chore: Bump gitea provider ⬆️

fix: Linting errors on CI 🚨
2024-04-24 12:17:54 +12:00 · 2024-04-24 11:23:27 +12:00 · 2024-04-23 23:07:13 +12:00 · 2024-04-23 22:51:46 +12:00 · 2024-04-23 22:08:59 +12:00 · 2024-04-23 16:57:47 +12:00
35 changed files with 808 additions and 308 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -0,0 +1,6 @@
 profile: basic
 skip_list: # or 'skip_list' to silence them completely
  - experimental # all rules tagged as experimental
  - unnamed-task # All tasks should be named
  - fqcn-builtins
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,82 @@
 name: CI
 on: push
 jobs:
  # lint:
  #   runs-on: ubuntu-latest
  #   steps:
  #     - uses: actions/checkout@v4
  #     - uses: actions/setup-go@v5
  #       with:
  #         go-version: '1.22'
  #     - uses: golangci/golangci-lint-action@v3
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.10'
          #cache: 'pip' # caching pip dependencies
      - name: Ensure requirements are installed
        run: pip install -r requirements.txt
      - name: Lint with ansible-lint
        run: ansible-lint -c ".ansible-lint"
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
      - name: Lint with yamllint
        run: yamllint .
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
  molecule:
    name: Molecule Tests ${{ matrix.os }}
    runs-on: ubuntu-latest
    strategy:
      fail-fast: true
      matrix:
        os: [almalinux8, almalinux9]
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.10'
          #cache: 'pip' # caching pip dependencies
      - name: Ensure requirements are installed
        run: pip install -r requirements.txt
      - name: Run Molecule tests.
        run: molecule test
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          MOLECULE_DISTRO: ${{ matrix.os }}
  release:
    runs-on: ubuntu-latest
    steps:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
         go-version: '1.22'
     - name: Install gitea provider for Go Semantic Release
       run: |
         mkdir -p .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/ && \
         wget https://github.com/cybercinch/go-semantic-release-provider-gitea/releases/download/v${GITEA_PROVIDER_VER}/go-semantic-release-provider-gitea_v${GITEA_PROVIDER_VER}_linux_amd64 \
         -O .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea && \
         chmod a+x .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea
       env:
         GITEA_PROVIDER_VER: 1.0.11
     - run: |
         echo "github repo: ${GITHUB_REPOSITORY}"
         echo "env vars: $(env)"
     - uses: go-semantic-release/action@v1
       with:
         custom-arguments: --provider=gitea
       env:
         GITEA_TOKEN: ${{ secrets.G_TOKEN }}
         GITEA_HOST: ${{ secrets.G_SERVER_URL}}
--- a/.gitignore
+++ b/.gitignore
@@ -5,13 +5,14 @@
 *.idea
 # Ignore any retry files from ansible
 *.retry
-
+*/.terraform
 # Ignore roles
 roles/*
 !roles/.gitkeep
 !files/authorized_keys/
 files/authorized_keys/*
 !files/authorized_keys/.gitkeep
 env/
 # Do not commit Vault password
 .vault_password.txt
--- a/.woodpecker/cron.yml
+++ b/.woodpecker/cron.yml
@@ -0,0 +1,28 @@
 matrix:
  include:
    - MOLECULE_DISTRO: centos7
    - MOLECULE_DISTRO: almalinux8
 clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      recursive: true
      submodule_update_remote: true
 when:
  event: [ cron ]
 steps:
  test:
    name: Test on ${MOLECULE_DISTRO}
    image: guisea/ansible-molecule
    pull: true
    environment:
      PY_COLORS: '1'
      ANSIBLE_FORCE_COLOR: '1'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
    when:
      event: [ cron ]
--- a/.woodpecker/lint.yml
+++ b/.woodpecker/lint.yml
@@ -0,0 +1,43 @@
 clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      recursive: true
      submodule_update_remote: true
 when:
  event: [ push, manual ]
 steps:
  ansible-lint:
    group: test
    name: "Lint: Ansible-lint"
    image: guisea/ansible-molecule
    environment:
      PY_COLORS: '1'
      ANSIBLE_FORCE_COLOR: '1'
    commands:
      - ansible-lint -c ".ansible-lint"
    when:
      event: [ push, manual ]
  yamllint:
    group: test
    name: "Lint: Yamllint"
    image: guisea/ansible-molecule
    commands:
      - yamllint -f colored .
