- name: Cert gen become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}" block: - name: Create a directory for certs ansible.builtin.file: path: /tmp/certgen state: directory mode: '0700' owner: root group: root - name: Copy cert generation script ansible.builtin.copy: src: certs.sh dest: /tmp/certgen/certs.sh mode: '0700' owner: root group: root - name: Generate certs ansible.builtin.command: /tmp/certgen/certs.sh args: chdir: /tmp/certgen register: certgen changed_when: "certgen.rc == 0" - name: Copy generated certs to files ansible.builtin.copy: src: /tmp/certgen/server-key.pem dest: /etc/docker/certs/ remote_src: true mode: '0600' owner: root group: root - name: Copy generated certs to files ansible.builtin.copy: src: /tmp/certgen/server-cert.pem dest: /etc/docker/certs/ remote_src: true mode: '0600' owner: root group: root - name: Copy generated certs to files ansible.builtin.copy: src: /tmp/certgen/ca.pem dest: /etc/docker/certs/ remote_src: true mode: '0600' owner: root group: root - name: Create a directory for certs on nas ansible.builtin.file: path: /media/nas/data/certs/docker/{{ inventory_hostname }} state: directory mode: '0777' owner: jd group: root - name: Copy generated certs to files ansible.builtin.copy: src: /tmp/certgen/ca.pem dest: /media/nas/data/certs/docker/{{ inventory_hostname }} remote_src: true mode: '0644' owner: jd group: root - name: Copy generated certs to files ansible.builtin.copy: src: /tmp/certgen/key.pem dest: /media/nas/data/certs/docker/{{ inventory_hostname }} remote_src: true mode: '0644' owner: jd group: root - name: Copy generated certs to files ansible.builtin.copy: src: /tmp/certgen/cert.pem dest: /media/nas/data/certs/docker/{{ inventory_hostname }} remote_src: true mode: '0644' owner: jd group: root - name: Restart docker service ansible.builtin.systemd: name: docker state: restarted