From 99bb507d4c8bf363a2a95eb11034bd5d7c078479 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sun, 29 Oct 2023 22:34:09 +0100
Subject: [PATCH 1/3] improve linting and action

---
 .github/dependabot.yml                      |  6 ++---
 .github/workflows/ansible-linting-check.yml |  2 +-
 .github/workflows/j2lint-check.yml          | 22 +++++++++++++++++
 .github/workflows/yamllint-check.yml        |  2 +-
 meta/main.yml                               | 10 ++++----
 tasks/main.yml                              | 26 ++++++++++++++-------
 tasks/unwant_domains.yml                    |  3 ++-
 tasks/versioncheck.yml                      |  7 +++---
 tasks/want_domains.yml                      |  3 ++-
 vars/main.yml                               |  2 +-
 10 files changed, 57 insertions(+), 26 deletions(-)
 create mode 100644 .github/workflows/j2lint-check.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ddc762b..dde6f4a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,9 +1,9 @@
 ---
+# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
 version: 2
 updates:
-  - package-ecosystem: github-actions
+
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
-    assignees:
-      - 'do1jlr'
diff --git a/.github/workflows/ansible-linting-check.yml b/.github/workflows/ansible-linting-check.yml
index c01cf3a..1a76d38 100644
--- a/.github/workflows/ansible-linting-check.yml
+++ b/.github/workflows/ansible-linting-check.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: 'Checkout git repo'
+      - name: Checkout git repo
         uses: actions/checkout@v4
         with:
           submodules: true
diff --git a/.github/workflows/j2lint-check.yml b/.github/workflows/j2lint-check.yml
new file mode 100644
index 0000000..00c7861
--- /dev/null
+++ b/.github/workflows/j2lint-check.yml
@@ -0,0 +1,22 @@
+---
+name: Jinja2 Linting check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Jinja2 Linting
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run j2lint
+        uses: ansible-actions/j2lint-action@v0.0.1
+        with:
+          target: "./"
diff --git a/.github/workflows/yamllint-check.yml b/.github/workflows/yamllint-check.yml
index 751e992..5e62f57 100644
--- a/.github/workflows/yamllint-check.yml
+++ b/.github/workflows/yamllint-check.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: 'checkout git repo'
+      - name: Checkout git repo
         uses: actions/checkout@v4
         with:
           submodules: true
diff --git a/meta/main.yml b/meta/main.yml
index cc8d9ae..a3284b8 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -2,19 +2,19 @@
 galaxy_info:
   role_name: acmetool
   author: do1jlr
+  namespace: l3d
   description: Install acmetool, an easy-to-use command line tool for automatically acquiring certificates from ACME servers (eg. Let's Encrypt)
   license: "MIT"
-  min_ansible_version: '2.11'
+  min_ansible_version: '2.13'
   platforms:
     - name: Debian
-      versions:
-        - all
+      versions: ['all']
     - name: Ubuntu
-      versions:
-        - all
+      versions: ['all']
   galaxy_tags:
     - acmetool
     - acmetool
     - letsencrypt
     - web
+    - linux
 dependencies: []
diff --git a/tasks/main.yml b/tasks/main.yml
index cb6d15c..b8ae8b2 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,25 +1,33 @@
 ---
 - name: Perform optional versionscheck
-  ansible.builtin.include_tasks: versioncheck.yml
-  when: submodules_versioncheck|bool
+  ansible.builtin.include_tasks:
+    file: 'versioncheck.yml'
+  when: submodules_versioncheck | bool
 
 - name: Install acmetool
-  ansible.builtin.include_tasks: install.yml
+  ansible.builtin.include_tasks:
+    file: 'install.yml'
 
 - name: Configure systemd
-  ansible.builtin.include_tasks: systemd.yml
+  ansible.builtin.include_tasks:
+    file: 'systemd.yml'
 
 - name: Configure acmetool
-  ansible.builtin.include_tasks: configure.yml
+  ansible.builtin.include_tasks:
+    file: 'configure.yml'
 
 - name: Copy hook to enable acmetool to restart services
-  ansible.builtin.include_tasks: hook.yml
+  ansible.builtin.include_tasks:
+    file: 'hook.yml'
 
