Paths and templates adjustments

2025-11-29 19:08:23 -05:00 · 2025-11-29 19:08:23 -05:00 · 89f06866f5
commit 89f06866f5
parent 53c1019dab
4 changed files with 102 additions and 1 deletions
--- a/tasks/certificates_certbot.yml
+++ b/tasks/certificates_certbot.yml
@ -0,0 +1,14 @@
+- name: Create certbot certs
+  copy:
+    remote_src: true
+    src: "/etc/letsencrypt/live/nextcloud.equilibrateit.com/privkey.pem"
+    dest: "/home/nextcloud/nginx/certs/{{ inventory_hostname }}.key"
+    owner: 100999
+    group: 100999
+
+- copy:
+    remote_src: true
+    src: "/etc/letsencrypt/live/nextcloud.equilibrateit.com/fullchain.pem"
+    dest: "/home/nextcloud/nginx/certs/{{ inventory_hostname }}.crt"
+    owner: 100999
+    group: 100999
--- a/tasks/certificates_self.yml
+++ b/tasks/certificates_self.yml
@ -0,0 +1,60 @@
+- name: Create self-signed certs
+  become: yes
+  become_user: nextcloud
+  command:
+    chdir: /home/nextcloud/
+    creates: "/home/nextcloud/{{ inventory_hostname }}.key"
+    argv:
+      - openssl
+      - req
+      - -x509
+      - -newkey
+      - rsa:4096
+      - -sha256
+      - -nodes
+      - -keyout
+      - "{{ inventory_hostname }}.key"
+      - -out
+      - "{{ inventory_hostname }}.crt"
+      - -days
+      - 3650
+      - -subj
+      - "/C=CA/ST=ON/L=Toronto/O=EquilibrateIT/OU=SecretManagement/CN={{ inventory_hostname}}"
+      - -addext
+      - "subjectAltName = DNS:{{ inventory_hostname }},DNS:localhost,IP:127.0.0.1"
+
+      #- name: Add certificate trust
+      #  become: yes
+      #  become_user: nextcloud
+      #  command:
+      #    chdir: /home/nextcloud/
+      #    creates: "/home/nextcloud/{{ inventory_hostname }}.crt"
+      #    argv:
+      #      - openssl
+      #      - x509
+      #      - -trustout
+      #      - -in
+      #      - "{{ inventory_hostname}}.normal.crt"
+      #      - -out
+      #      - "{{ inventory_hostname}}.crt"
+
+
+- copy:
+    src: "/home/nextcloud/{{ inventory_hostname }}.crt"
+    remote_src: true
+    dest: /home/nextcloud/nginx/certs/
+    owner: 100999
+  
+- copy:
+    src: "/home/nextcloud/{{ inventory_hostname }}.key"
+    remote_src: true
+    dest: /home/nextcloud/nginx/certs/
+    owner: 100999
+  
+- file:
+    path: "/home/nextcloud/{{ item }}"
+    state: absent
+  with_items:
+    - "{{ inventory_hostname }}.normal.crt"
+    - "{{ inventory_hostname }}.crt"
+    #- "{{ inventory_hostname }}.key"
--- a/tasks/files.yml
+++ b/tasks/files.yml
@ -1,6 +1,6 @@
 - name: Container Path data State directory
  file:
-    path: "/home/{{ user.name }}/nextcloud/data"
+    path: "/home/{{ user.name }}/webroot"
    state: directory
    owner: "100999"
    group: "100999"
@ -19,3 +19,7 @@
    owner: "100999"
    group: "100999"

+- name: Create Compose File
+  template:
+    src: "docker-compose.yml.j2"
+    dest: "/home/{{ user.name }}/"
--- a/templates/docker-compose.yml.j2
+++ b/templates/docker-compose.yml.j2
@ -0,0 +1,23 @@
+version: '3.6'
+
+services:
+
+  step:
+    image: smallstep/step-ca:latest
+    environment:
+      DOCKER_STEPCA_INIT_NAME: "test-eqit"
+      DOCKER_STEPCA_INIT_DNS_NAMES: "test-eqit.lan"
+      DOCKER_STEPCA_INIT_ACME: "true"
+      DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT: "false"
+      DOCKER_STEPCA_INIT_PASSWORD_FILE: "/home/step/.stepca.secret"
+    networks:
+      default:
+        aliases:
+          - "test-eqit.lan"
+    volumes:
+        - ~/stepca/data:/home/step
+    restart: always
+#    env_file: ".env"
+
+#volumes:
+#  acme: