Merge pull request #8 from DO1JLR/r

update submodules and acmetool config
2024-09-14 19:53:56 +02:00 · 2023-10-30 02:31:07 +01:00 · 2023-10-30 02:31:07 +01:00 · beb02ad7c5
commit beb02ad7c5
parent a7696f8f99 ad74d0563a
14 changed files with 112 additions and 25 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,12 @@
+---
+# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "gitsubmodule"
+    directory: "/"
+    schedule:
+      interval: "weekly"
--- a/.github/workflows/ansible-linting-check.yml
+++ b/.github/workflows/ansible-linting-check.yml
@ -0,0 +1,23 @@
+---
+name: Ansible Lint check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run ansible-lint
+        uses: ansible-actions/ansible-lint-action@v1.0.2
+        with:
+          target: "./"
+          python_dependency_file: 'requirements.txt'
--- a/.github/workflows/j2lint-check.yml
+++ b/.github/workflows/j2lint-check.yml
@ -0,0 +1,22 @@
+---
+name: Jinja2 Linting check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Jinja2 Linting
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run j2lint
+        uses: ansible-actions/j2lint-action@v0.0.1
+        with:
+          target: "templates/"
--- a/.github/workflows/yamllint-check.yml
+++ b/.github/workflows/yamllint-check.yml
@ -0,0 +1,22 @@
+---
+name: Yamllint check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Yamllint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run yamllint
+        uses: ansible-actions/yamllint-action@v0.0.1
+        with:
+          target: "./"
--- a/.github/workflows/yamllint.yaml
+++ b/.github/workflows/yamllint.yaml
@ -1,20 +0,0 @@
---
-name: 'Yamllint GitHub Actions'
-
-# yamllint disable-line rule:truthy
-on: [push, pull_request]
-
-jobs:
-  yamllint:
-    name: 'Yamllint'
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@master
-      - name: 'Yamllint'
-        uses: karancode/yamllint-github-action@master
-        with:
-          yamllint_file_or_dir: '.'
-          yamllint_config_filepath: './.yamllint'
-          yamllint_strict: false
-          yamllint_comment: true
--- a/host_vars/mail01.l3d.space/vars.yml
+++ b/host_vars/mail01.l3d.space/vars.yml
@ -53,6 +53,16 @@ nginx_sites:
 # letsencrypt
 acme_notification_email: "{{ _acme_notification_email }}"

+# acmetool config
+acme_reload_services:
+  - 'nginx'
+
+acme_restart_services:
+  - 'rspamd'
+  - 'dovecot'
+  - 'unbound'
+  - 'redis-server'
+
 # firewall
 fail2ban_destemail: "{{ _fail2ban_destemail }}"
 firewall_allowed_tcp_ports:
--- a/host_vars/services.l3d.space/vars.yml
+++ b/host_vars/services.l3d.space/vars.yml
@ -19,3 +19,7 @@ etebase__allowed_hosts_allowed_host1: 'etebase.l3d.ch'
 etebase__restart_webserver: true
 etebase__systemd_setup: true
 etebase__create_backup: true
+
+# acmetool config
+acme_reload_services:
+  - 'nginx'
--- a/host_vars/web01.l3d.space/vars.yml
+++ b/host_vars/web01.l3d.space/vars.yml
@ -107,6 +107,13 @@ local_accounts:
  - 'klima'
  - 'roles'

+# acmetool config
+acme_reload_services:
+  - 'nginx'
+
+acme_restart_services:
+  - 'gitea'
+
 acme_domain_unwant_list: []
 #  - name: 'example.com'

--- a/requirements.txt
+++ b/requirements.txt
@ -1 +1,2 @@
-jmespath
+jmespath>=1.0.1
+passlib[bcrypt]>=1.7.4
--- a/requirements.yml
+++ b/requirements.yml
@ -0,0 +1,6 @@
+---
+collections:
+  - name: 'community.general'
+    version: ">=7.5.0,<=8.0.0"
+  - name: 'community.crypto'
+    version: ">=2.15.1,<=3.0.0"
--- a/roles/do1jlr.acmetool
+++ b/roles/do1jlr.acmetool
@ -1 +1 @@
-Subproject commit 83df9b74904169e5698555cac183e5cb410f86a6
+Subproject commit 18a56d9045a78634f9fcaf0d8cd5aa0ab2f1393e
--- a/roles/do1jlr.etebase
+++ b/roles/do1jlr.etebase
@ -1 +1 @@
-Subproject commit 1c12366f23b6f8f516eba2605b91fa7c1dd1cfc4
+Subproject commit 16f389ca76868c0208191595aa036a19cc49c867
--- a/roles/do1jlr.rspamd
+++ b/roles/do1jlr.rspamd
@ -1 +1 @@
-Subproject commit 8dcfbcbeead8675161aff34804603b2cd9a548ec
+Subproject commit affa49e57040ff0852a85ab3d4ee0da6c6669f2d
--- a/roles/do1jlr.weechat
+++ b/roles/do1jlr.weechat
@ -1 +1 @@
-Subproject commit 759f0be0edc8fc7cd6416b8f47755e2b13f5d47f
+Subproject commit f31546bbda440578f289aa27469fd5bf778a96fb