feat: .env template + error fixes

tasks/setup-reverse-proxy.yml

@@ -15,36 +15,38 @@
 
     - name: Installing Certbot
       ansible.builtin.pip:
+        break_system_packages: true
+        extra_args: --upgrade
+        virtualenv: /tmp/.venv/
+        virtualenv_command: python3 -m venv
         name:
           - certbot
-          - certbox-nginx
+          - certbot-nginx
       when: not ansible_check_mode
 
-# - name: Manage SSL certificate with community module
 - name: Obtain or renew SSL certificate for {{ cert_domain }}
   ansible.builtin.shell: |
-    certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }}
+    source /tmp/.venv/activate && certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }}
   args:
     executable: /bin/bash
     creates: /etc/letsencrypt/live/{{ cert_domain }}/fullchain.pem
   register: certbot_result
   changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
-  failed_when: false  # Set to true if you want the playbook to fail immediately on error
-  ignore_errors: true # Optional: Allows the playbook to continue if certbot isn't installed yet
-  when: cert_domain is defined
+  when: not is_local
 
 - name: Installing self-signed certificate
   when: is_local
   block:
-    - name: Create private key (X25519) with password protection
+    - name: Create private key (RSA) with password protection
       community.crypto.openssl_privatekey:
         path: /etc/ssl/private/nginx-selfsigned.key
-        type: X25519
-        passphrase: { passphrase }
+        type: RSA
+        passphrase: "{{ passphrase }}"
 
     - name: Create self-signed certificate
       community.crypto.x509_certificate:
         path: /etc/ssl/certs/nginx-selfsigned.crt
         privatekey_path: /etc/ssl/private/nginx-selfsigned.key
         provider: selfsigned
+        privatekey_passphrase: "{{ passphrase }}"
       when: not ansible_check_mode