---
- name: Check if certificates already exists
  stat:
    path: "{{ local_certs_path }}"
  register: certificates_folder
  delegate_to: localhost
  become: no
  tags:
    - generate-certs


- block:

  - name: Local action | Create local temporary directory for certificates generation
    file:
      path: "{{ local_certs_path }}"
      mode: 0755
      state: directory

  - name: Local action | Check that the generation tool exists
    stat:
      path: "{{ local_certs_path }}/wazuh-certs-tool.sh"
    register: tool_package
    when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows'

  - name: Local action | Download certificates generation tool
    get_url:
      url: "{{ certs_gen_tool_url }}"
      dest: "{{ local_certs_path }}/wazuh-certs-tool.sh"
    when: not tool_package.stat.exists and ansible_os_family != 'Darwin' or ansible_os_family != 'Windows'

  - name: Local action | Prepare the certificates generation template file
    template:
      src: "templates/config.yml.j2"
      dest: "{{ local_certs_path }}/config.yml"
      mode: 0644
    register: tlsconfig_template
    when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows'

  - name: Local action | Generate the node & admin certificates in local
    command: >-
      bash {{ local_certs_path }}/wazuh-certs-tool.sh -A
    when: ansible_os_family != 'Darwin' or ansible_os_family != 'Windows'

  - name: Local action | Check for Docker installation on macOS
    command: docker --version
    register: docker_check
    when: os_family == 'Darwin'
    ignore_errors: yes

  - name: Local action | Check for Docker installation on Windows
    win_shell: docker --version
    register: docker_check
    when: os_family == 'Windows'
    ignore_errors: yes

  - name: Local action | Fail if Docker is not installed
    fail:
      msg: "Docker is not installed on this host."
    when: docker_check.rc != 0 and ansible_os_family == 'Darwin' or ansible_os_family == 'Windows'

  - name: Local action | Run Docker container on macOS
    community.docker.docker_container:
      name: wazuh-cert-tool
      image: "wazuh/wazuh-cert-tool"
      state: started
      auto_remove: true
      volumes:
        - "{{ local_certs_path }}/config.yml:/config/certs.yml"
        - "{{ local_certs_path }}/wazuh-certificates:/certificates/"
    when: os_family == 'Darwin'

  - name: Local action | Run Docker container on Windows
    community.docker.docker_container:
      name: wazuh-cert-tool
      image: "wazuh/wazuh-cert-tool"
      state: started
      auto_remove: true
      volumes:
        - "C:/{{ local_certs_path }}/config.yml:/config/certs.yml"
        - "{{ local_certs_path }}/wazuh-certificates:C:/certificates/"
    when: os_family == 'Windows'

  - name: Remove Docker image after execution
    community.docker.docker_image:
      name: "wazuh/wazuh-cert-tool"
      state: absent
    when: os_family == 'Darwin' or os_family == 'Windows'

  run_once: true
  delegate_to: localhost
  become: no
  tags:
    - generate-certs
  when:
    - not certificates_folder.stat.exists