.yamllint

@@ -1,33 +0,0 @@
----
-# Based on ansible-lint config
-extends: default
-
-rules:
-  braces:
-    max-spaces-inside: 1
-    level: error
-  brackets:
-    max-spaces-inside: 1
-    level: error
-  colons:
-    max-spaces-after: -1
-    level: error
-  commas:
-    max-spaces-after: -1
-    level: error
-  comments: disable
-  comments-indentation: disable
-  document-start: disable
-  empty-lines:
-    max: 3
-    level: error
-  hyphens:
-    level: error
-  indentation: disable
-  key-duplicates: enable
-  line-length: disable
-  new-line-at-end-of-file: disable
-  new-lines:
-    type: unix
-  trailing-spaces: disable
-  truthy: disable

defaults/main/proxy_site_defs.yml

@@ -39,12 +39,12 @@
 
 
   proxy_site_ssl_directory           : /etc/nginx/ssl
-  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain26.pem"
+  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain21.pem"
-  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey26.pem"
+  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey21.pem"
-  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain15.pem"
+  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain10.pem"
-  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey15.pem"
+  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey10.pem"
-  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain24.pem"
+  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain19.pem"
-  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey24.pem"
+  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey19.pem"
   proxy_site_ssl_protocols           : TLSv1.2
   proxy_site_ssl_ciphers             : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
 
@@ -60,5 +60,5 @@
 
 
   # git repo vars for ssl certs
-  ssl_repo        : gitea@gitea.thezengarden.net:SSL/le.git
+  ssl_repo        : git@gitlab.thezengarden.net:zen/le-ssl-certs.git
-  ssl_repo_branch : main
+  ssl_repo_branch : master

defaults/main/proxy_sites.yml

@@ -60,6 +60,24 @@ proxy_sites:
     port  : 32400
 
 
+  hme-1.thezengarden.net:
+    proto : http
+    dest  : kansai.thezengarden.net
+    port  : 80
+
+
+  hme-2.thezengarden.net:
+    proto : https
+    dest  : 10.1.1.6
+    port  : 9090
+
+
+  hme-3.thezengarden.net:
+    proto : https
+    dest  : 10.10.10.66
+    port  : 443
+
+
   gw.thezengarden.net:
     proto : https
     dest  : er4.thezengarden.net
@@ -92,25 +110,13 @@ proxy_sites:
     max_upload    : "{{ proxy_default_max_upload }}"
 
 
-  status.thezengarden.net:
+  tower.thezengarden.net:
-    proto : http
-    dest  : podman.thezengarden.net
-    port  : 3001
-
-
-  registry.thezengarden.net:
-    proto : http
-    dest  : podman.thezengarden.net
-    port  : 8000
-
-
-  drone-ci.thezengarden.net:
     proto : https
-    dest  : 10.1.1.113
+    dest  : zg-tower-prod-1.thezengarden.net
     port  : 443
 
 
-  ansible-lab.thezengarden.net:
+  tower2.thezengarden.net:
     proto : https
     dest  : 10.10.10.83
     port  : 443
@@ -123,21 +129,15 @@ proxy_sites:
     max_upload : "{{ proxy_default_max_upload }}"
 
 
-  pw-old.thezengarden.net:
+  pw.thezengarden.net:
     proto : http
     dest  : docker.thezengarden.net
     port  : 8001
 
 
-  pw.thezengarden.net:
-    proto : http
-    dest  : podman.thezengarden.net
-    port  : 8001
-
-
   webhooks.thezengarden.net:
     proto : http
-    dest  : podman.thezengarden.net
+    dest  : docker.thezengarden.net
     port  : 55555
 
 
@@ -243,7 +243,6 @@ proxy_sites:
 
 
   chris-hammer.com:
-    aliases    : www.chris-hammer.com
     proto      : http
     dest       : "{{ proxy_default_host }}"
     port       : 80

molecule/default/converge.yml

@@ -1,12 +0,0 @@
----
-- name: Converge
-  hosts: all
-  tasks:
-    # replace these tasks with whatever you find suitable to test
-    - name: Copy something to test use of synchronize module
-      ansible.builtin.copy:
-        src: /etc/hosts
-        dest: /tmp/hosts-from-controller
-    - name: "Include jchristianh.zen_rev_proxy"
-      ansible.builtin.include_role:
-        name: "jchristianh.zen_rev_proxy"

molecule/default/molecule.yml

@@ -1,14 +0,0 @@
----
-dependency:
-  name: galaxy
-driver:
-  name: podman
-platforms:
-  - name: proxy1
-    image: quay.io/centos/centos:stream8
-    pre_build_image: true
-
-provisioner:
-  name: ansible
-verifier:
-  name: ansible

molecule/default/verify.yml

@@ -1,10 +0,0 @@
----
-# This is an example playbook to execute Ansible tests.
-
-- name: Verify
-  hosts: all
-  gather_facts: false
-  tasks:
-  - name: Example assertion
-    ansible.builtin.assert:
-      that: true

tasks/main.yml

@@ -1,67 +1,66 @@
 ---
-- name: Install proxy packages
+- name: install proxy packages
-  ansible.builtin.package:
+  package:
     name  : "{{ proxy_package_list }}"
     state : present
   tags: always
 
 
-- name: Enable nginx at boot time
+- name: enable nginx at boot time
-  ansible.builtin.service:
+  service:
     name    : nginx
-    enabled: true
+    enabled : yes
   tags: always
   when: ansible_virtualization_type != "docker"
 
 
-- name: Clean conf.d
+- name: clean conf.d
-  ansible.builtin.file:
+  file:
     path: "{{ proxy_site_conf_dir }}"
     state: absent
   tags: ['clean_deploy','never']
 
 
-- name: Create conf.d directory
+- name: create conf.d directory
-  ansible.builtin.file:
+  file:
     path  : "{{ proxy_site_conf_dir }}"
     state : directory
-    mode: "0755"
+    mode  : 0755
   tags: always
 
 
-- name: Create log directory
+- name: create log directory
-  ansible.builtin.file:
+  file:
     path  : "{{ proxy_site_log_path }}"
     state : directory
-    mode: "0755"
+    mode  : 0755
   tags: always
 
 
   ## TODO: fix the perms on ssl certs!!@*&!@^&*
 
-- name: Clone ssl certs
+- name: clone ssl certs
-  ansible.builtin.git:
+  git:
     repo: "{{ ssl_repo }}"
     dest: "{{ proxy_site_ssl_directory }}"
     version: "{{ ssl_repo_branch }}"
-    accept_newhostkey: true
   tags: always
   notify: restart nginx
 
 
-- name: Write configuration file(s)
+- name: write configuration file(s)
-  ansible.builtin.template:
+  template:
     src  : proxy_site.j2
     dest : "{{ proxy_site_conf_dir }}/{{ item.key }}.conf"
-    mode: "0644"
+    mode : 0644
   with_dict:
     - "{{ proxy_sites }}"
   tags: always
   notify: restart nginx
 
 
-- name: Start nginx
+- name: start nginx
-  ansible.builtin.service:
+  service:
     name  : nginx
     state : started
   tags: always