---
- name: Ensure SSL directory exists
  file:
    path: /etc/nginx/ssl
    state: directory
    mode: '0755'
  tags: ssl

- name: Generate self-signed SSL certificate
  openssl_certificate:
    path: /etc/nginx/ssl/{{ proxy_name }}.crt
    privatekey_path: /etc/nginx/ssl/{{ proxy_name }}.key
    common_name: "{{ proxy_name }}"
    state: present
    selfsigned: yes
    owner: root
    group: root
    mode: '0644'
    subject:
      - organizationName: "Example Company"
      - organizationalUnitName: "IT"
      - localityName: "City"
      - countryName: "US"
  tags: ssl