common-ansible/tasks/ssl.yml

- name: install SSL packages
  apt:
    name:
      - python3-openssl
      - python3-crypto
      - python3-cryptography
      - python-openssl
      - python-crypto
      - python-cryptography
    state: present

- name: create ssl directory
  file:
    path: '/etc/ssl/{{ app_name }}'
    state: directory
    owner: '{{ app_user }}'
    group: '{{ app_user }}'
    mode: 0750

- name: Print current user
  debug:
    msg: 'Current user: {{ lookup("env", "USER") }}'

- name: generate an OpenSSL private key with the default values (4096 bits, RSA)
  become_user: '{{ app_user }}'
  openssl_privatekey:
    path: '/etc/ssl/{{ app_name }}/local.pem'

- name: generate an OpenSSL certificate signing request
  become_user: '{{ app_user }}'
  openssl_csr:
    path: '/etc/ssl/{{ app_name }}/local.csr'
    privatekey_path: '/etc/ssl/{{ app_name }}/local.pem'
    common_name: fudiggity.nl

- name: generate a self signed OpenSSL certificate
  become_user: '{{ app_user }}'
  openssl_certificate:
    force: yes
    path: '/etc/ssl/{{ app_name }}/{{ app_name }}.crt'
    privatekey_path: '/etc/ssl/{{ app_name }}/local.pem'
    csr_path: '/etc/ssl/{{ app_name }}/local.csr'
    provider: selfsigned