feat: dummy ssl certs task to ansible

run.yml

@@ -5,5 +5,4 @@
 
   tasks:
     - import_tasks: ./tasks/install-docker.yml
-    - import_tasks: ./tasks/setup-reverse-proxy.yml
     - import_tasks: ./tasks/setup-and-start-app.yml

tasks/setup-and-start-app.yml

@@ -13,6 +13,35 @@
     group: root
     mode: '0644'
 
+- name: Install dummy SSL certificates
+  block:
+    - name: Create cert dir
+      ansible.builtin.file:
+        path: "{{ cert_path }}"
+        state: directory
+        mode: '0755'
+
+    - name: Create private key
+      community.crypto.openssl_privatekey:
+        path: "{{ cert_path }}/privkey.pem"
+        size: 4096
+
+    - name: Create signing certificate
+      community.crypto.openssl_csr:
+        path: "{{ cert_path }}/cert.csr"
+        privatekey_path: "{{ cert_path }}/privkey.pem"
+
+    - name: Create self-signed certificate
+      community.crypto.x509_certificate:
+        path: "{{ cert_path }}/fullchain.pem"
+        privatekey_path: "{{ cert_path }}/privkey.pem"
+        csr_path: "{{ cert_path }}/cert.csr"
+        provider: selfsigned
+        selfsigned_not_after: "+1d"
+        state: present
+      when: not ansible_check_mode
+
+
 - name: Run the app
   ansible.builtin.command: "make -C {{ dest_dir }}"
   when: not ansible_check_mode

tasks/setup-reverse-proxy.yml

@@ -1,52 +0,0 @@
-- name: Install Certbot and Nginx
-  block:
-    - name: Installing Python3 and PIP 
-      ansible.builtin.apt:
-        state: present
-        update_cache: yes
-        pkg:
-          - nginx
-          - python3-pip
-          - python3
-          - python3-dev
-          - python3-venv
-          - libaugeas-dev
-          - gcc
-
-    - name: Installing Certbot
-      ansible.builtin.pip:
-        break_system_packages: true
-        extra_args: --upgrade
-        virtualenv: /tmp/.venv/
-        virtualenv_command: python3 -m venv
-        name:
-          - certbot
-          - certbot-nginx
-      when: not ansible_check_mode
-
-- name: Obtain or renew SSL certificate for {{ cert_domain }}
-  ansible.builtin.shell: |
-    source /tmp/.venv/activate && certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }}
-  args:
-    executable: /bin/bash
-    creates: /etc/letsencrypt/live/{{ cert_domain }}/fullchain.pem
-  register: certbot_result
-  changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
-  when: not is_local
-
-- name: Installing self-signed certificate
-  when: is_local
-  block:
-    - name: Create private key (RSA) with password protection
-      community.crypto.openssl_privatekey:
-        path: /etc/ssl/private/nginx-selfsigned.key
-        type: RSA
-        passphrase: "{{ passphrase }}"
-
-    - name: Create self-signed certificate
-      community.crypto.x509_certificate:
-        path: /etc/ssl/certs/nginx-selfsigned.crt
-        privatekey_path: /etc/ssl/private/nginx-selfsigned.key
-        provider: selfsigned
-        privatekey_passphrase: "{{ passphrase }}"
-      when: not ansible_check_mode

vars.yml

@@ -3,6 +3,8 @@ passphrase: changeme
 cert_domain: "example.com"
 cert_email: "admin@example.com"
 dest_dir: /var/app/
+cert_path: "{{ dest_dir }}/srcs/nginx/certbot/conf/live/{{ cert_domain }}"
+
 
 DB_USER: wp
 DB_PWD: password123