---
# check if salamander password file exists
- name: "check if obfuscation password file exists "
  ansible.builtin.stat:
    path: "/var/reactance/hysteria/salamander_password"
  register: salamander_password_file

# generate salamander password
- name: "generate salamander password for obfuscation "
  ansible.builtin.shell: "openssl rand -hex 32"
  register: random_string
  when: salamander_password_file.stat.exists != true

# retrieve password from file, if exists 
- name: "use previous password, if it exists"
  ansible.builtin.set_fact:
    salamander_password: "{{ lookup('file', '/var/reactance/hysteria/salamander_password') }}"
  when: salamander_password_file.stat.exists

- name: "set salamander password as var"
  ansible.builtin.set_fact:
    salamander_password: "{{ random_string.stdout }}"
  when: salamander_password_file.stat.exists != true

- name: "write obfuscation password to file"
  ansible.builtin.copy:
    content: "{{ salamander_password }}"
    dest: "/var/reactance/hysteria/salamander_password"

  when: salamander_password_file.stat.exists != true

- name: "template out configs"
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - src: config.json.j2
      dest: "/var/reactance/hysteria/etc/config.json"
    - src: ca.tmpl.j2 
      dest: /var/reactance/hysteria/certs/ca.tmpl
    - src: server.tmpl.j2
      dest: /var/reactance/hysteria/certs/server.tmpl

# generate ca, server certs, crl file
- name: "generate ca, server certs"
  ansible.builtin.shell: "{{ item }}"
  loop:
    - "certtool --generate-privkey --outfile /var/reactance/hysteria/certs/ca-key.pem"
R   - "certtool --generate-self-signed --load-privkey /var/reactance/hysteria/certs/ca-key.pem --template /var/reactance/hysteria/certs/ca.tmpl --outfile /var/reactance/hysteria/certs/ca-cert.pem"
    - "certtool --generate-privkey --outfile /var/reactance/hysteria/certs/server-key.pem"
    - "certtool --generate-certificate --load-privkey /var/reactance/hysteria/certs/server-key.pem --load-ca-certificate /var/reactance/hysteria/certs/ca-cert.pem --load-ca-privkey /var/reactance/hysteria/certs/ca-key.pem --template /var/reactance/hysteria/certs/server.tmpl --outfile /var/reactance/hysteria/certs/server-cert.pem"