From 2cebeb0bee9daf69966427f6d91ddaac65c93c89 Mon Sep 17 00:00:00 2001 From: Lenoctambule <106790775+lenoctambule@users.noreply.github.com> Date: Tue, 31 Mar 2026 22:18:02 +0200 Subject: [PATCH] feat: .env template + error fixes --- clear.yml | 2 +- tasks/setup-and-start-app.yml | 11 +++++++++-- tasks/setup-reverse-proxy.yml | 20 +++++++++++--------- templates/.env.j2 | 9 +++++++++ vars.yml | 12 +++++++++++- 5 files changed, 41 insertions(+), 13 deletions(-) create mode 100644 templates/.env.j2 diff --git a/clear.yml b/clear.yml index edde832..e6d7222 100644 --- a/clear.yml +++ b/clear.yml @@ -8,8 +8,8 @@ - name: Stop containers ansible.builtin.command: "make -C {{ dest_dir }} fclean" when: not ansible_check_mode + ignore_errors: true - tasks: - name: Remove app files ansible.builtin.file: state: absent diff --git a/tasks/setup-and-start-app.yml b/tasks/setup-and-start-app.yml index c34e99b..c5e0fff 100644 --- a/tasks/setup-and-start-app.yml +++ b/tasks/setup-and-start-app.yml @@ -2,9 +2,16 @@ ansible.builtin.copy: src: inception/ dest: "{{ dest_dir }}" - preserve: true force: true - when: not ansible_check_mode + when: not ansible_check_mode + +- name: Create .env file + ansible.builtin.template: + src: .env.j2 + dest: "{{ dest_dir }}/srcs/.env" + owner: root + group: root + mode: '0644' - name: Run the app ansible.builtin.command: "make -C {{ dest_dir }}" diff --git a/tasks/setup-reverse-proxy.yml b/tasks/setup-reverse-proxy.yml index 304cdd8..351e079 100644 --- a/tasks/setup-reverse-proxy.yml +++ b/tasks/setup-reverse-proxy.yml @@ -15,36 +15,38 @@ - name: Installing Certbot ansible.builtin.pip: + break_system_packages: true + extra_args: --upgrade + virtualenv: /tmp/.venv/ + virtualenv_command: python3 -m venv name: - certbot - - certbox-nginx + - certbot-nginx when: not ansible_check_mode -# - name: Manage SSL certificate with community module - name: Obtain or renew SSL certificate for {{ cert_domain }} ansible.builtin.shell: | - certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }} + source /tmp/.venv/activate && certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }} args: executable: /bin/bash creates: /etc/letsencrypt/live/{{ cert_domain }}/fullchain.pem register: certbot_result changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout" - failed_when: false # Set to true if you want the playbook to fail immediately on error - ignore_errors: true # Optional: Allows the playbook to continue if certbot isn't installed yet - when: cert_domain is defined + when: not is_local - name: Installing self-signed certificate when: is_local block: - - name: Create private key (X25519) with password protection + - name: Create private key (RSA) with password protection community.crypto.openssl_privatekey: path: /etc/ssl/private/nginx-selfsigned.key - type: X25519 - passphrase: { passphrase } + type: RSA + passphrase: "{{ passphrase }}" - name: Create self-signed certificate community.crypto.x509_certificate: path: /etc/ssl/certs/nginx-selfsigned.crt privatekey_path: /etc/ssl/private/nginx-selfsigned.key provider: selfsigned + privatekey_passphrase: "{{ passphrase }}" when: not ansible_check_mode \ No newline at end of file diff --git a/templates/.env.j2 b/templates/.env.j2 new file mode 100644 index 0000000..c7b62e8 --- /dev/null +++ b/templates/.env.j2 @@ -0,0 +1,9 @@ +DB_USER={{DB_USER}} +DB_PWD={{DB_PWD}} +DB_ROOT_PWD={{DB_ROOT_PWD}} +WP_USER={{WP_USER}} +WP_PWD={{WP_PWD}} +WP_EMAIL={{WP_EMAIL}} +WP_ADMIN={{WP_ADMIN}} +WP_ADMIN_PWD={{WP_ADMIN_PWD}} +WP_ADMIN_EMAIL={{WP_ADMIN_EMAIL}} diff --git a/vars.yml b/vars.yml index f2da357..e1f67d5 100644 --- a/vars.yml +++ b/vars.yml @@ -2,4 +2,14 @@ is_local: true passphrase: changeme cert_domain: "example.com" cert_email: "admin@example.com" -dest_dir: /var/app/ \ No newline at end of file +dest_dir: /var/app/ + +DB_USER: wp +DB_PWD: password123 +DB_ROOT_PWD: rootpassword +WP_USER: rralambo +WP_PWD: password123 +WP_EMAIL: email@email.com +WP_ADMIN: obama +WP_ADMIN_PWD: thepresidentialpassword +WP_ADMIN_EMAIL: obama@obamail.com