    when:
      event: [ push, manual ]
  ntfy:
    image: codeberg.org/l-x/woodpecker-ntfy
    settings:
        url: https://ntfy.cybercinch.nz/ci-status
        title: "Lint failed for ${CI_REPO_NAME}"
        priority: urgent
        icon: https://woodpecker-ci.org/img/logo.svg
        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
        message: >
          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
                ${CI_COMMIT_MESSAGE}
    when:
      event: [ push, manual ]
      status: [ failure ]
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -0,0 +1,48 @@
 matrix:
  include:
    - MOLECULE_DISTRO: centos7
    - MOLECULE_DISTRO: almalinux8
    - MOLECULE_DISTRO: almalinux9
 clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      recursive: true
      submodule_update_remote: true
 when:
  event: [ push ]
 steps:
  create-release:
    name: Test on ${MOLECULE_DISTRO}
    image: guisea/ansible-molecule
    pull: true
    environment:
      PY_COLORS: '1'
      ANSIBLE_FORCE_COLOR: '1'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
    #secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
    when:
      event:
        - push
        - manual
  ntfy:
    image: codeberg.org/l-x/woodpecker-ntfy
    settings:
        url: https://ntfy.cybercinch.nz/ci-status
        title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
        priority: urgent
        icon: https://woodpecker-ci.org/img/logo.svg
        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
        message: >
          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
                ${CI_COMMIT_MESSAGE}
    when:
      event: [ push, manual ]
      status: [ failure ]
 depends_on:
  - lint
--- a/.woodpecker/test.yml
+++ b/.woodpecker/test.yml
@@ -0,0 +1,48 @@
 matrix:
  include:
    - MOLECULE_DISTRO: centos7
    - MOLECULE_DISTRO: almalinux8
    - MOLECULE_DISTRO: almalinux9
 clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      recursive: true
      submodule_update_remote: true
 when:
  event: [ push, manual ]
 steps:
  test:
    name: Test on ${MOLECULE_DISTRO}
    image: guisea/ansible-molecule
    pull: true
    environment:
      PY_COLORS: '1'
      ANSIBLE_FORCE_COLOR: '1'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
    #secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
    when:
      event:
        - push
        - manual
  ntfy:
    image: codeberg.org/l-x/woodpecker-ntfy
    settings:
        url: https://ntfy.cybercinch.nz/ci-status
        title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
        priority: urgent
        icon: https://woodpecker-ci.org/img/logo.svg
        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
        message: >
          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
                ${CI_COMMIT_MESSAGE}
    when:
      event: [ push, manual ]
      status: [ failure ]
 depends_on:
  - lint
--- a/.woodpecker/z.ntfy-cron.yml
+++ b/.woodpecker/z.ntfy-cron.yml
@@ -0,0 +1,16 @@
 skip_clone: true
 steps:
  ntfy-success:
    image: codeberg.org/l-x/woodpecker-ntfy
    settings:
        url: https://ntfy.cybercinch.nz/ci-status
        title: Build succeeded on ${CI_REPO_NAME}
        priority: urgent
        icon: https://woodpecker-ci.org/img/logo.svg
        tags: robot,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
        message: >
          Test success when run by cron for ${CI_REPO_NAME}.
