update cert references for renewal; ansible-lint cleanup

2024-09-04 17:09:27 -04:00 · 2024-09-04 17:09:27 -04:00 · 4646e5cf23
commit 4646e5cf23
parent b71c656e6a
6 changed files with 110 additions and 40 deletions
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,33 @@
 ---
 # Based on ansible-lint config
 extends: default
 rules:
  braces:
    max-spaces-inside: 1
    level: error
  brackets:
    max-spaces-inside: 1
    level: error
  colons:
    max-spaces-after: -1
    level: error
  commas:
    max-spaces-after: -1
    level: error
  comments: disable
  comments-indentation: disable
  document-start: disable
  empty-lines:
    max: 3
    level: error
  hyphens:
    level: error
  indentation: disable
  key-duplicates: enable
  line-length: disable
  new-line-at-end-of-file: disable
  new-lines:
    type: unix
  trailing-spaces: disable
  truthy: disable
--- a/defaults/main/proxy_site_defs.yml
+++ b/defaults/main/proxy_site_defs.yml
@ -39,12 +39,12 @@
  proxy_site_ssl_directory           : /etc/nginx/ssl
-  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain25.pem"
+  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain26.pem"
-  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey25.pem"
+  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey26.pem"
-  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain14.pem"
+  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain15.pem"
-  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey14.pem"
+  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey15.pem"
-  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain23.pem"
+  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain24.pem"
-  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey23.pem"
+  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey24.pem"
  proxy_site_ssl_protocols           : TLSv1.2
  proxy_site_ssl_ciphers             : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
@ -60,5 +60,5 @@
  # git repo vars for ssl certs
-  ssl_repo        : git@gitlab.thezengarden.net:zen/le-ssl-certs.git
+  ssl_repo        : gitea@gitea.thezengarden.net:SSL/le.git
-  ssl_repo_branch : master
+  ssl_repo_branch : main
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -0,0 +1,12 @@
 ---
 - name: Converge
  hosts: all
  tasks:
    # replace these tasks with whatever you find suitable to test
    - name: Copy something to test use of synchronize module
      ansible.builtin.copy:
        src: /etc/hosts
        dest: /tmp/hosts-from-controller
    - name: "Include jchristianh.zen_rev_proxy"
      ansible.builtin.include_role:
        name: "jchristianh.zen_rev_proxy"
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -0,0 +1,14 @@
 ---
 dependency:
  name: galaxy
 driver:
  name: podman
 platforms:
  - name: proxy1
    image: quay.io/centos/centos:stream8
    pre_build_image: true
 provisioner:
  name: ansible
 verifier:
  name: ansible
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@ -0,0 +1,10 @@
 ---
 # This is an example playbook to execute Ansible tests.
 - name: Verify
  hosts: all
  gather_facts: false
  tasks:
  - name: Example assertion
    ansible.builtin.assert:
      that: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,67 +1,68 @@
 ---
- name: install proxy packages
+- name: Install proxy packages
-  package:
+  ansible.builtin.package:
-    name  : "{{ proxy_package_list }}"
+    name: "{{ proxy_package_list }}"
-    state : present
+    state: present
  tags: always
- name: enable nginx at boot time
+- name: Enable nginx at boot time
-  service:
+  ansible.builtin.service:
-    name    : nginx
+    name: nginx
-    enabled : yes
+    enabled: true
  tags: always
  when: ansible_virtualization_type != "docker"
- name: clean conf.d
+- name: Clean conf.d
-  file:
+  ansible.builtin.file:
    path: "{{ proxy_site_conf_dir }}"
    state: absent
-  tags: ['clean_deploy','never']
+  tags: ['clean_deploy', 'never']
- name: create conf.d directory
+- name: Create conf.d directory
-  file:
+  ansible.builtin.file:
-    path  : "{{ proxy_site_conf_dir }}"
+    path: "{{ proxy_site_conf_dir }}"
-    state : directory
+    state: directory
-    mode  : 0755
+    mode: "0755"
  tags: always
- name: create log directory
+- name: Create log directory
-  file:
+  ansible.builtin.file:
-    path  : "{{ proxy_site_log_path }}"
+    path: "{{ proxy_site_log_path }}"
-    state : directory
+    state: directory
-    mode  : 0755
+    mode: "0755"
  tags: always
  ## TODO: fix the perms on ssl certs!!@*&!@^&*
- name: clone ssl certs
+- name: Clone ssl certs
-  git:
+  ansible.builtin.git:
    repo: "{{ ssl_repo }}"
    dest: "{{ proxy_site_ssl_directory }}"
    version: "{{ ssl_repo_branch }}"
    accept_newhostkey: true
  tags: always
  notify: restart nginx
- name: write configuration file(s)
+- name: Write configuration file(s)
-  template:
+  ansible.builtin.template:
-    src  : proxy_site.j2
+    src: proxy_site.j2
-    dest : "{{ proxy_site_conf_dir }}/{{ item.key }}.conf"
+    dest: "{{ proxy_site_conf_dir }}/{{ item.key }}.conf"
-    mode : 0644
+    mode: "0644"
  with_dict:
    - "{{ proxy_sites }}"
  tags: always
  notify: restart nginx
- name: start nginx
+- name: Start nginx
-  service:
+  ansible.builtin.service:
-    name  : nginx
+    name: nginx
-    state : started
+    state: started
  tags: always
  when: ansible_virtualization_type != "docker"