diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c40819a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +--- +# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + - package-ecosystem: "gitsubmodule" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/ansible-linting-check.yml b/.github/workflows/ansible-linting-check.yml new file mode 100644 index 0000000..9f13b8c --- /dev/null +++ b/.github/workflows/ansible-linting-check.yml @@ -0,0 +1,23 @@ +--- +name: Ansible Lint check + +# yamllint disable-line rule:truthy +on: [push, pull_request] + +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + + steps: + - name: Checkout git repo + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + + - name: Run ansible-lint + uses: ansible-actions/ansible-lint-action@v1.0.2 + with: + target: "./" + python_dependency_file: 'requirements.txt' diff --git a/.github/workflows/j2lint-check.yml b/.github/workflows/j2lint-check.yml new file mode 100644 index 0000000..95647bd --- /dev/null +++ b/.github/workflows/j2lint-check.yml @@ -0,0 +1,22 @@ +--- +name: Jinja2 Linting check + +# yamllint disable-line rule:truthy +on: [push, pull_request] + +jobs: + build: + name: Jinja2 Linting + runs-on: ubuntu-latest + + steps: + - name: Checkout git repo + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + + - name: Run j2lint + uses: ansible-actions/j2lint-action@v0.0.1 + with: + target: "templates/" diff --git a/.github/workflows/yamllint-check.yml b/.github/workflows/yamllint-check.yml new file mode 100644 index 0000000..5e62f57 --- /dev/null +++ b/.github/workflows/yamllint-check.yml @@ -0,0 +1,22 @@ +--- +name: Yamllint check + +# yamllint disable-line rule:truthy +on: [push, pull_request] + +jobs: + build: + name: Yamllint + runs-on: ubuntu-latest + + steps: + - name: Checkout git repo + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + + - name: Run yamllint + uses: ansible-actions/yamllint-action@v0.0.1 + with: + target: "./" diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml deleted file mode 100644 index c4894bd..0000000 --- a/.github/workflows/yamllint.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: 'Yamllint GitHub Actions' - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - yamllint: - name: 'Yamllint' - runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@master - - name: 'Yamllint' - uses: karancode/yamllint-github-action@master - with: - yamllint_file_or_dir: '.' - yamllint_config_filepath: './.yamllint' - yamllint_strict: false - yamllint_comment: true diff --git a/host_vars/mail01.l3d.space/vars.yml b/host_vars/mail01.l3d.space/vars.yml index f35d6a7..4189e07 100644 --- a/host_vars/mail01.l3d.space/vars.yml +++ b/host_vars/mail01.l3d.space/vars.yml @@ -53,6 +53,16 @@ nginx_sites: # letsencrypt acme_notification_email: "{{ _acme_notification_email }}" +# acmetool config +acme_reload_services: + - 'nginx' + +acme_restart_services: + - 'rspamd' + - 'dovecot' + - 'unbound' + - 'redis-server' + # firewall fail2ban_destemail: "{{ _fail2ban_destemail }}" firewall_allowed_tcp_ports: diff --git a/host_vars/services.l3d.space/vars.yml b/host_vars/services.l3d.space/vars.yml index d9c903b..fbe25ce 100644 --- a/host_vars/services.l3d.space/vars.yml +++ b/host_vars/services.l3d.space/vars.yml @@ -19,3 +19,7 @@ etebase__allowed_hosts_allowed_host1: 'etebase.l3d.ch' etebase__restart_webserver: true etebase__systemd_setup: true etebase__create_backup: true + +# acmetool config +acme_reload_services: + - 'nginx' diff --git a/host_vars/web01.l3d.space/vars.yml b/host_vars/web01.l3d.space/vars.yml index a346543..8faa291 100644 --- a/host_vars/web01.l3d.space/vars.yml +++ b/host_vars/web01.l3d.space/vars.yml @@ -107,6 +107,13 @@ local_accounts: - 'klima' - 'roles' +# acmetool config +acme_reload_services: + - 'nginx' + +acme_restart_services: + - 'gitea' + acme_domain_unwant_list: [] # - name: 'example.com' diff --git a/requirements.txt b/requirements.txt index 45c1e03..da63411 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ -jmespath +jmespath>=1.0.1 +passlib[bcrypt]>=1.7.4 diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..4fcd9ad --- /dev/null +++ b/requirements.yml @@ -0,0 +1,6 @@ +--- +collections: + - name: 'community.general' + version: ">=7.5.0,<=8.0.0" + - name: 'community.crypto' + version: ">=2.15.1,<=3.0.0" diff --git a/roles/do1jlr.acmetool b/roles/do1jlr.acmetool index 83df9b7..18a56d9 160000 --- a/roles/do1jlr.acmetool +++ b/roles/do1jlr.acmetool @@ -1 +1 @@ -Subproject commit 83df9b74904169e5698555cac183e5cb410f86a6 +Subproject commit 18a56d9045a78634f9fcaf0d8cd5aa0ab2f1393e diff --git a/roles/do1jlr.etebase b/roles/do1jlr.etebase index 1c12366..16f389c 160000 --- a/roles/do1jlr.etebase +++ b/roles/do1jlr.etebase @@ -1 +1 @@ -Subproject commit 1c12366f23b6f8f516eba2605b91fa7c1dd1cfc4 +Subproject commit 16f389ca76868c0208191595aa036a19cc49c867 diff --git a/roles/do1jlr.rspamd b/roles/do1jlr.rspamd index 8dcfbcb..affa49e 160000 --- a/roles/do1jlr.rspamd +++ b/roles/do1jlr.rspamd @@ -1 +1 @@ -Subproject commit 8dcfbcbeead8675161aff34804603b2cd9a548ec +Subproject commit affa49e57040ff0852a85ab3d4ee0da6c6669f2d diff --git a/roles/do1jlr.weechat b/roles/do1jlr.weechat index 759f0be..f31546b 160000 --- a/roles/do1jlr.weechat +++ b/roles/do1jlr.weechat @@ -1 +1 @@ -Subproject commit 759f0be0edc8fc7cd6416b8f47755e2b13f5d47f +Subproject commit f31546bbda440578f289aa27469fd5bf778a96fb