 depends_on:
  - "cron"
 runs_on: [ success ]
--- a/.woodpecker/z.ntfy.yml
+++ b/.woodpecker/z.ntfy.yml
@@ -0,0 +1,20 @@
 skip_clone: true
 steps:
  ntfy:
    image: codeberg.org/l-x/woodpecker-ntfy
    settings:
        url: https://ntfy.cybercinch.nz/ci-status
        title: "Build completed for ${CI_REPO_NAME}"
        priority: urgent
        icon: https://woodpecker-ci.org/img/logo.svg
        tags: robot,tada,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
        message: >
          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
                ${CI_COMMIT_MESSAGE}
    when:
      event: [ push, manual ]
      status: [ success ]
 depends_on:
  - lint
  - test
--- a/.woodpecker/zz.ntfy-cron-failed.yml
+++ b/.woodpecker/zz.ntfy-cron-failed.yml
@@ -0,0 +1,16 @@
 skip_clone: true
 steps:
  ntfy-failed:
    image: codeberg.org/l-x/woodpecker-ntfy
    settings:
        url: https://ntfy.cybercinch.nz/ci-status
        title: Build failed on ${CI_REPO_NAME}
        priority: urgent
        icon: https://woodpecker-ci.org/img/logo.svg
        tags: robot,rotating_light,no_entry,${CI_BUILD_EVENT},${CI_REPO_NAME}
        message: >
          Test failed when run by cron for ${CI_REPO_NAME}.
 depends_on:
  - "cron"
 runs_on: [ failure ]
--- a/.yamllint
+++ b/.yamllint
@@ -0,0 +1,35 @@
 ---
 # Based on ansible-lint config
 extends: default
 ignore: |
  .venv/
 rules:
  braces:
    max-spaces-inside: 1
    level: error
  brackets:
    max-spaces-inside: 1
    level: error
  colons:
    max-spaces-after: -1
    level: error
  commas:
    max-spaces-after: -1
    level: error
  comments: disable
  comments-indentation: disable
  document-start: disable
  empty-lines:
    max: 3
    level: error
  hyphens:
    level: error
  indentation: disable
  key-duplicates: enable
  line-length: disable
  new-line-at-end-of-file: enable
  new-lines:
    type: unix
  trailing-spaces: enable
  truthy: disable
--- a/42
+++ b/42
@@ -0,0 +1,42 @@
 .PHONY: clean virtualenv lint test docker dist dist-upload
 clean:
 	find . -name '*.py[co]' -delete
 virtualenv:
 	virtualenv --prompt '|> ansible-role-common <| ' .venv
 	.venv/bin/pip install --upgrade pip
 	.venv/bin/pip install -r requirements.txt
 	.venv/bin/ansible-galaxy collection install -r requirements.yml
 	@echo
 	@echo "VirtualENV Setup Complete. Now run: source .venv/bin/activate"
 	@echo
 test:
 	for distro in almalinux9 ; do \
 		MOLECULE_DISTRO=$$distro molecule test --all ; \
 	done
 lint:
 	@echo "Linting with Ansible-lint"
 	@echo
 	ansible-lint -c ".ansible-lint" --exclude ".venv"
 	@echo
 	@echo "Linting with Yamllint"
 	@echo
 	yamllint .
 	@echo
 docker: clean
 	docker buildx build --platform 'linux/amd64,linux/arm64' --push \
 	-t hub.cybercinch.nz/cybercinch/imap_retention_manager:latest \
 	-t docker.io/cybercinch/imap_retention_manager:latest .
 dist: clean
 	rm -rf dist/*
 	python setup.py sdist
 	python setup.py bdist_wheel
 dist-upload:
 	twine upload dist/*
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-Role Name
+# Common [![status-badge](https://ci.cybercinch.nz/api/badges/8/status.svg)](https://ci.cybercinch.nz/repos/8)
 =========
 A brief description of the role goes here.
