Use simpler file structure

roles/common/tasks/ssl.yml

@@ -0,0 +1,39 @@
+- name: install SSL packages
+  apt:
+    name:
+      - python3-openssl
+      - python3-crypto
+      - python3-cryptography
+      - python-openssl
+      - python-crypto
+      - python-cryptography
+    state: present
+
+- name: create ssl directory
+  file:
+    path: "/etc/ssl/{{ app_name }}"
+    state: directory
+    owner: "{{ app_user }}"
+    group: "{{ app_user }}"
+    mode: 0750
+
+- name: generate an OpenSSL private key with the default values (4096 bits, RSA)
+  become_user: "{{ app_user }}"
+  openssl_privatekey:
+    path: "/etc/ssl/{{ app_name }}/local.pem"
+
+- name: generate an OpenSSL certificate signing request
+  become_user: "{{ app_user }}"
+  openssl_csr:
+    path: "/etc/ssl/{{ app_name }}/local.csr"
+    privatekey_path: "/etc/ssl/{{ app_name }}/local.pem"
+    common_name: fudiggity.nl
+
+- name: generate a self signed OpenSSL certificate
+  become_user: "{{ app_user }}"
+  openssl_certificate:
+    force: yes
+    path: "/etc/ssl/{{ app_name }}/{{ app_name }}.crt"
+    privatekey_path: "/etc/ssl/{{ app_name }}/local.pem"
+    csr_path: "/etc/ssl/{{ app_name }}/local.csr"
+    provider: selfsigned