Reverting to docker-compose based on semaphore role current state

tasks/certificates.yml

@@ -1,4 +1,17 @@
-# step ca certificate "ca.equilibrateit.test" ca.equilibrateit.test.crt ca.equilibrateit.test.key
+- name: Check for certs
-# chown 100999:100999 ~stepca/nginx/certs/ca.equilibrateit.test.*
+  file:
-# manual standup passes test
+    path: "/home/nextcloud/nginx/certs/{{ item }}"
-# curl --connect-to ca.equilibrateit.test:4443:localhost:4443 https://ca.equilibrateit.test:4443/health
+    state: file
+  loop:
+    - "{{ inventory_hostname }}.key"
+    - "{{ inventory_hostname }}.crt"
+  ignore_errors: true
+  register: iscert
+
+- debug: msg="{{ iscert.msg }}"
+
+- import_tasks: certificates_self.yml
+  when: "'self' in certificates and 'failed' in iscert.msg"
+
+- import_tasks: certificates_certbot.yml
+  when: "'certbot' in certificates and 'failed' in iscert.msg"

tasks/containers.yml

@@ -1,53 +0,0 @@
-- name: Container tasks
-  block:
-    - name: Pod State created
-      containers.podman.podman_pod:
-        name: "pod_nextcloud"
-        state: created
-        share: ipc,uts
-        hostname: "{{ inventory_hostname | default('ansible_undefined_fact') }}"
-        restart_policy: always
-
-    - name: nextcloud Container State created
-      containers.podman.podman_container:
-        name: "nextcloud_app_1"
-        state: created
-        pod: "pod_nextcloud"
-        image: "docker.io/library/nextcloud:stable-fpm"
-        network: bridge
-        ports:
-          - 9000:9000
-        volumes:
-          - "/home/{{ user.name }}/nextcloud/data:/home/step"
-        env:
-          FOO: "bar"
-          VIRTUAL_HOST: "{{ inventory_hostname | default('ansible_undefined_fact') }}"
-          VIRTUAL_PROTO: "fcgi"
-
-    - name: NGINX Proxy Container State created
-      containers.podman.podman_container:
-        name: "nextcloud_nginx-proxy_1"
-        state: created
-        pod: "pod_nextcloud"
-        image: "docker.io/nginxproxy/nginx-proxy:latest"
-        network: bridge
-        ports:
-          - 8080:80
-          - 4443:443
-        volumes:
-          - "/home/{{ user.name }}/nginx/html:/usr/share/nginx/html"
-          - "/home/{{ user.name }}/nginx/certs:/etc/nginx/certs"
-          - "/run/user/{{ getent_passwd[user.name][2] }}/podman/podman.sock:/tmp/docker.sock:ro"
-
-    - name: Container State started
-      containers.podman.podman_container:
-        name: "{{ container_to_start }}"
-        state: started
-        pod: "pod_nextcloud"
-      with_items:
-        - "nextcloud_app_1"
-        - "nextcloud_nginx-proxy_1"
-      tags:
-        - init
-      loop_control:
-        loop_var: "container_to_start"

tasks/main.yml

@@ -2,22 +2,15 @@
 # tasks file for podman_nextcloud
 - import_tasks: include-vars.yml
 
-#- import_tasks: packages.yml
-
-- import_tasks: firewall.yml
-  when: '"molecule" not in group_names'
-
 - name: Parse passwd
   getent:
     database: passwd
 
 - block:
-    - include_tasks: files.yml
+    - include_tasks:
-      with_items:
+        - certificates.yml
-        - "{{ service_users }}"
+        - files.yml
-      loop_control:
+        - firewall.yml
-        loop_var: "user"
-    - include_tasks: containers.yml
       with_items:
         - "{{ service_users }}"
       loop_control:

tasks/packages.yml

@@ -1,18 +0,0 @@
-- name: RPM fetch
-  get_url:
-    url: https://github.com/smallstep/cli/releases/download/v0.28.2/step-cli_amd64.rpm
-    checksum: sha256:https://github.com/smallstep/cli/releases/download/v0.28.2/checksums.txt
-    dest: /tmp/
-  register: client_rpm
-
-- name: RPM State present
-  dnf:
-    name: "{{ client_rpm.dest }}"
-    state: present
-    disable_gpg_check: True
-  when: '"OK" in client_rpm.msg'
-
-- name: Required Host Packages State latest
-  dnf:
-    name: openssl
-    state: latest