From 66f115a2e2460b4d43259c6e19e42dd0a53a2cb5 Mon Sep 17 00:00:00 2001 From: Lenoctambule <106790775+lenoctambule@users.noreply.github.com> Date: Thu, 2 Apr 2026 13:56:13 +0200 Subject: [PATCH] feat: dummy ssl certs task to ansible --- run.yml | 1 - tasks/setup-and-start-app.yml | 29 +++++++++++++++++++ tasks/setup-reverse-proxy.yml | 52 ----------------------------------- vars.yml | 2 ++ 4 files changed, 31 insertions(+), 53 deletions(-) delete mode 100644 tasks/setup-reverse-proxy.yml diff --git a/run.yml b/run.yml index c79fe15..a022429 100644 --- a/run.yml +++ b/run.yml @@ -5,5 +5,4 @@ tasks: - import_tasks: ./tasks/install-docker.yml - - import_tasks: ./tasks/setup-reverse-proxy.yml - import_tasks: ./tasks/setup-and-start-app.yml \ No newline at end of file diff --git a/tasks/setup-and-start-app.yml b/tasks/setup-and-start-app.yml index e8b6722..5fb764a 100644 --- a/tasks/setup-and-start-app.yml +++ b/tasks/setup-and-start-app.yml @@ -13,6 +13,35 @@ group: root mode: '0644' +- name: Install dummy SSL certificates + block: + - name: Create cert dir + ansible.builtin.file: + path: "{{ cert_path }}" + state: directory + mode: '0755' + + - name: Create private key + community.crypto.openssl_privatekey: + path: "{{ cert_path }}/privkey.pem" + size: 4096 + + - name: Create signing certificate + community.crypto.openssl_csr: + path: "{{ cert_path }}/cert.csr" + privatekey_path: "{{ cert_path }}/privkey.pem" + + - name: Create self-signed certificate + community.crypto.x509_certificate: + path: "{{ cert_path }}/fullchain.pem" + privatekey_path: "{{ cert_path }}/privkey.pem" + csr_path: "{{ cert_path }}/cert.csr" + provider: selfsigned + selfsigned_not_after: "+1d" + state: present + when: not ansible_check_mode + + - name: Run the app ansible.builtin.command: "make -C {{ dest_dir }}" when: not ansible_check_mode \ No newline at end of file diff --git a/tasks/setup-reverse-proxy.yml b/tasks/setup-reverse-proxy.yml deleted file mode 100644 index 351e079..0000000 --- a/tasks/setup-reverse-proxy.yml +++ /dev/null @@ -1,52 +0,0 @@ -- name: Install Certbot and Nginx - block: - - name: Installing Python3 and PIP - ansible.builtin.apt: - state: present - update_cache: yes - pkg: - - nginx - - python3-pip - - python3 - - python3-dev - - python3-venv - - libaugeas-dev - - gcc - - - name: Installing Certbot - ansible.builtin.pip: - break_system_packages: true - extra_args: --upgrade - virtualenv: /tmp/.venv/ - virtualenv_command: python3 -m venv - name: - - certbot - - certbot-nginx - when: not ansible_check_mode - -- name: Obtain or renew SSL certificate for {{ cert_domain }} - ansible.builtin.shell: | - source /tmp/.venv/activate && certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }} - args: - executable: /bin/bash - creates: /etc/letsencrypt/live/{{ cert_domain }}/fullchain.pem - register: certbot_result - changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout" - when: not is_local - -- name: Installing self-signed certificate - when: is_local - block: - - name: Create private key (RSA) with password protection - community.crypto.openssl_privatekey: - path: /etc/ssl/private/nginx-selfsigned.key - type: RSA - passphrase: "{{ passphrase }}" - - - name: Create self-signed certificate - community.crypto.x509_certificate: - path: /etc/ssl/certs/nginx-selfsigned.crt - privatekey_path: /etc/ssl/private/nginx-selfsigned.key - provider: selfsigned - privatekey_passphrase: "{{ passphrase }}" - when: not ansible_check_mode \ No newline at end of file diff --git a/vars.yml b/vars.yml index e1f67d5..f7a9dfd 100644 --- a/vars.yml +++ b/vars.yml @@ -3,6 +3,8 @@ passphrase: changeme cert_domain: "example.com" cert_email: "admin@example.com" dest_dir: /var/app/ +cert_path: "{{ dest_dir }}/srcs/nginx/certbot/conf/live/{{ cert_domain }}" + DB_USER: wp DB_PWD: password123