---
- name: Setup Agent TLS (Private Key)
  become: yes
  become_user: jingrow
  copy:
    content: "{{ certificate_private_key }}"
    dest: /home/jingrow/agent/tls/privkey.pem

- name: Setup Agent TLS (Full Chain)
  become: yes
  become_user: jingrow
  copy:
    content: "{{ certificate_full_chain }}"
    dest: /home/jingrow/agent/tls/fullchain.pem

- name: Setup Agent TLS (Intermediate Chain)
  become: yes
  become_user: jingrow
  copy:
    content: "{{ certificate_intermediate_chain }}"
    dest: /home/jingrow/agent/tls/chain.pem

- name: Restart NGINX
  service:
    name: nginx
    state: restarted

- name: Copy ProxySQL TLS (Private Key)
  copy:
    src: /home/jingrow/agent/tls/privkey.pem
    dest: /home/jingrow/proxysql/proxysql-key.pem
    mode: 0600
    remote_src: yes
  when: is_proxy_server | bool

- name: Copy ProxySQL TLS (CA Certificate)
  copy:
    src: /home/jingrow/agent/tls/chain.pem
    dest: /home/jingrow/proxysql/proxysql-ca.pem
    mode: 0600
    remote_src: yes
  when: is_proxy_server | bool

- name: Copy ProxySQL TLS (Server Certificate)
  copy:
    src: /home/jingrow/agent/tls/fullchain.pem
    dest: /home/jingrow/proxysql/proxysql-cert.pem
    mode: 0600
    remote_src: yes
  when: is_proxy_server | bool

- name: Enable ProxySQL Auditing
  mysql_query:
    login_user: jingrow
    login_password: "{{ proxysql_admin_password }}"
    login_host: 127.0.0.1
    login_port: 6032
    query:
      - PROXYSQL RELOAD TLS
  when: is_proxy_server | bool