@@ -23,9 +23,11 @@ Example Playbook
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 ```yaml
    - hosts: servers
      roles:
         - { role: username.rolename, x: 42 }
 ```
 License
 -------
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,15 +9,13 @@ dns_servers:
  - 1.0.0.1
  - 1.1.1.1
-ADMIN_GROUP: admins
+admin_group: admins
 common_grub_timeout: 5
 postfix_configure: false
 common_packages:
  - libselinux-python
  - MySQL-python
  - nano
  - git
  - htop
@@ -36,3 +34,5 @@ win_packages:
 apply_win_updates: false
 common_show_ipv6: false|bool
 common_root_pwd: l3tm31nN0w
 common_root_email: admin@somplace.co.nz
--- a/files/helpers/set_dhcp_ip.sh
+++ b/files/helpers/set_dhcp_ip.sh
@@ -0,0 +1,8 @@
 #!/bin/bash
 # This script will reset the IP Address back to default of DHCP
 # helpful for a pending restore
 /bin/nmcli c m "System eth0" ipv4.method auto
 /bin/nmcli c m "System eth0" ipv4.address "" ipv4.gateway ""
 /bin/nmcli connection up "System eth0"
--- a/files/helpers/set_static_ip.sh
+++ b/files/helpers/set_static_ip.sh
@@ -0,0 +1,48 @@
 #!/bin/bash
 # get subnet
 subnet=$(ip a | grep "inet " | tail -1 | awk '{print $2}')
 # get router/gateway
 router=$(ip route show | head -1 | awk '{print $3}')
 # get size of network portion of address in bytes
 sz=$(echo $subnet | awk -F / '{print $2}')
 bytes=$(("$sz" / 8))
 prefix=$(echo "$subnet" | cut -d. -f1-$bytes)      # e.g., 192.168.0
 # get IP address to be set
 IP=$(hostname -I | awk '{print $1}')             # current IP
 echo -n "Keep IP address?—$IP [yn]> "
 read -r ans
 if [ "$ans" == "n" ]; then
  echo -n "Enter new IP address: "
  read -r IP
  # check if specified IP is properly formatted
  if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
    echo Invalid IP
  fi
  # check if specified IP works for local network
  if [[ ! $IP =~ ^$prefix ]]; then
    echo "ERROR: Specified IP not usable for local network"
    exit
  fi
 fi
 # check if specified IP is properly formatted
 if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
  echo Invalid IP
 fi
 # fetch the UUID
 UUID=$(nmcli connection show | tail -1 | awk '{print $4}')
 if [[ "$UUID" == "ethernet" ]]; then
 # This is the other format of nmcli connection show
 UUID=$(nmcli connection show | head -2 | tail -1 | awk '{print $3}')
 fi
 # run commands to set up the permanent IP address
 nmcli connection modify "$UUID" IPv4.address "$IP"/"$sz"
 nmcli connection modify "$UUID" IPv4.gateway "$router"
 nmcli connection modify "$UUID" IPv4.method manual
 nmcli connection up "$UUID"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -15,13 +15,19 @@
    name: ntpd
    state: restarted
- name: reboot windows
+- name: Reboot Windows
  win_reboot:
- name: restart NetworkManager
+- name: Restart NetworkManager
  service:
    name: NetworkManager
    state: restarted
 - name: Check if grub.cfg exists
  stat:
    path: /boot/grub2/grub.cfg
  register: grub_cfg
 - name: Update GRUB
  command: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
  when: grub_cfg.stat.exists
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,152 +1,17 @@
 ---
 galaxy_info:
-  author: your name
+  author: guisea <aaron@guise.net.nz>
-  description: 
+  role_name: common # if absent directory name hosting role is used instead
-  company: your company (optional)
+  namespace: cybercinch # if absent, author is used instead
-  # If the issue tracker for your role is not on github, uncomment the
+  description: Commonplace system setup
-  # next line and provide a value
+  company: CyberCinch
-  # issue_tracker_url: http://example.com/issue/tracker
+  license: MIT
-  # Some suggested licenses:
+  min_ansible_version: "2.9"
  # - BSD (default)
  # - MIT
  # - GPLv2
  # - GPLv3
  # - Apache
  # - CC-BY
  license: license (GPLv2, CC-BY, etc)
