From 89f06866f56cb5b613c4af6e7da4b4986fa9ad01 Mon Sep 17 00:00:00 2001 From: Mike Holloway Date: Sat, 29 Nov 2025 19:08:23 -0500 Subject: [PATCH] Paths and templates adjustments --- tasks/certificates_certbot.yml | 14 ++++++++ tasks/certificates_self.yml | 60 +++++++++++++++++++++++++++++++++ tasks/files.yml | 6 +++- templates/docker-compose.yml.j2 | 23 +++++++++++++ 4 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 tasks/certificates_certbot.yml create mode 100644 tasks/certificates_self.yml create mode 100644 templates/docker-compose.yml.j2 diff --git a/tasks/certificates_certbot.yml b/tasks/certificates_certbot.yml new file mode 100644 index 0000000..931bdcb --- /dev/null +++ b/tasks/certificates_certbot.yml @@ -0,0 +1,14 @@ +- name: Create certbot certs + copy: + remote_src: true + src: "/etc/letsencrypt/live/nextcloud.equilibrateit.com/privkey.pem" + dest: "/home/nextcloud/nginx/certs/{{ inventory_hostname }}.key" + owner: 100999 + group: 100999 + +- copy: + remote_src: true + src: "/etc/letsencrypt/live/nextcloud.equilibrateit.com/fullchain.pem" + dest: "/home/nextcloud/nginx/certs/{{ inventory_hostname }}.crt" + owner: 100999 + group: 100999 diff --git a/tasks/certificates_self.yml b/tasks/certificates_self.yml new file mode 100644 index 0000000..4dc64b0 --- /dev/null +++ b/tasks/certificates_self.yml @@ -0,0 +1,60 @@ +- name: Create self-signed certs + become: yes + become_user: nextcloud + command: + chdir: /home/nextcloud/ + creates: "/home/nextcloud/{{ inventory_hostname }}.key" + argv: + - openssl + - req + - -x509 + - -newkey + - rsa:4096 + - -sha256 + - -nodes + - -keyout + - "{{ inventory_hostname }}.key" + - -out + - "{{ inventory_hostname }}.crt" + - -days + - 3650 + - -subj + - "/C=CA/ST=ON/L=Toronto/O=EquilibrateIT/OU=SecretManagement/CN={{ inventory_hostname}}" + - -addext + - "subjectAltName = DNS:{{ inventory_hostname }},DNS:localhost,IP:127.0.0.1" + + #- name: Add certificate trust + # become: yes + # become_user: nextcloud + # command: + # chdir: /home/nextcloud/ + # creates: "/home/nextcloud/{{ inventory_hostname }}.crt" + # argv: + # - openssl + # - x509 + # - -trustout + # - -in + # - "{{ inventory_hostname}}.normal.crt" + # - -out + # - "{{ inventory_hostname}}.crt" + + +- copy: + src: "/home/nextcloud/{{ inventory_hostname }}.crt" + remote_src: true + dest: /home/nextcloud/nginx/certs/ + owner: 100999 + +- copy: + src: "/home/nextcloud/{{ inventory_hostname }}.key" + remote_src: true + dest: /home/nextcloud/nginx/certs/ + owner: 100999 + +- file: + path: "/home/nextcloud/{{ item }}" + state: absent + with_items: + - "{{ inventory_hostname }}.normal.crt" + - "{{ inventory_hostname }}.crt" + #- "{{ inventory_hostname }}.key" diff --git a/tasks/files.yml b/tasks/files.yml index 9f78c0b..71d209a 100644 --- a/tasks/files.yml +++ b/tasks/files.yml @@ -1,6 +1,6 @@ - name: Container Path data State directory file: - path: "/home/{{ user.name }}/nextcloud/data" + path: "/home/{{ user.name }}/webroot" state: directory owner: "100999" group: "100999" @@ -19,3 +19,7 @@ owner: "100999" group: "100999" +- name: Create Compose File + template: + src: "docker-compose.yml.j2" + dest: "/home/{{ user.name }}/" diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..eb7bdf2 --- /dev/null +++ b/templates/docker-compose.yml.j2 @@ -0,0 +1,23 @@ +version: '3.6' + +services: + + step: + image: smallstep/step-ca:latest + environment: + DOCKER_STEPCA_INIT_NAME: "test-eqit" + DOCKER_STEPCA_INIT_DNS_NAMES: "test-eqit.lan" + DOCKER_STEPCA_INIT_ACME: "true" + DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT: "false" + DOCKER_STEPCA_INIT_PASSWORD_FILE: "/home/step/.stepca.secret" + networks: + default: + aliases: + - "test-eqit.lan" + volumes: + - ~/stepca/data:/home/step + restart: always +# env_file: ".env" + +#volumes: +# acme: