From 4646e5cf234e5b85b82e6040899033d5293900a8 Mon Sep 17 00:00:00 2001
From: Chris Hammer <chris@thezengarden.net>
Date: Wed, 4 Sep 2024 17:09:27 -0400
Subject: [PATCH] update cert references for renewal; ansible-lint cleanup

---
 .yamllint                         | 33 ++++++++++++++++
 defaults/main/proxy_site_defs.yml | 16 ++++----
 molecule/default/converge.yml     | 12 ++++++
 molecule/default/molecule.yml     | 14 +++++++
 molecule/default/verify.yml       | 10 +++++
 tasks/main.yml                    | 65 ++++++++++++++++---------------
 6 files changed, 110 insertions(+), 40 deletions(-)
 create mode 100644 .yamllint
 create mode 100644 molecule/default/converge.yml
 create mode 100644 molecule/default/molecule.yml
 create mode 100644 molecule/default/verify.yml

diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..8827676
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable
diff --git a/defaults/main/proxy_site_defs.yml b/defaults/main/proxy_site_defs.yml
index bd40268..fc1ae36 100644
--- a/defaults/main/proxy_site_defs.yml
+++ b/defaults/main/proxy_site_defs.yml
@@ -39,12 +39,12 @@
 
 
   proxy_site_ssl_directory           : /etc/nginx/ssl
-  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain25.pem"
-  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey25.pem"
-  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain14.pem"
-  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey14.pem"
-  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain23.pem"
-  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey23.pem"
+  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain26.pem"
+  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey26.pem"
+  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain15.pem"
+  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey15.pem"
+  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain24.pem"
+  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey24.pem"
   proxy_site_ssl_protocols           : TLSv1.2
   proxy_site_ssl_ciphers             : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
 
@@ -60,5 +60,5 @@
 
 
   # git repo vars for ssl certs
-  ssl_repo        : git@gitlab.thezengarden.net:zen/le-ssl-certs.git
-  ssl_repo_branch : master
+  ssl_repo        : gitea@gitea.thezengarden.net:SSL/le.git
+  ssl_repo_branch : main
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
new file mode 100644
index 0000000..baddecf
--- /dev/null
+++ b/molecule/default/converge.yml
@@ -0,0 +1,12 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    # replace these tasks with whatever you find suitable to test
+    - name: Copy something to test use of synchronize module
+      ansible.builtin.copy:
+        src: /etc/hosts
+        dest: /tmp/hosts-from-controller
+    - name: "Include jchristianh.zen_rev_proxy"
+      ansible.builtin.include_role:
+        name: "jchristianh.zen_rev_proxy"
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 0000000..f971d8e
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,14 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: podman
+platforms:
+  - name: proxy1
+    image: quay.io/centos/centos:stream8
+    pre_build_image: true
+
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
new file mode 100644
index 0000000..e707420
--- /dev/null
+++ b/molecule/default/verify.yml
@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    ansible.builtin.assert:
+      that: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 021f0b6..784d307 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,67 +1,68 @@
 ---
-- name: install proxy packages
-  package:
-    name  : "{{ proxy_package_list }}"
-    state : present
+- name: Install proxy packages
+  ansible.builtin.package:
+    name: "{{ proxy_package_list }}"
+    state: present
   tags: always
 
 
-- name: enable nginx at boot time
-  service:
-    name    : nginx
-    enabled : yes
+- name: Enable nginx at boot time
+  ansible.builtin.service:
+    name: nginx
+    enabled: true
   tags: always
   when: ansible_virtualization_type != "docker"
 
 
-- name: clean conf.d
-  file:
+- name: Clean conf.d
+  ansible.builtin.file:
     path: "{{ proxy_site_conf_dir }}"
     state: absent
-  tags: ['clean_deploy','never']
+  tags: ['clean_deploy', 'never']
 
 
-- name: create conf.d directory
-  file:
-    path  : "{{ proxy_site_conf_dir }}"
-    state : directory
-    mode  : 0755
+- name: Create conf.d directory
+  ansible.builtin.file:
+    path: "{{ proxy_site_conf_dir }}"
+    state: directory
+    mode: "0755"
   tags: always
 
 
-- name: create log directory
-  file:
-    path  : "{{ proxy_site_log_path }}"
-    state : directory
-    mode  : 0755
+- name: Create log directory
+  ansible.builtin.file:
+    path: "{{ proxy_site_log_path }}"
+    state: directory
+    mode: "0755"
   tags: always
 
 
   ## TODO: fix the perms on ssl certs!!@*&!@^&*
 
-- name: clone ssl certs
-  git:
+- name: Clone ssl certs
+  ansible.builtin.git:
     repo: "{{ ssl_repo }}"
     dest: "{{ proxy_site_ssl_directory }}"
     version: "{{ ssl_repo_branch }}"
+    accept_newhostkey: true
   tags: always
   notify: restart nginx
 
 
-- name: write configuration file(s)
-  template:
-    src  : proxy_site.j2
-    dest : "{{ proxy_site_conf_dir }}/{{ item.key }}.conf"
-    mode : 0644
+- name: Write configuration file(s)
+  ansible.builtin.template:
+    src: proxy_site.j2
+    dest: "{{ proxy_site_conf_dir }}/{{ item.key }}.conf"
+    mode: "0644"
   with_dict:
     - "{{ proxy_sites }}"
   tags: always
   notify: restart nginx
 
 
-- name: start nginx
-  service:
-    name  : nginx
-    state : started
+- name: Start nginx
+  ansible.builtin.service:
+    name: nginx
+    state: started
   tags: always
   when: ansible_virtualization_type != "docker"