  min_ansible_version: 1.2
  #
  # Below are all platforms currently available. Just uncomment
  # the ones that apply to your role. If you don't see your 
  # platform on this list, let us know and we'll get it added!
  #
  #platforms:
  #- name: EL
  #  versions:
  #  - all
  #  - 5
  #  - 6
  #  - 7
  #- name: GenericUNIX
  #  versions:
  #  - all
  #  - any
  #- name: Solaris
  #  versions:
  #  - all
  #  - 10
  #  - 11.0
  #  - 11.1
  #  - 11.2
  #  - 11.3
  #- name: Fedora
  #  versions:
  #  - all
  #  - 16
  #  - 17
  #  - 18
  #  - 19
  #  - 20
  #  - 21
  #  - 22
  #  - 23
  #- name: Windows
  #  versions:
  #  - all
  #  - 2012R2
  #- name: SmartOS
  #  versions:
  #  - all
  #  - any
  #- name: opensuse
  #  versions:
  #  - all
  #  - 12.1
  #  - 12.2
  #  - 12.3
  #  - 13.1
  #  - 13.2
  #- name: Amazon
  #  versions:
  #  - all
  #  - 2013.03
  #  - 2013.09
  #- name: GenericBSD
  #  versions:
  #  - all
  #  - any
  #- name: FreeBSD
  #  versions:
  #  - all
  #  - 10.0
  #  - 10.1
  #  - 10.2
  #  - 8.0
  #  - 8.1
  #  - 8.2
  #  - 8.3
  #  - 8.4
  #  - 9.0
  #  - 9.1
  #  - 9.1
  #  - 9.2
  #  - 9.3
  #- name: Ubuntu
  #  versions:
  #  - all
  #  - lucid
  #  - maverick
  #  - natty
  #  - oneiric
  #  - precise
  #  - quantal
  #  - raring
  #  - saucy
  #  - trusty
  #  - utopic
  #  - vivid
  #- name: SLES
  #  versions:
  #  - all
  #  - 10SP3
  #  - 10SP4
  #  - 11
  #  - 11SP1
  #  - 11SP2
  #  - 11SP3
  #- name: GenericLinux
  #  versions:
  #  - all
  #  - any
  #- name: Debian
  #  versions:
  #  - all
  #  - etch
  #  - jessie
  #  - lenny
  #  - squeeze
  #  - wheezy
  #
  # Below are all categories currently available. Just as with
  # the platforms above, uncomment those that apply to your role.
  #
  #categories:
  #- cloud
  #- cloud:ec2
  #- cloud:gce
  #- cloud:rax
  #- clustering
  #- database
  #- database:nosql
  #- database:sql
  #- development
  #- monitoring
  #- networking
  #- packaging
  #- system
  #- web
 dependencies: []
  # List your role dependencies here, one per line.
  # Be sure to remove the '[]' above if you add dependencies
  # to this list.
  platforms:
    - name: EL
      versions:
        - all
  galaxy_tags: []
 dependencies: []
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -0,0 +1,7 @@
 ---
 - name: Converge
  hosts: all
  tasks:
    - name: "Include common"
      include_role:
        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,24 @@
 ---
 dependency:
  name: galaxy
 driver:
  name: docker
 platforms:
  - name: molecule-${MOLECULE_DISTRO:-almalinux8}
    image: "cybercinch/docker-${MOLECULE_DISTRO:-almalinux8}-ansible:latest"
    command: ${MOLECULE_DOCKER_COMMAND:-""}
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    cgroupns_mode: host
    privileged: true
    pre_build_image: true
 provisioner:
  name: ansible
  env:
