iconserver-deploy/roles/iconserver/tasks/main.yml

---
- name: Install dependencies
  ansible.builtin.package:
    name: python3-cryptography
    state: present

- name: Create directories
  loop:
    - /containers/compose/iconserver
    - /containers/data/nginx/conf.d
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    recurse: true

- name: Install files from templates
  loop:
    - containers/compose/iconserver/compose.yml
    - containers/data/nginx/conf.d/iconserver.conf
  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: "/{{ item }}"

# I would assume it does not matter how we get the self signed cert to the host
# so it's nicer (and safer) to generate one for each of the hosts.
# Another option is to pre-generate it and store it in ansible-vault.
- name: Create openssl key
  community.crypto.openssl_privatekey:
    path: /containers/data/nginx/conf.d/iconserver.key

- name: Create openssl self-signed cert
  community.crypto.x509_certificate:
    path: /containers/data/nginx/conf.d/iconserver.crt
    privatekey_path: /containers/data/nginx/conf.d/iconserver.key
    provider: selfsigned

- name: Deploy software via docker-compose
  community.docker.docker_compose_v2:
    project_src: /containers/compose/iconserver
initial commit 2024-10-03 02:33:53 +03:00			`---`
			`- name: Install dependencies`
			`ansible.builtin.package:`
			`name: python3-cryptography`
			`state: present`

			`- name: Create directories`
			`loop:`
			`- /containers/compose/iconserver`
			`- /containers/data/nginx/conf.d`
			`ansible.builtin.file:`
			`path: "{{ item }}"`
			`state: directory`
			`recurse: true`

			`- name: Install files from templates`
			`loop:`
			`- containers/compose/iconserver/compose.yml`
			`- containers/data/nginx/conf.d/iconserver.conf`
			`ansible.builtin.template:`
			`src: "{{ item }}.j2"`
			`dest: "/{{ item }}"`

			`# I would assume it does not matter how we get the self signed cert to the host`
			`# so it's nicer (and safer) to generate one for each of the hosts.`
			`# Another option is to pre-generate it and store it in ansible-vault.`
			`- name: Create openssl key`
			`community.crypto.openssl_privatekey:`
			`path: /containers/data/nginx/conf.d/iconserver.key`

			`- name: Create openssl self-signed cert`
			`community.crypto.x509_certificate:`
			`path: /containers/data/nginx/conf.d/iconserver.crt`
			`privatekey_path: /containers/data/nginx/conf.d/iconserver.key`
			`provider: selfsigned`

			`- name: Deploy software via docker-compose`
			`community.docker.docker_compose_v2:`
			`project_src: /containers/compose/iconserver`