- name: include pre_requisite.yml
  import_tasks: pre_requisite.yml

- name: Create cfssl user
  ansible.builtin.user:
    name: cfssl
    shell: /usr/sbin/nologin
    create_home: no
    home: '{{pki_dir}}'

- name: create pki dir
  file:
    path: '{{pki_dir}}'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: create pki csr dir
  file:
    path: '{{pki_dir}}/csr'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: create pki etc dir
  file:
    path: '{{pki_dir}}/etc'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: create pki data dir
  file:
    path: '{{pki_dir}}/data'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: create pki CA dir
  file:
    path: '{{pki_dir}}/CA'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: creating CA CSR json
  template:
    src: csr_ROOT_CA.json.j2
    dest: '{{pki_dir}}/csr/csr_ROOT_CA.json'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: creating Intermediate CA CSR json
  template:
    src: csr_intermediate_CA.json.j2
    dest: '{{pki_dir}}/csr/csr_intermediate_CA.json'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: creating config file
  template:
    src: cfssl.json.j2
    dest: '{{pki_dir}}/etc/cfssl.json'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: creating db config file
  template:
    src: db.json.j2
    dest: '{{pki_dir}}/etc/db.json'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: creating init sql file
  template:
    src: init.sql.j2
    dest: '{{pki_dir}}/data/init.sql'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: create certificate authority key pair and CSR, autosign it
  shell: '{{cfssl_bin_directory}}/cfssl gencert -initca {{pki_dir}}/csr/csr_ROOT_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca'
  args:
    chdir: '{{pki_dir}}/CA/'
    creates: '{{pki_dir}}/CA/ca-key.pem'

- name: create intermediate certificate authority key pair and CSR, autosign it
  shell: '{{cfssl_bin_directory}}/cfssl gencert -ca {{pki_dir}}/CA/ca.pem -ca-key {{pki_dir}}/CA/ca-key.pem -config={{pki_dir}}/etc/cfssl.json -profile="intermediate_ca" {{pki_dir}}/csr/csr_intermediate_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca-server'
  args:
    chdir: '{{pki_dir}}/CA/'
    creates: '{{pki_dir}}/CA/ca-server-key.pem'

- name: create sqlite3 database
  shell: 'cat {{pki_dir}}/data/init.sql | sqlite3 {{pki_dir}}/data/certdb.db'
  args:
    chdir: '{{pki_dir}}/CA/'
    creates: '{{pki_dir}}/data/certdb.db'


- name: Change owner of ca-server.pem by cfssl
  ansible.builtin.file:
    path: '{{pki_dir}}/CA/ca-server.pem'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: Change owner of ca-server.pem by cfssl
  ansible.builtin.file:
    path: '{{pki_dir}}/CA/ca-server-key.pem'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: Change owner of certdb.db by cfssl
  ansible.builtin.file:
    path: '{{pki_dir}}/data/certdb.db'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: Création du fichier de service /lib/systemd/system/cfssl.service
  ansible.builtin.template:
    src: cfssl.service.j2
    dest: /lib/systemd/system/cfssl.service
    owner: root
    group: root
    mode: 0644

- name : Create firewall rules
  ansible.builtin.shell: 'firewall-cmd --zone=public --permanent --add-port=8888/tcp && firewall-cmd --reload'

- name: Démarrage et activation du service cfssl
  ansible.builtin.service:
    name: cfssl
    state: started
    enabled: true