    MOLECULE_NO_LOG: true
 # verifier:
 #  name: ansible
 # lint: |
 #   set -e
 #   yamllint .
 #   ansible-lint
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -0,0 +1,10 @@
 ---
 # This is an example playbook to execute Ansible tests.
 - name: Verify
  hosts: all
  gather_facts: false
  tasks:
  - name: Example assertion
    assert:
      that: true
--- a/requirements.txt
+++ b/requirements.txt
@@ -0,0 +1,6 @@
 ansible-core<2.17
 ansible-compat<4
 molecule[docker]<5.0.0
 ansible-lint==6.16.2
 yamllint==1.32.0
 passlib==1.7.4
--- a/requirements.yml
+++ b/requirements.yml
@@ -0,0 +1,3 @@
 collections:
  - ansible.windows
  - community.general
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@@ -1,22 +1,20 @@
 ---
 # tasks file for common role
- include: networking.yml
+- include_tasks: networking.yml
- name: Ensure common packages
+- name: Ensure common packages (RHEL)
  yum:
-    name: "{{item}}"
+    name: "{{ common_packages }}"
    state: present
    enablerepo: epel
  with_items: "{{ common_packages }}"
  when: ansible_distribution != 'OracleLinux'
  tags: packages
- name: Ensure common packages
+- name: Ensure common packages (OracleLinux)
  yum:
-    name: "{{item}}"
+    name: "{{ common_packages }}"
    state: present
    enablerepo: ol7_developer_EPEL
  with_items: "{{ common_packages }}"
  when: ansible_distribution == 'OracleLinux'
  tags: packages
@@ -40,7 +38,9 @@
 #  tags: security
 - name: Create admin group
-  group: name={{ADMIN_GROUP}} state=present
+  group:
    name: "{{ admin_group }}"
    state: present
 - name: Configure yum limit
  lineinfile:
@@ -51,26 +51,22 @@
 - name: Ensure Helpers are present
  copy:
-    src: "{{ item.src }}"
+    src: helpers/
-    dest: "{{ item.dest }}"
+    dest: /usr/local/bin/
    mode: u+rwx,g+rx,o+rx
  with_items:
    - src: helpers/reload_scsi_devices
      dest: /usr/local/bin/reload_scsi_devices
    - src: helpers/reload_scsi_hosts
      dest: /usr/local/bin/reload_scsi_hosts
 - name: Ensure Hostname is set
  hostname:
    name: "{{ inventory_hostname }}.{{ domain }}"
  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
 - name: Change root password
  user:
    name: root
-    password: "{{ root_pwd }}"
+    password: "{{ common_root_pwd | password_hash('sha512') }}"
  changed_when: false
  tags: rootpw
- include: grub.yml
+- include_tasks: grub.yml
- include: communication.yml
+- include_tasks: communication.yml
- include: motd.yml
+- include_tasks: motd.yml
--- a/tasks/Windows.yml
+++ b/tasks/Windows.yml
@@ -30,7 +30,7 @@
    admin_password: "{{ vault_ad_password }}"
    domain_name: "{{ authconfig_domain }}"
  when: ad_domain_joined
-  notify: reboot windows
+  notify: Reboot Windows
 - meta: flush_handlers
 - name: Ensure Important dirs exist
@@ -53,7 +53,7 @@
 - name: Apply Windows Updates
  win_updates:
  when: apply_windows_updates
-  notify: reboot windows
+  notify: Reboot Windows
 - meta: flush_handlers
 - name: Ensure default applications installed
@@ -61,4 +61,3 @@
    name: "{{ item }}"
    state: present
  with_items: "{{ win_packages }}"
--- a/tasks/common.yml
+++ b/tasks/common.yml
@@ -0,0 +1,5 @@
 ---
 - include_tasks: networking.yml
 - include_tasks: communication.yml
 - include_tasks: grub.yml
 - include_tasks: motd.yml
--- a/tasks/communication.yml
+++ b/tasks/communication.yml
@@ -1,43 +1,48 @@
 ---
 - name: Postfix Configuration
  when: postfix_configure
  block:
-    - name: postfix | Apply postfix configuration
+    - name: Postfix | Apply postfix configuration
      lineinfile:
-        dest: "{{item.dest}}"
+        dest: "{{ configurations.dest }}"
-        regexp: "{{item.regexp}}"
+        regexp: "{{ configurations.regexp }}"
-        line: "{{item.line}}"
