---

# todo: allow for a dictionary of certs to be passed

- name: Certificates | Checking config
  ansible.builtin.assert:
    that:
      - certs is defined

- name: Certificates | Showing debug info - user provided config
  ansible.builtin.debug:
    var: certs
  when:
    - debug is defined
    - debug

- name: Certificates | Showing debug info - running config
  ansible.builtin.debug:
    var: CERT_CONFIG
  when:
    - debug is defined
    - debug

- name: Certificates | Checking for invalid domains/hostnames
  ansible.builtin.pause:
    prompt: "It seems you have configured an invalid domain/hostname: '{{ item }}' - do you want to continue?"
  when:
    - not no_prompts
    - not item | valid_hostname
  loop: "{{ CERT_CONFIG.cert.domains }}"

- name: Certificates | Internal signed
  ansible.builtin.include_tasks: internal/main.yml
  when: "CERT_CONFIG.mode in ['pki', 'ca', 'selfsigned']"

- name: Certificates | Internal | CA
  ansible.builtin.include_tasks: debian/pki.yml
  when: CERT_CONFIG.mode == 'pki'

- name: Certificates | Debian | Letsencrypt
  ansible.builtin.include_tasks: debian/letsencrypt/main.yml
  when:
    - CERT_CONFIG.mode == 'le_certbot'
    - "ansible_distribution|lower in ['debian', 'ubuntu']"