feat: .env template + error fixes

clear.yml

@@ -8,8 +8,8 @@
   - name: Stop containers
     ansible.builtin.command: "make -C {{ dest_dir }} fclean"
     when: not ansible_check_mode
+    ignore_errors: true
   
-  tasks:
   - name: Remove app files
     ansible.builtin.file:
       state: absent

tasks/setup-and-start-app.yml

@@ -2,9 +2,16 @@
   ansible.builtin.copy:
     src: inception/
     dest: "{{ dest_dir }}"
-    preserve: true
     force: true
-    when: not ansible_check_mode
+  when: not ansible_check_mode
+
+- name: Create .env file
+  ansible.builtin.template:
+    src: .env.j2
+    dest: "{{ dest_dir }}/srcs/.env"
+    owner: root
+    group: root
+    mode: '0644'
 
 - name: Run the app
   ansible.builtin.command: "make -C {{ dest_dir }}"

tasks/setup-reverse-proxy.yml

@@ -15,36 +15,38 @@
 
     - name: Installing Certbot
       ansible.builtin.pip:
+        break_system_packages: true
+        extra_args: --upgrade
+        virtualenv: /tmp/.venv/
+        virtualenv_command: python3 -m venv
         name:
           - certbot
-          - certbox-nginx
+          - certbot-nginx
       when: not ansible_check_mode
 
-# - name: Manage SSL certificate with community module
 - name: Obtain or renew SSL certificate for {{ cert_domain }}
   ansible.builtin.shell: |
-    certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }}
+    source /tmp/.venv/activate && certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }}
   args:
     executable: /bin/bash
     creates: /etc/letsencrypt/live/{{ cert_domain }}/fullchain.pem
   register: certbot_result
   changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
-  failed_when: false  # Set to true if you want the playbook to fail immediately on error
+  when: not is_local
-  ignore_errors: true # Optional: Allows the playbook to continue if certbot isn't installed yet
-  when: cert_domain is defined
 
 - name: Installing self-signed certificate
   when: is_local
   block:
-    - name: Create private key (X25519) with password protection
+    - name: Create private key (RSA) with password protection
       community.crypto.openssl_privatekey:
         path: /etc/ssl/private/nginx-selfsigned.key
-        type: X25519
+        type: RSA
-        passphrase: { passphrase }
+        passphrase: "{{ passphrase }}"
 
     - name: Create self-signed certificate
       community.crypto.x509_certificate:
         path: /etc/ssl/certs/nginx-selfsigned.crt
         privatekey_path: /etc/ssl/private/nginx-selfsigned.key
         provider: selfsigned
+        privatekey_passphrase: "{{ passphrase }}"
       when: not ansible_check_mode

templates/.env.j2

@@ -0,0 +1,9 @@
+DB_USER={{DB_USER}}
+DB_PWD={{DB_PWD}}
+DB_ROOT_PWD={{DB_ROOT_PWD}}
+WP_USER={{WP_USER}}
+WP_PWD={{WP_PWD}}
+WP_EMAIL={{WP_EMAIL}}
+WP_ADMIN={{WP_ADMIN}}
+WP_ADMIN_PWD={{WP_ADMIN_PWD}}
+WP_ADMIN_EMAIL={{WP_ADMIN_EMAIL}}

vars.yml

@@ -3,3 +3,13 @@ passphrase: changeme
 cert_domain: "example.com"
 cert_email: "admin@example.com"
 dest_dir: /var/app/
+
+DB_USER: wp
+DB_PWD: password123
+DB_ROOT_PWD: rootpassword
+WP_USER: rralambo
+WP_PWD: password123
+WP_EMAIL: email@email.com
+WP_ADMIN: obama
+WP_ADMIN_PWD: thepresidentialpassword
+WP_ADMIN_EMAIL: obama@obamail.com