ansible-roles/ssl/tasks/main.yml

---
- name: Copy SSL certificate
  ansible.builtin.copy:
    src: "ssl/{{ ssl_cert }}.pem"
    dest: "/etc/ssl/certs/{{ ssl_cert }}.pem"
    mode: "0644"
  register: ssl_copy_cert
  tags:
    - ssl

- name: Copy SSL key
  ansible.builtin.copy:
    src: "ssl/{{ ssl_cert }}.key"
    dest: "/etc/ssl/private/{{ ssl_cert }}.key"
    mode: "0640"
    owner: root
    group: ssl-cert
  register: ssl_copy_key
  tags:
    - ssl

- name: Copy SSL dhparam
  ansible.builtin.copy:
    src: "ssl/{{ ssl_cert }}.dhp"
    dest: "/etc/ssl/certs/{{ ssl_cert }}.dhp"
    mode: "0644"
  register: ssl_copy_dhp
  tags:
    - ssl

- name: Check if Haproxy is installed
  ansible.builtin.shell:
    cmd: "set -o pipefail && dpkg -l haproxy 2>/dev/null | grep -q -E '^(i|h)i'"
    executable: /bin/bash
  register: haproxy_check
  check_mode: no
  changed_when: False
  failed_when: False
  tags:
    - ssl

- ansible.builtin.include: haproxy.yml
  when: haproxy_check.rc == 0