---

- name: Fail if using unsupported SSL certificate retrieval method
  ansible.builtin.fail:
    msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
  when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"

- name: Fail if using unsupported private key type
  ansible.builtin.fail:
    msg: "The `matrix_ssl_lets_encrypt_key_type` variable contains an unsupported value"
  when: "matrix_ssl_lets_encrypt_key_type not in ['rsa', 'ecdsa']"


# Common tasks, required by almost any method below.

- name: Ensure SSL certificate paths exists
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: 0770
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
    recurse: true
  with_items:
    - "{{ matrix_ssl_log_dir_path }}"
    - "{{ matrix_ssl_config_dir_path }}"
  when: "matrix_ssl_retrieval_method != 'none'"


# Method specific tasks follow

- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt.yml"

- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed.yml"

- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed.yml"