 - name: Reload systemd and enable acmetool timer unit
-  ansible.builtin.include_tasks: timer.yml
+  ansible.builtin.include_tasks:
+    file: 'timer.yml'
 
 - name: Optionally want domains
-  ansible.builtin.include_tasks: want_domains.yml
+  ansible.builtin.include_tasks:
+    file: 'want_domains.yml'
 
 - name: Optionally unwant domains
-  ansible.builtin.include_tasks: unwant_domains.yml
+  ansible.builtin.include_tasks:
+    file: 'unwant_domains.yml'
diff --git a/tasks/unwant_domains.yml b/tasks/unwant_domains.yml
index 8f19da0..ffb7704 100644
--- a/tasks/unwant_domains.yml
+++ b/tasks/unwant_domains.yml
@@ -2,7 +2,8 @@
 - name: Disable acmetool for acme_domain_unwant_list domains
   become: true
   ansible.builtin.command: "acmetool unwant {{ _domain.name }}"
-  with_items: "{{ acme_domain_unwant_list }}"
+  loop:
+    - "{{ acme_domain_unwant_list }}"
   loop_control:
     loop_var: _domain
   changed_when: true
diff --git a/tasks/versioncheck.yml b/tasks/versioncheck.yml
index dd22a1a..7dd80c5 100644
--- a/tasks/versioncheck.yml
+++ b/tasks/versioncheck.yml
@@ -7,7 +7,7 @@
   ansible.builtin.file:
     path: '/etc/.ansible-version'
     state: directory
-    mode: 0755
+    mode: '0755'
   when: submodules_versioncheck | bool
 
 - name: Check playbook version
@@ -16,15 +16,14 @@
     src: "/etc/.ansible-version/{{ playbook_version_path }}"
   register: playbook_version
   when: submodules_versioncheck | bool
-  ignore_errors: true
   failed_when: false
 
-- name: Print remote role version
+- name: Print remote role version  # noqa: H500
   ansible.builtin.debug:
     msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
   when: submodules_versioncheck | bool
 
-- name: Print locale role version
+- name: Print locale role version  # noqa: H500
   ansible.builtin.debug:
     msg: "Local role version: '{{ playbook_version_number | string }}'."
   when: submodules_versioncheck | bool
diff --git a/tasks/want_domains.yml b/tasks/want_domains.yml
index 4e6d66f..2348d94 100644
--- a/tasks/want_domains.yml
+++ b/tasks/want_domains.yml
@@ -4,6 +4,7 @@
   ansible.builtin.command: "acmetool want {{ _domain.name }}"
   args:
     creates: "/var/lib/acme/live/{{ _domain.name }}"
-  with_items: "{{ acme_domain_want_list }}"
+  loop:
+    - "{{ acme_domain_want_list }}"
   loop_control:
     loop_var: _domain
diff --git a/vars/main.yml b/vars/main.yml
index 4e0f827..9c7bb40 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -33,5 +33,5 @@ acmetool__restart_hook:
     - 'files'
 
 # versionscheck
-playbook_version_number: 34   # should be a integer
+playbook_version_number: 35   # should be a integer
 playbook_version_path: 'do1jlr.role-acmetool.version'

From 5024c06b3ba663cecaa39d9d29bdb1df20ff790f Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sun, 29 Oct 2023 22:40:35 +0100
Subject: [PATCH 2/3] improve J2 Filters

---
 templates/acmetool_reload.j2  | 10 +++++-----
 templates/acmetool_restart.j2 | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/templates/acmetool_reload.j2 b/templates/acmetool_reload.j2
index 68ed82d..963d8fa 100644
--- a/templates/acmetool_reload.j2
+++ b/templates/acmetool_reload.j2
@@ -3,8 +3,8 @@
 #
 # reload hook configuration file
 # adding the service to the list of services to be reloaded by acmetool.
-SERVICES="$SERVICES
-  {%- for service in acme_reload_services -%}
-    {{- ' ' -}}
-    {{- service -}}
-  {%- endfor -%}"
+{% set services = '' %}
+{% for service in acme_reload_services %}
+{%     set _ = services.extend(' ' ~ service) %}
+{% endfor %}
+SERVICES="$SERVICES {{ services }}"
diff --git a/templates/acmetool_restart.j2 b/templates/acmetool_restart.j2
index 3db2c35..942356b 100644
--- a/templates/acmetool_restart.j2
+++ b/templates/acmetool_restart.j2
@@ -3,8 +3,8 @@
 #
 # restart hook configuration file
 # adding the service to the list of services to be restarted.
-SERVICES="$SERVICES
-  {%- for service in acme_restart_services -%}
-    {{- ' ' -}}
-    {{- service -}}
-  {%- endfor -%}"
+{% set services = '' %}
+{% for service in acme_restart_services %}
+{%     set _ = services.extend(' ' ~ service) %}
+{% endfor %}
+SERVICES="$SERVICES {{ services }}"

