diff --git a/.gitignore b/.gitignore
index f541ab857d3b476bf6d86111b2c90606eece9f86..affc851f47f401f11196763c0b2e634d98418e45 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,3 +47,8 @@ backups/
 env/
 venv/
 db.sqlite3
+
+# ansibles customs host
+ansible/host_vars/*.yaml
+!ansible/host_vars/bde*
+ansible/hosts
diff --git a/README.md b/README.md
index f2601943079dabc9267cb2059e8aebe05014ef3e..77cff049b1b9d3c6a42872b4f38ab6043e45bb31 100644
--- a/README.md
+++ b/README.md
@@ -69,13 +69,31 @@ accessible depuis l'ensemble de votre réseau, pratique pour tester le rendu
 de la note sur un téléphone !
 
 ## Installation d'une instance de production
+Pour déployer facilement la note il est possible d'utiliser le playbook Ansible (sinon vous pouvez toujours le faire a la main, voir plus bas).
+### Avec ansible
+Il vous faudra un serveur sous debian ou ubuntu connecté à internet et que vous souhaiterez accéder à cette instance de la note sur `note.nomdedomaine.tld`.
+
+0. Installer Ansible sur votre machine personnelle.
+
+0. (bis) cloner le dépot sur votre machine personelle.
+
+1.  Copier le fichier `ansible/host_example`
+``` bash
+$ cp ansible/hosts_example ansible/hosts
+```
+et ajouter sous [dev] et/ou [prod] les serveurs sur lesquels vous souhaitez installer la note.
+2.  Créer un fichier `ansible/host_vars/<note.nomdedomaine.tld.yaml>` sur le modèle des fichiers existants dans `ansible/hosts` et compléter les variables nécessaires.
+
+3. lancer `ansible/base.yaml -l <nomdedomaine.tld.yaml>`
+4. Aller vous faire un café, ca peux durer un moment.
+
+### Installation manuelle
 
 **En production on souhaite absolument utiliser les modules Python packagées dans le gestionnaire de paquet.**
 Cela permet de mettre à jour facilement les dépendances critiques telles que Django.
 
 L'installation d'une instance de production néccessite **une installation de Debian Buster ou d'Ubuntu 20.04**.
 
-Pour aller vite vous pouvez lancer le Playbook Ansible fournit dans ce dépôt en l'adaptant.
 Sinon vous pouvez suivre les étapes décrites ci-dessous.
 
 0.  Sous Debian Buster, **activer Debian Backports.** En effet Django 2.2 LTS n'est que disponible dans les backports.
diff --git a/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml b/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
index d4ef70ef3d8ec1e0751849f03aa4943be3c4c4d5..d9d850dad801dd9f2709a5eb31a493c325ea3da2 100644
--- a/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
+++ b/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
@@ -3,3 +3,4 @@ note:
   server_name: note-beta.crans.org
   git_branch: beta
   cron_enabled: false
+  email: notekfet2020@lists.crans.org
diff --git a/ansible/host_vars/bde3-virt.adh.crans.org.yml b/ansible/host_vars/bde3-virt.adh.crans.org.yml
index 477a4b7af85a848e725dc9fb00f0ce912dff3e19..471f35f0eba542e0e52fcea46a12c6ab8520642a 100644
--- a/ansible/host_vars/bde3-virt.adh.crans.org.yml
+++ b/ansible/host_vars/bde3-virt.adh.crans.org.yml
@@ -3,3 +3,4 @@ note:
   server_name: note-dev.crans.org
   git_branch: beta
   cron_enabled: false
+  email: notekfet2020@lists.crans.org
diff --git a/ansible/hosts b/ansible/hosts_example
similarity index 100%
rename from ansible/hosts
rename to ansible/hosts_example
diff --git a/ansible/roles/1-apt-basic/tasks/main.yml b/ansible/roles/1-apt-basic/tasks/main.yml
index 9c01dd97be319b576d7071e291da92b460db7708..7c57646f141feebc2ce45e286da6b0b5cdf22d9b 100644
--- a/ansible/roles/1-apt-basic/tasks/main.yml
+++ b/ansible/roles/1-apt-basic/tasks/main.yml
@@ -3,11 +3,12 @@
   apt_repository:
     repo: deb http://{{ mirror }}/debian buster-backports main
     state: present
+  when: ansible_facts['distribution'] == "Debian"
 
 - name: Install note_kfet APT dependencies
   apt:
     update_cache: true
-    default_release: buster-backports
+    default_release: "{{ 'buster-backports' if ansible_facts['distribution'] == 'Debian' }}"
     install_recommends: false
     name:
       # Common tools
diff --git a/ansible/roles/2-nk20/tasks/main.yml b/ansible/roles/2-nk20/tasks/main.yml
index 9652359d23aaef470ce0f4e52a09c4bd74293483..3852894d44557c0704fb014308b4e3baa53de48d 100644
--- a/ansible/roles/2-nk20/tasks/main.yml
+++ b/ansible/roles/2-nk20/tasks/main.yml
@@ -16,7 +16,7 @@
 
