---
- name: Install dependencies
  ansible.builtin.package:
    name: python3-cryptography
    state: present

- name: Create directories
  loop:
    - /containers/compose/iconserver
    - /containers/data/nginx/conf.d
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    recurse: true

- name: Install files from templates
  loop:
    - containers/compose/iconserver/compose.yml
    - containers/data/nginx/conf.d/iconserver.conf
  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: "/{{ item }}"

# I would assume it does not matter how we get the self signed cert to the host
# so it's nicer (and safer) to generate one for each of the hosts.
# Another option is to pre-generate it and store it in ansible-vault.
- name: Create openssl key
  community.crypto.openssl_privatekey:
    path: /containers/data/nginx/conf.d/iconserver.key

- name: Create openssl self-signed cert
  community.crypto.x509_certificate:
    path: /containers/data/nginx/conf.d/iconserver.crt
    privatekey_path: /containers/data/nginx/conf.d/iconserver.key
    provider: selfsigned

- name: Deploy software via docker-compose
  community.docker.docker_compose_v2:
    project_src: /containers/compose/iconserver