From c5357bbc87d7cec527a79b413e9c78c29c9b38ce Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Mon, 30 Oct 2023 01:53:47 +0100
Subject: [PATCH 3/3] Update acme tool hook templates

---
 tasks/unwant_domains.yml      | 3 +--
 tasks/want_domains.yml        | 3 +--
 templates/acmetool_reload.j2  | 7 ++++---
 templates/acmetool_restart.j2 | 7 ++++---
 vars/main.yml                 | 2 +-
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/tasks/unwant_domains.yml b/tasks/unwant_domains.yml
index ffb7704..be31e53 100644
--- a/tasks/unwant_domains.yml
+++ b/tasks/unwant_domains.yml
@@ -2,8 +2,7 @@
 - name: Disable acmetool for acme_domain_unwant_list domains
   become: true
   ansible.builtin.command: "acmetool unwant {{ _domain.name }}"
-  loop:
-    - "{{ acme_domain_unwant_list }}"
+  loop: "{{ acme_domain_unwant_list }}"
   loop_control:
     loop_var: _domain
   changed_when: true
diff --git a/tasks/want_domains.yml b/tasks/want_domains.yml
index 2348d94..f0e1f80 100644
--- a/tasks/want_domains.yml
+++ b/tasks/want_domains.yml
@@ -4,7 +4,6 @@
   ansible.builtin.command: "acmetool want {{ _domain.name }}"
   args:
     creates: "/var/lib/acme/live/{{ _domain.name }}"
-  loop:
-    - "{{ acme_domain_want_list }}"
   loop_control:
     loop_var: _domain
+  loop: "{{ acme_domain_want_list }}"
diff --git a/templates/acmetool_reload.j2 b/templates/acmetool_reload.j2
index 963d8fa..31c1ad9 100644
--- a/templates/acmetool_reload.j2
+++ b/templates/acmetool_reload.j2
@@ -3,8 +3,9 @@
 #
 # reload hook configuration file
 # adding the service to the list of services to be reloaded by acmetool.
-{% set services = '' %}
+{% set services = ['$SERVICES'] %}
 {% for service in acme_reload_services %}
-{%     set _ = services.extend(' ' ~ service) %}
+{%     set _ = services.append(service) %}
 {% endfor %}
-SERVICES="$SERVICES {{ services }}"
+{% set services_string = services | join(' ') %}
+SERVICES="{{ services_string }}"
diff --git a/templates/acmetool_restart.j2 b/templates/acmetool_restart.j2
index 942356b..7467d92 100644
--- a/templates/acmetool_restart.j2
+++ b/templates/acmetool_restart.j2
@@ -3,8 +3,9 @@
 #
 # restart hook configuration file
 # adding the service to the list of services to be restarted.
-{% set services = '' %}
+{% set services = ['$SERVICES'] %}
 {% for service in acme_restart_services %}
-{%     set _ = services.extend(' ' ~ service) %}
+{%     set _ = services.append(service) %}
 {% endfor %}
-SERVICES="$SERVICES {{ services }}"
+{% set services_string = services | join(' ') %}
+SERVICES="{{ services_string }}"
diff --git a/vars/main.yml b/vars/main.yml
index 9c7bb40..b1d2664 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -33,5 +33,5 @@ acmetool__restart_hook:
     - 'files'
 
 # versionscheck
-playbook_version_number: 35   # should be a integer
+playbook_version_number: 36   # should be a integer
 playbook_version_path: 'do1jlr.role-acmetool.version'