--- - name: Setup SSL certificates hosts: gitea become: true tasks: - name: Create nginx config directories ansible.builtin.file: path: "/opt/gitea/nginx/{{ item }}" state: directory owner: ubuntu group: ubuntu mode: "0755" loop: - "" - "conf.d" - name: Copy nginx main config ansible.builtin.copy: src: ../docker/nginx/nginx.conf dest: /opt/gitea/nginx/nginx.conf owner: ubuntu group: ubuntu mode: "0644" - name: Copy initial nginx config (HTTP only for ACME challenge) ansible.builtin.copy: src: ../docker/nginx/conf.d/gitea-init.conf dest: /opt/gitea/nginx/conf.d/gitea.conf owner: ubuntu group: ubuntu mode: "0644" - name: Start services with nginx community.docker.docker_compose_v2: project_src: /opt/gitea state: present become_user: ubuntu - name: Wait for nginx to be ready ansible.builtin.wait_for: port: 80 delay: 5 timeout: 60 - name: Run certbot to obtain SSL certificate community.docker.docker_compose_v2: project_src: /opt/gitea services: - certbot state: present become_user: ubuntu register: certbot_result failed_when: false - name: Check if certificate was obtained ansible.builtin.command: cmd: docker exec gitea-nginx ls /etc/letsencrypt/live/gitea.poll-streams.com/fullchain.pem register: cert_check changed_when: false failed_when: false - name: Copy final nginx config with SSL ansible.builtin.copy: src: ../docker/nginx/conf.d/gitea.conf dest: /opt/gitea/nginx/conf.d/gitea.conf owner: ubuntu group: ubuntu mode: "0644" when: cert_check.rc == 0 - name: Reload nginx to use SSL certificate ansible.builtin.command: cmd: docker exec gitea-nginx nginx -s reload when: cert_check.rc == 0 changed_when: true - name: Display certificate status ansible.builtin.debug: msg: "SSL certificate {{ 'obtained successfully' if cert_check.rc == 0 else 'failed - check DNS and try again' }}"