diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..dde6f4a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +--- +# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/ansible-linting-check.yml b/.github/workflows/ansible-linting-check.yml index 4d7dc8e..1a76d38 100644 --- a/.github/workflows/ansible-linting-check.yml +++ b/.github/workflows/ansible-linting-check.yml @@ -2,21 +2,21 @@ name: Ansible Lint check # yamllint disable-line rule:truthy -on: - push: - branches: '*' - pull_request: - branches: '*' +on: [push, pull_request] jobs: build: + name: Ansible Lint runs-on: ubuntu-latest steps: - - name: 'checkout git repo' - uses: actions/checkout@v3 - - - name: 'Lint Ansible Playbook' - uses: ansible/ansible-lint-action@v6 + - name: Checkout git repo + uses: actions/checkout@v4 with: - targets: "." + submodules: true + fetch-depth: 0 + + - name: Run ansible-lint + uses: ansible-actions/ansible-lint-action@v1.0.2 + with: + target: "./" diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml new file mode 100644 index 0000000..b44f94e --- /dev/null +++ b/.github/workflows/galaxy.yml @@ -0,0 +1,24 @@ +--- +name: Galaxy-NG Roles Import + +# yamllint disable-line rule:truthy +on: + release: + types: ['created'] + +jobs: + build: + name: Galaxy Role Importer + runs-on: ubuntu-latest + + steps: + - name: 'Checkout git repo' + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + + - name: 'Release on galaxy' + uses: ansible-actions/ansible-galaxy-action@v1.1.1 + with: + galaxy_api_key: ${{ secrets.galaxy_api_key }} diff --git a/.github/workflows/j2lint-check.yml b/.github/workflows/j2lint-check.yml new file mode 100644 index 0000000..00c7861 --- /dev/null +++ b/.github/workflows/j2lint-check.yml @@ -0,0 +1,22 @@ +--- +name: Jinja2 Linting check + +# yamllint disable-line rule:truthy +on: [push, pull_request] + +jobs: + build: + name: Jinja2 Linting + runs-on: ubuntu-latest + + steps: + - name: Checkout git repo + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + + - name: Run j2lint + uses: ansible-actions/j2lint-action@v0.0.1 + with: + target: "./" diff --git a/.github/workflows/yamllint-check.yml b/.github/workflows/yamllint-check.yml new file mode 100644 index 0000000..5e62f57 --- /dev/null +++ b/.github/workflows/yamllint-check.yml @@ -0,0 +1,22 @@ +--- +name: Yamllint check + +# yamllint disable-line rule:truthy +on: [push, pull_request] + +jobs: + build: + name: Yamllint + runs-on: ubuntu-latest + + steps: + - name: Checkout git repo + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + + - name: Run yamllint + uses: ansible-actions/yamllint-action@v0.0.1 + with: + target: "./" diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml deleted file mode 100644 index d744e9c..0000000 --- a/.github/workflows/yamllint.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -name: 'Yamllint GitHub Actions' - -# yamllint disable-line rule:truthy -on: - push: - branches: '*' - pull_request: - branches: '*' - -jobs: - yamllint: - name: 'Yamllint' - runs-on: ubuntu-latest - steps: - - name: 'checkout git repo' - uses: actions/checkout@v3 - - - name: 'Yamllint' - uses: karancode/yamllint-github-action@v2.0.0 - with: - yamllint_file_or_dir: '.' - yamllint_config_filepath: './.yamllint' diff --git a/tasks/configure.yml b/tasks/configure.yml index a5f8d0c..2f47c3f 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -1,7 +1,7 @@ --- -- name: rspamd password generation +- name: Rspamd password generation block: - - name: configure rspamd password + - name: Configure rspamd password become: true ansible.builtin.template: src: templates/worker-controller.inc.j2 @@ -11,7 +11,7 @@ group: "{{ rspamd__default_group }}" notify: Run systemctl restart rspamd rescue: - - name: you have to install passlib + - name: You have to install passlib ansible.builtin.fail: msg: 'I caught an error. Maybe you have to install passlib via pip3' @@ -25,7 +25,7 @@ mode: '0640' notify: Run systemctl restart rspamd -- name: milter_headers.conf +- name: Configure milter_headers.conf become: true ansible.builtin.copy: src: files/milter_headers.conf @@ -35,7 +35,7 @@ mode: '0640' notify: Run systemctl restart rspamd -- name: milter_headers.conf +- name: Configure classifier-bayes.conf become: true ansible.builtin.copy: src: files/classifier-bayes.conf @@ -55,7 +55,7 @@ mode: '0640' notify: Run systemctl restart rspamd -- name: classifier-bayes.conf +- name: Modify classifier-bayes.conf become: true ansible.builtin.copy: src: files/classifier-bayes.conf @@ -75,7 +75,7 @@ mode: '0640' notify: Run systemctl restart rspamd -- name: multimap whitelist_ip.map +- name: Multimap whitelist_ip.map become: true ansible.builtin.copy: src: "{{ rspamd__whitelist_ip_file }}" @@ -85,7 +85,7 @@ mode: '0640' notify: Run systemctl restart rspamd -- name: multimap whitelist_from.map +- name: Multimap whitelist_from.map become: true ansible.builtin.copy: src: "{{ rspamd__whitelist_from_file }}" @@ -95,7 +95,7 @@ mode: '0640' notify: Run systemctl restart rspamd -- name: multimap blacklist_ip.map +- name: Multimap blacklist_ip.map become: true ansible.builtin.copy: src: "{{ rspamd__blacklist_ip_file }}" @@ -105,7 +105,7 @@ mode: '0640' notify: Run systemctl restart rspamd -- name: multimap blacklist_from.map +- name: Multimap blacklist_from.map become: true ansible.builtin.copy: src: "{{ rspamd__blacklist_from_file }}" diff --git a/tasks/main.yml b/tasks/main.yml index 3cc8f45..89ee405 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Run optional versioncheck +- name: Run Optional Versioncheck ansible.builtin.include_tasks: file: 'versioncheck.yml' when: submodules_versioncheck | bool @@ -18,7 +18,8 @@ file: 'dkim.yml' when: rspamd__configure_dkim | bool -- name: redis backend + +- name: Redis backend ansible.builtin.include_tasks: file: 'redis.yml' when: rspamd__configure_redis | bool diff --git a/tasks/packages.yml b/tasks/packages.yml index 88bc7cf..8f005da 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -9,15 +9,15 @@ become: true ansible.builtin.apt: name: "{{ item }}" - state: present + state: 'present' loop: - 'lsb-release' - 'wget' - 'debian-goodies' - 'apt-dater-host' - - #apt-transport-https' + - 'apt-transport-https' -- name: add rspam repo key +- name: Add rspam repo key become: true ansible.builtin.apt_key: url: 'https://rspamd.com/apt-stable/gpg.key' @@ -38,7 +38,7 @@ ansible.builtin.apt_repository: repo: "deb [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main" state: present - mode: 0644 + mode: '0644' notify: Run sudo apt update - name: Add rspamd srv-repo @@ -46,7 +46,7 @@ ansible.builtin.apt_repository: repo: "deb-src [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main" state: present - mode: 0644 + mode: '0644' notify: Run sudo apt update - name: Run update if something changed @@ -55,6 +55,6 @@ - name: Install rspamd become: true ansible.builtin.apt: - name: rspamd - state: present - notify: Run systemctl restart rspamd + name: 'rspamd' + state: 'present' + notify: Run systemctl restart rspamd \ No newline at end of file diff --git a/tasks/redis.yml b/tasks/redis.yml index 2fee88f..80bcab4 100644 --- a/tasks/redis.yml +++ b/tasks/redis.yml @@ -9,5 +9,5 @@ - name: Install redis backend become: true ansible.builtin.apt: - name: redis - state: present + name: 'redis' + state: 'present'