 - name: Use default env vars (should be updated!)
   template:
-    src: "env_example"
+    src: "env.j2"
     dest: "/var/www/note_kfet/.env"
     mode: 0644
     force: false
diff --git a/ansible/roles/2-nk20/templates/env.j2 b/ansible/roles/2-nk20/templates/env.j2
new file mode 100644
index 0000000000000000000000000000000000000000..84213ac7ceb493103f05c80f669c61cea67766dd
--- /dev/null
+++ b/ansible/roles/2-nk20/templates/env.j2
@@ -0,0 +1,23 @@
+DJANGO_APP_STAGE=prod
+# Only used in dev mode, change to "postgresql" if you want to use PostgreSQL in dev
+DJANGO_DEV_STORE_METHOD=sqlite
+DJANGO_DB_HOST=localhost
+DJANGO_DB_NAME=note_db
+DJANGO_DB_USER=note
+DJANGO_DB_PASSWORD={{ DB_PASSWORD }}
+DJANGO_DB_PORT=
+DJANGO_SECRET_KEY=CHANGE_ME
+DJANGO_SETTINGS_MODULE=note_kfet.settings
+CONTACT_EMAIL=tresorerie.bde@localhost
+NOTE_URL= {{note.server_name}}
+
+# Config for mails. Only used in production
+NOTE_MAIL=notekfet@localhost
+EMAIL_HOST=smtp.localhost
+EMAIL_PORT=25
+EMAIL_USER=notekfet@localhost
+EMAIL_PASSWORD=CHANGE_ME
+
+# Wiki configuration
+WIKI_USER=NoteKfet2020
+WIKI_PASSWORD=
diff --git a/ansible/roles/4-certbot/tasks/main.yml b/ansible/roles/4-certbot/tasks/main.yml
index 52bc0d67ad67305521dffde907b56afe60db3bc6..dbd6e4773555c4b3f6455e1a4cedcd85b3c1ccc0 100644
--- a/ansible/roles/4-certbot/tasks/main.yml
+++ b/ansible/roles/4-certbot/tasks/main.yml
@@ -9,6 +9,11 @@
   retries: 3
   until: pkg_result is succeeded
 
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{note.server_name}}/cert.pem
+  register: letsencrypt_cert
+
 - name: Create /etc/letsencrypt/conf.d
   file:
     path: /etc/letsencrypt/conf.d
@@ -19,3 +24,17 @@
     src: "letsencrypt/conf.d/nk20.ini.j2"
     dest: "/etc/letsencrypt/conf.d/nk20.ini"
     mode: 0644
+
+- name: Stop services to allow certbot to generate a cert.
+  service:
+    name: nginx
+    state: stopped
+
+- name: Generate new certificate if one doesn't exist.
+  shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/nk20.ini -d {{note.server_name}}"
+  when: letsencrypt_cert.stat.exists == False
+
+- name: Restart services to allow certbot to generate a cert.
+  service:
+    name: nginx
+    state: started
diff --git a/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2 b/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
index b02abf5a3496d6d3f7f8fc3d296adceba4b31770..272e160d6d2bfb5325eac255f53f8763561e9c47 100644
--- a/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
+++ b/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
@@ -10,11 +10,11 @@ rsa-key-size = 4096
 # server = https://acme-staging.api.letsencrypt.org/directory
 
 # Uncomment and update to register with the specified e-mail address
-email = notekfet2020@lists.crans.org
+email = {{ note.email }}
 
 # Uncomment to use a text interface instead of ncurses
 text = True
 
 # Use DNS-01 challenge
-authenticator = nginx
+authenticator = standalone
 
diff --git a/ansible/roles/6-psql/tasks/main.yml b/ansible/roles/6-psql/tasks/main.yml
index c4349f5ebae32d918c21860c7cc5b74a373e4194..91da9132c698601554304866b48e2028ae15e303 100644
--- a/ansible/roles/6-psql/tasks/main.yml
+++ b/ansible/roles/6-psql/tasks/main.yml
@@ -11,14 +11,14 @@
   until: pkg_result is succeeded
 
 - name: Create role note
-  when: "DB_PASSWORD|bool"    # If the password is not defined, skip the installation
+  when: DB_PASSWORD|length > 0 # If the password is not defined, skip the installation
   postgresql_user:
     name: note
     password: "{{ DB_PASSWORD }}"
   become_user: postgres
 
 - name: Create NK20 database
-  when: "DB_PASSWORD|bool"
+  when: DB_PASSWORD|length >0
   postgresql_db:
     name: note_db
     owner: note