update cert references for renewal; ansible-lint cleanup

.yamllint

@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable

defaults/main/proxy_site_defs.yml

@@ -39,12 +39,12 @@
 
 
   proxy_site_ssl_directory           : /etc/nginx/ssl
-  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain21.pem"
+  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain26.pem"
-  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey21.pem"
+  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey26.pem"
-  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain10.pem"
+  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain15.pem"
-  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey10.pem"
+  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey15.pem"
-  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain19.pem"
+  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain24.pem"
-  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey19.pem"
+  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey24.pem"
   proxy_site_ssl_protocols           : TLSv1.2
   proxy_site_ssl_ciphers             : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
 
@@ -60,5 +60,5 @@
 
 
   # git repo vars for ssl certs
-  ssl_repo        : git@gitlab.thezengarden.net:zen/le-ssl-certs.git
+  ssl_repo        : gitea@gitea.thezengarden.net:SSL/le.git
-  ssl_repo_branch : master
+  ssl_repo_branch : main

defaults/main/proxy_sites.yml

@@ -60,24 +60,6 @@ proxy_sites:
     port  : 32400
 
 
-  hme-1.thezengarden.net:
-    proto : http
-    dest  : kansai.thezengarden.net
-    port  : 80
-
-
-  hme-2.thezengarden.net:
-    proto : https
-    dest  : 10.1.1.6
-    port  : 9090
-
-
-  hme-3.thezengarden.net:
-    proto : https
-    dest  : 10.10.10.66
-    port  : 443
-
-
   gw.thezengarden.net:
     proto : https
     dest  : er4.thezengarden.net
@@ -110,13 +92,25 @@ proxy_sites:
     max_upload    : "{{ proxy_default_max_upload }}"
 
 
-  tower.thezengarden.net:
+  status.thezengarden.net:
+    proto : http
+    dest  : podman.thezengarden.net
+    port  : 3001
+
+
+  registry.thezengarden.net:
+    proto : http
+    dest  : podman.thezengarden.net
+    port  : 8000
+
+
+  drone-ci.thezengarden.net:
     proto : https
-    dest  : zg-tower-prod-1.thezengarden.net
+    dest  : 10.1.1.113
     port  : 443
 
 
-  tower2.thezengarden.net:
+  ansible-lab.thezengarden.net:
     proto : https
     dest  : 10.10.10.83
     port  : 443
@@ -129,15 +123,21 @@ proxy_sites:
     max_upload : "{{ proxy_default_max_upload }}"
 
 
-  pw.thezengarden.net:
+  pw-old.thezengarden.net:
     proto : http
     dest  : docker.thezengarden.net
     port  : 8001
 
 
+  pw.thezengarden.net:
+    proto : http
+    dest  : podman.thezengarden.net
+    port  : 8001
+
+
   webhooks.thezengarden.net:
     proto : http
-    dest  : docker.thezengarden.net
+    dest  : podman.thezengarden.net
     port  : 55555
 
 
@@ -243,6 +243,7 @@ proxy_sites:
 
 
   chris-hammer.com:
+    aliases    : www.chris-hammer.com
     proto      : http
     dest       : "{{ proxy_default_host }}"
     port       : 80

molecule/default/converge.yml

@@ -0,0 +1,12 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    # replace these tasks with whatever you find suitable to test
+    - name: Copy something to test use of synchronize module
+      ansible.builtin.copy:
+        src: /etc/hosts
+        dest: /tmp/hosts-from-controller
+    - name: "Include jchristianh.zen_rev_proxy"
+      ansible.builtin.include_role:
+        name: "jchristianh.zen_rev_proxy"

molecule/default/molecule.yml

@@ -0,0 +1,14 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: podman
+platforms:
+  - name: proxy1
+    image: quay.io/centos/centos:stream8
+    pre_build_image: true
+
+provisioner:
+  name: ansible
+verifier:
+  name: ansible

molecule/default/verify.yml

@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    ansible.builtin.assert:
+      that: true

tasks/main.yml

@@ -1,66 +1,67 @@
 ---
-- name: install proxy packages
+- name: Install proxy packages
-  package:
+  ansible.builtin.package:
     name: "{{ proxy_package_list }}"
     state: present
   tags: always
 
 
-- name: enable nginx at boot time
+- name: Enable nginx at boot time
-  service:
+  ansible.builtin.service:
     name: nginx
-    enabled : yes
+    enabled: true
   tags: always
   when: ansible_virtualization_type != "docker"
 
 
-- name: clean conf.d
+- name: Clean conf.d
-  file:
+  ansible.builtin.file:
     path: "{{ proxy_site_conf_dir }}"
     state: absent
   tags: ['clean_deploy', 'never']
 
 
-- name: create conf.d directory
+- name: Create conf.d directory
-  file:
+  ansible.builtin.file:
     path: "{{ proxy_site_conf_dir }}"
     state: directory
-    mode  : 0755
+    mode: "0755"
   tags: always
 
 
-- name: create log directory
+- name: Create log directory
-  file:
+  ansible.builtin.file:
     path: "{{ proxy_site_log_path }}"
     state: directory
-    mode  : 0755
+    mode: "0755"
   tags: always
 
 
   ## TODO: fix the perms on ssl certs!!@*&!@^&*
 
-- name: clone ssl certs
+- name: Clone ssl certs
-  git:
+  ansible.builtin.git:
     repo: "{{ ssl_repo }}"
     dest: "{{ proxy_site_ssl_directory }}"
     version: "{{ ssl_repo_branch }}"
+    accept_newhostkey: true
   tags: always
   notify: restart nginx
 
 
-- name: write configuration file(s)
+- name: Write configuration file(s)
-  template:
+  ansible.builtin.template:
     src: proxy_site.j2
     dest: "{{ proxy_site_conf_dir }}/{{ item.key }}.conf"
-    mode : 0644
+    mode: "0644"
   with_dict:
     - "{{ proxy_sites }}"
   tags: always
   notify: restart nginx
 
 
-- name: start nginx
+- name: Start nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: started
   tags: always