureftpd_tls_certificate_openssl.fqdn }}"
  args:
    creates: "{{ pureftpd_tls_certificate_pem }}"
  when: 
    - pureftpd_tls_certificate_method == 'generate'
    - pureftpd_tls_certificate_openssl | length > 0
  notify: restart Pure-FTPd

- name: Ensure Pure-FTPd TLS certificate permissions.
  file:
    path: "{{ pureftpd_tls_certificate_pem }}"
    owner: root
    group: root
    mode: '0600'
    state: file
  when: 
    - pureftpd_tls_certificate_method == 'generate'
    - pureftpd_tls_certificate_openssl | length > 0

# - final checks

- name: (pure-ftpd-install.yml) Verify TLS certificate exists.
  stat:
    path: "{{ pureftpd_tls_certificate_pem }}"
  register: pureftpd_tls_certificate

- name: (pure-ftpd-install.yml) Fail when no certificate is found.
  fail:
    msg: |
        The certificate file was not found at {{ pureftpd_tls_certificate_pem }}
  when: not pureftpd_tls_certificate.stat.exists | default(False)