From d90b623ec829854ec58e3abff89db80405326ee6 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sun, 29 Oct 2023 23:42:22 +0100
Subject: [PATCH 1/3] rspamd version

---
 tasks/packages.yml | 13 +++++++++++--
 vars/main.yml      |  2 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/tasks/packages.yml b/tasks/packages.yml
index bc639b5..af126b0 100644
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@@ -23,10 +23,19 @@
     state: present
   notify: sudo apt update
 
+- name: Download /etc/apt/keyrings/rspamd.gpg
+  become: true
+  ansible.builtin.get_url:
+    url: '//rspamd.com/apt-stable/gpg.key'
+    dest: '/etc/apt/keyrings/rspamd.gpg'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+
 - name: add rspamd repo
   become: true
   ansible.builtin.apt_repository:
-    repo: "deb https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
+    repo: "deb [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
     state: present
     mode: 0644
   notify: sudo apt update
@@ -34,7 +43,7 @@
 - name: add rspamd srv-repo
   become: true
   ansible.builtin.apt_repository:
-    repo: "deb-src https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
+    repo: "deb-src [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
     state: present
     mode: 0644
   notify: sudo apt update
diff --git a/vars/main.yml b/vars/main.yml
index a48eae8..5987a2b 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,6 +1,6 @@
 ---
 # versionscheck
-playbook_version_number: 9   # should be a integer
+playbook_version_number: 10
 playbook_version_path: 'do1jlr.rspamd.version'
 
 # https://github.com/ansible/ansible/issues/36129

From e2a6db4c2e5a4aa10767fc0922ff5243bdeadea9 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sun, 29 Oct 2023 23:48:34 +0100
Subject: [PATCH 2/3] start improve apt, linting and versionscheck

---
 handlers/main.yml      |  4 ++--
 tasks/configure.yml    | 22 +++++++++++-----------
 tasks/main.yml         | 24 +++++++++++++++---------
 tasks/packages.yml     | 35 ++++++++++++++++++-----------------
 tasks/redis.yml        |  9 ++++++++-
 tasks/versioncheck.yml | 26 +++++++++++++-------------
 6 files changed, 67 insertions(+), 53 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index cf03980..273950c 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
-- name: sudo apt update
+- name: Run sudo apt update
   become: true
   ansible.builtin.apt:
     update_cache: true
 
-- name: systemctl restart rspamd
+- name: Run systemctl restart rspamd
   become: true
   ansible.builtin.systemd:
     name: 'rspamd'
diff --git a/tasks/configure.yml b/tasks/configure.yml
index e487039..a5f8d0c 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -9,7 +9,7 @@
         mode: '0640'
         owner: "{{ rspamd__default_owner }}"
         group: "{{ rspamd__default_group }}"
-      notify: systemctl restart rspamd
+      notify: Run systemctl restart rspamd
   rescue:
     - name: you have to install passlib
       ansible.builtin.fail:
@@ -23,7 +23,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: milter_headers.conf
   become: true
@@ -33,7 +33,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: milter_headers.conf
   become: true
@@ -43,7 +43,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: Einstellug der redis.conf
   become: true
@@ -53,7 +53,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: classifier-bayes.conf
   become: true
@@ -63,7 +63,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: Einstellug der eignene black/whitelist
   become: true
@@ -73,7 +73,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: multimap whitelist_ip.map
   become: true
@@ -83,7 +83,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: multimap whitelist_from.map
   become: true
@@ -93,7 +93,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: multimap blacklist_ip.map
   become: true
@@ -103,7 +103,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: multimap blacklist_from.map
   become: true
@@ -113,4 +113,4 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
diff --git a/tasks/main.yml b/tasks/main.yml
index 1ec3f74..3cc8f45 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,18 +1,24 @@
 ---
-- include_tasks: versioncheck.yml
-  when: submodules_versioncheck|bool
+- name: Run optional versioncheck
+  ansible.builtin.include_tasks:
+    file: 'versioncheck.yml'
+  when: submodules_versioncheck | bool
 
-- name: add apt repos and install rspamd
-  include_tasks: packages.yml
+- name: Add apt repos and install rspamd
+  ansible.builtin.include_tasks:
+    file: 'packages.yml'
   when: ansible_os_family == 'Debian'
 
-- name: configure rspamd
-  include_tasks: configure.yml
+- name: Configure rspamd
+  ansible.builtin.include_tasks:
+    file: 'configure.yml'
 
-- name: rspamd dkim signing
-  include_tasks: dkim.yml
+- name: Rspamd dkim signing (TODO)
+  ansible.builtin.include_tasks:
+    file: 'dkim.yml'
   when: rspamd__configure_dkim | bool
 
 - name: redis backend
-  include_tasks: redis.yml
+  ansible.builtin.include_tasks:
+    file: 'redis.yml'
   when: rspamd__configure_redis | bool
diff --git a/tasks/packages.yml b/tasks/packages.yml
index af126b0..88bc7cf 100644
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@@ -1,27 +1,28 @@
 ---
-- name: update repo-cache for debian/ubuntu
+- name: Update repo-cache for debian/ubuntu
   become: true
   ansible.builtin.apt:
     update_cache: true
     cache_valid_time: 3600
 
