Brevet/dev/provisioning/ansible/roles/nextcloud/tasks/prep_os/ssl.yml

---
- name: SSL... Create ssl certificates Directory
  file:
    dest: "{{ ssl_path }}"
    owner: root
    group: root
    state: directory
    recurse: yes

- name: SSL... Create private key (RSA, 4096 bits)
  openssl_privatekey:
    path: "{{ ssl_path }}/{{ ansible_fqdn }}.key"

- name: SSL... Check if CRT exists
  stat:
    path: "{{ ssl_path }}/{{ ansible_fqdn }}.crt"
  register: result_crt

- name: SSL... Create certificate signing request (CSR) for self-signed certificate
  community.crypto.openssl_csr_pipe:
    privatekey_path: "{{ ssl_path }}/{{ ansible_fqdn }}.key"
    country_name: BE
    locality_name: Louvain-la-Neuve
    common_name: "{{ ansible_fqdn }}"
    organization_name: UCLouvain
    organizational_unit_name: ELIC
  register: csr
  when: (result_crt.stat.isreg is undefined) or (not result_crt.stat.isreg)

- name: SSL... Generate a Self Signed OpenSSL certificate
  community.crypto.x509_certificate:
    path: "{{ ssl_path }}/{{ ansible_fqdn }}.crt"
    csr_content: "{{ csr.csr }}"
    privatekey_path: "{{ ssl_path }}/{{ ansible_fqdn }}.key"
    provider: selfsigned
  when: (result_crt.stat.isreg is undefined) or (not result_crt.stat.isreg)

    #- name: SSL... Remove previous PEM file
    #  file:
    #    path: "{{ ssl_path }}/{{ ansible_fqdn }}.pem"
    #    state: absent

- name: SSL... Merge KEY and CRT to generate PEM
  shell: "echo '' > {{ ssl_path }}/{{ ansible_fqdn }}.pem; cat {{ ssl_path }}/{{ ansible_fqdn }}.key {{ ssl_path }}/{{ ansible_fqdn }}.crt >> {{ ssl_path }}/{{ ansible_fqdn }}.pem"

- name: SSL... Generate DH Parameters with a different size (2048 bits)
  community.crypto.openssl_dhparam:
    path: "{{ ssl_path }}/dhparams.pem"
    size: 2048
  register: dhparam