--- - name: Include user role ansible.builtin.include_role: name: user vars: user_username: "{{ postgres_unix_username }}" user_password: "{{ postgres_unix_password }}" user_add_to_docker_group: true - name: Install ensure_certificate_setup.sh become: true ansible.builtin.copy: src: ensure_certificate_setup.sh dest: "/root/.bin/" mode: '0700' owner: root # Output of the hook can be found as part of the logs at: /var/log/letsencrypt/letsencrypt.log - name: Create certificates for PostgreSQL (postgres.kleinendorst.info) become: true ansible.builtin.command: cmd: >- /snap/bin/certbot certonly --dns-cloudflare --dns-cloudflare-propagation-seconds 120 --dns-cloudflare-credentials '/root/.secrets/certbot/cloudflare.ini' --deploy-hook '/root/.bin/ensure_certificate_setup.sh' --agree-tos -m {{ administration_email }} -d postgres.kleinendorst.info creates: "/etc/letsencrypt/live/postgres.kleinendorst.info" # TODO: Instead of creating a seperate postgres user specifically for storing # the files we might also upload the compose to the default account and run from there. - name: Create the compose project directory become: true become_user: "{{ postgres_unix_username }}" ansible.builtin.file: path: "/home/{{ postgres_unix_username }}/postgres" state: directory owner: "{{ postgres_unix_username }}" mode: '0744' - name: Create the compose project become: true become_user: "{{ postgres_unix_username }}" ansible.builtin.template: src: docker-compose.yaml.j2 dest: "/home/{{ postgres_unix_username }}/postgres/docker-compose.yaml" owner: "{{ postgres_unix_username }}" mode: '0644' - name: Create and start services become: true community.docker.docker_compose_v2: project_src: "/home/{{ postgres_unix_username }}/postgres/" - name: Add DNS record in Cloudflare community.general.cloudflare_dns: domain: kleinendorst.info record: postgres type: A value: "{{ ansible_facts['default_ipv4']['address'] }}" api_token: "{{ dns_cloudflare_token }}"