-- name: install requirements to add new package repos
+- name: Install requirements to add new package repos
   become: true
   ansible.builtin.apt:
-    name:
-      - lsb-release
-      - wget
-      - debian-goodies
-      - apt-dater-host
-      - apt-transport-https
+    name: "{{ item }}"
     state: present
+  loop:
+    - 'lsb-release'
+    - 'wget'
+    - 'debian-goodies'
+    - 'apt-dater-host'
+    - #apt-transport-https'
 
 - name: add rspam repo key
   become: true
   ansible.builtin.apt_key:
     url: 'https://rspamd.com/apt-stable/gpg.key'
-    state: present
-  notify: sudo apt update
+    state: 'present'
+  notify: Run sudo apt update
 
 - name: Download /etc/apt/keyrings/rspamd.gpg
   become: true
@@ -32,28 +33,28 @@
     owner: 'root'
     group: 'root'
 
-- name: add rspamd repo
+- name: Add rspamd repo
   become: true
   ansible.builtin.apt_repository:
     repo: "deb [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
     state: present
     mode: 0644
-  notify: sudo apt update
+  notify: Run sudo apt update
 
-- name: add rspamd srv-repo
+- name: Add rspamd srv-repo
   become: true
   ansible.builtin.apt_repository:
     repo: "deb-src [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
     state: present
     mode: 0644
-  notify: sudo apt update
+  notify: Run sudo apt update
 
-- name: run update if something changed
+- name: Run update if something changed
   ansible.builtin.meta: flush_handlers
 
-- name: install rspamd
+- name: Install rspamd
   become: true
   ansible.builtin.apt:
     name: rspamd
     state: present
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
diff --git a/tasks/redis.yml b/tasks/redis.yml
index 55d0d0d..2fee88f 100644
--- a/tasks/redis.yml
+++ b/tasks/redis.yml
@@ -1,5 +1,12 @@
 ---
-- name: install redis backend
+- name: Update apt cache
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+  when:
+    - ansible_pkg_mgr == "apt"
+
+- name: Install redis backend
   become: true
   ansible.builtin.apt:
     name: redis
diff --git a/tasks/versioncheck.yml b/tasks/versioncheck.yml
index 5128cc8..7dd80c5 100644
--- a/tasks/versioncheck.yml
+++ b/tasks/versioncheck.yml
@@ -7,38 +7,38 @@
   ansible.builtin.file:
     path: '/etc/.ansible-version'
     state: directory
-    mode: 0755
-  when: submodules_versioncheck|bool
+    mode: '0755'
+  when: submodules_versioncheck | bool
 
-- name: check playbook version
+- name: Check playbook version
   become: true
   ansible.builtin.slurp:
     src: "/etc/.ansible-version/{{ playbook_version_path }}"
   register: playbook_version
-  when: submodules_versioncheck|bool
-  ignore_errors: true
+  when: submodules_versioncheck | bool
   failed_when: false
 
-- name: Print remote role version
+- name: Print remote role version  # noqa: H500
   ansible.builtin.debug:
     msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
 
-- name: Print locale role version
+- name: Print locale role version  # noqa: H500
   ansible.builtin.debug:
-    msg: "Local role version: '{{ playbook_version_number|string }}'."
-  when: submodules_versioncheck|bool
+    msg: "Local role version: '{{ playbook_version_number | string }}'."
+  when: submodules_versioncheck | bool
 
 - name: Check if your version is outdated
   ansible.builtin.fail:
     msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
   when:
-    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
+    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
 
-- name: write new version to remote disk
+- name: Write new version to remote disk
   become: true
   ansible.builtin.copy:
     content: "{{ playbook_version_number }}"
     dest: "/etc/.ansible-version/{{ playbook_version_path }}"
     mode: '0644'
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
+  tags: skip_ansible_lint_template-instead-of-copy

From 6ded10fd01eecd03e442833f835fd3dfebd3555d Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sun, 29 Oct 2023 23:54:39 +0100
Subject: [PATCH 3/3] cleanup

---
 tasks/packages.yml | 2 +-
 vars/main.yml      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/packages.yml b/tasks/packages.yml
index 8f005da..c7c5ec9 100644
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@@ -57,4 +57,4 @@
   ansible.builtin.apt:
     name: 'rspamd'
     state: 'present'
-  notify: Run systemctl restart rspamd
\ No newline at end of file
+  notify: 'Run systemctl restart rspamd'
diff --git a/vars/main.yml b/vars/main.yml
index 5987a2b..fd14881 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,6 +1,6 @@
 ---
 # versionscheck
-playbook_version_number: 10
+playbook_version_number: 11
 playbook_version_path: 'do1jlr.rspamd.version'
 
 # https://github.com/ansible/ansible/issues/36129