diff --git a/tasks/certificates.yml b/tasks/certificates.yml index 32e59cb..2ae28f5 100644 --- a/tasks/certificates.yml +++ b/tasks/certificates.yml @@ -1,4 +1,17 @@ -# step ca certificate "ca.equilibrateit.test" ca.equilibrateit.test.crt ca.equilibrateit.test.key -# chown 100999:100999 ~stepca/nginx/certs/ca.equilibrateit.test.* -# manual standup passes test -# curl --connect-to ca.equilibrateit.test:4443:localhost:4443 https://ca.equilibrateit.test:4443/health +- name: Check for certs + file: + path: "/home/nextcloud/nginx/certs/{{ item }}" + state: file + loop: + - "{{ inventory_hostname }}.key" + - "{{ inventory_hostname }}.crt" + ignore_errors: true + register: iscert + +- debug: msg="{{ iscert.msg }}" + +- import_tasks: certificates_self.yml + when: "'self' in certificates and 'failed' in iscert.msg" + +- import_tasks: certificates_certbot.yml + when: "'certbot' in certificates and 'failed' in iscert.msg" diff --git a/tasks/containers.yml b/tasks/containers.yml deleted file mode 100644 index 49ff072..0000000 --- a/tasks/containers.yml +++ /dev/null @@ -1,53 +0,0 @@ -- name: Container tasks - block: - - name: Pod State created - containers.podman.podman_pod: - name: "pod_nextcloud" - state: created - share: ipc,uts - hostname: "{{ inventory_hostname | default('ansible_undefined_fact') }}" - restart_policy: always - - - name: nextcloud Container State created - containers.podman.podman_container: - name: "nextcloud_app_1" - state: created - pod: "pod_nextcloud" - image: "docker.io/library/nextcloud:stable-fpm" - network: bridge - ports: - - 9000:9000 - volumes: - - "/home/{{ user.name }}/nextcloud/data:/home/step" - env: - FOO: "bar" - VIRTUAL_HOST: "{{ inventory_hostname | default('ansible_undefined_fact') }}" - VIRTUAL_PROTO: "fcgi" - - - name: NGINX Proxy Container State created - containers.podman.podman_container: - name: "nextcloud_nginx-proxy_1" - state: created - pod: "pod_nextcloud" - image: "docker.io/nginxproxy/nginx-proxy:latest" - network: bridge - ports: - - 8080:80 - - 4443:443 - volumes: - - "/home/{{ user.name }}/nginx/html:/usr/share/nginx/html" - - "/home/{{ user.name }}/nginx/certs:/etc/nginx/certs" - - "/run/user/{{ getent_passwd[user.name][2] }}/podman/podman.sock:/tmp/docker.sock:ro" - - - name: Container State started - containers.podman.podman_container: - name: "{{ container_to_start }}" - state: started - pod: "pod_nextcloud" - with_items: - - "nextcloud_app_1" - - "nextcloud_nginx-proxy_1" - tags: - - init - loop_control: - loop_var: "container_to_start" diff --git a/tasks/main.yml b/tasks/main.yml index 32b9c14..bb1ca4c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,22 +2,15 @@ # tasks file for podman_nextcloud - import_tasks: include-vars.yml -#- import_tasks: packages.yml - -- import_tasks: firewall.yml - when: '"molecule" not in group_names' - - name: Parse passwd getent: database: passwd - block: - - include_tasks: files.yml - with_items: - - "{{ service_users }}" - loop_control: - loop_var: "user" - - include_tasks: containers.yml + - include_tasks: + - certificates.yml + - files.yml + - firewall.yml with_items: - "{{ service_users }}" loop_control: diff --git a/tasks/packages.yml b/tasks/packages.yml deleted file mode 100644 index 85a37a9..0000000 --- a/tasks/packages.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: RPM fetch - get_url: - url: https://github.com/smallstep/cli/releases/download/v0.28.2/step-cli_amd64.rpm - checksum: sha256:https://github.com/smallstep/cli/releases/download/v0.28.2/checksums.txt - dest: /tmp/ - register: client_rpm - -- name: RPM State present - dnf: - name: "{{ client_rpm.dest }}" - state: present - disable_gpg_check: True - when: '"OK" in client_rpm.msg' - -- name: Required Host Packages State latest - dnf: - name: openssl - state: latest