+        line: "{{ configurations.line }}"
        insertafter: EOF
      notify: Restart Postfix
      when: "'SMTP0' not in inventory_hostname"
      with_items:
-        - { dest: /etc/postfix/main.cf,
+        - {
            dest: /etc/postfix/main.cf,
            regexp: "^.?inet_protocols =",
-            line: "inet_protocols = ipv4"
+            line: "inet_protocols = ipv4",
          }
-        - { dest: /etc/postfix/main.cf,
+        - {
            dest: /etc/postfix/main.cf,
            regexp: "^.?inet_interfaces =",
-            line: "inet_interfaces = all"
+            line: "inet_interfaces = all",
          }
-        - { dest: /etc/postfix/main.cf,
+        - {
            dest: /etc/postfix/main.cf,
            regexp: "^.?relayhost =",
-            line: "relayhost = {{ relayhost }}"
+            line: "relayhost = {{ relayhost }}",
          }
        - {
            dest: /etc/postfix/main.cf,
            regexp: "^.?smtp_randomize_addresses =",
-            line: "smtp_randomize_addresses = no"
+            line: "smtp_randomize_addresses = no",
          }
      loop_control:
        loop_var: configurations
-    - name: postfix | Ensure Postfix is Started/Enabled
+    - name: Postfix | Ensure Postfix is Started/Enabled
      service:
        name: postfix
        state: started
        enabled: yes
  when: postfix_configure
 - name: Ensure root forwarding address is set
  lineinfile:
    dest: ~/.forward
-    regexp: "{{ root_email }}"
+    regexp: "{{ common_root_email }}"
-    line: "{{ root_email }}"
+    line: "{{ common_root_email }}"
    create: yes
--- a/tasks/grub.yml
+++ b/tasks/grub.yml
@@ -18,7 +18,9 @@
    option: GRUB_TIMEOUT
    value: "{{ common_grub_timeout }}"
    no_extra_spaces: yes
-  when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'"
+  when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version > '6'"
-  notify: Update GRUB
+  notify:
    - Check if grub.cfg exists
    - Update GRUB
  tags:
    - grub
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,9 @@
 ---
- include: "{{ ansible_os_family }}.yml"
+- name: Include tasks only if one of the files exist, otherwise skip the task
  include_tasks: "{{ item }}"
  vars:
    params:
      files:
        - "{{ ansible_os_family }}.yml"
        - "common.yml"
  loop: "{{ q('first_found', params, errors='ignore') }}"
--- a/tasks/networking.yml
+++ b/tasks/networking.yml
@@ -1,47 +1,62 @@
 ---
 - name: What is virtualization type?
  debug:
    msg: "Virtualization is: {{ ansible_virtualization_type }}"
 - name: Ensure DNS and SSH common config
  template:
-    src: "{{ item.src }}"
+    src: "{{ network_config.src }}"
-    dest: "{{ item.dest }}"
+    dest: "{{ network_config.dest }}"
-    mode: "{{ item.mode }}"
+    mode: "{{ network_config.mode }}"
    backup: yes
  with_items:
-    - { src: etc.sysconfig.network.j2,
+    - {
        src: etc.sysconfig.network.j2,
        dest: /etc/sysconfig/network,
-        mode: u+rw,a+r
+        mode: u+rw,
-      }
+        a+r,
    - { src: etc.resolv.conf.j2,
        dest: /etc/resolv.conf,
        mode: u+rw,a+r
      }
    - { src: etc.resolv.conf.j2, dest: /etc/resolv.conf, mode: u+rw, a+r }
  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
  loop_control:
    loop_var: network_config
  tags: dns
 - name: Ensure hosts file correct
  lineinfile:
    dest: /etc/hosts
-    regexp: "{{ item.regexp }}"
+    regexp: "{{ hosts_config.regexp }}"
-    line: "{{ item.line }}"
+    line: "{{ hosts_config.line }}"
    backrefs: yes
    backup: yes
  with_items:
-    - {regexp: "^127.0.0.1.+localdomain4$",
+    - {
-         line: "127.0.0.1   localhost {{ inventory_hostname }}"
+        regexp: "^127.0.0.1.+localdomain4$",
        line: "127.0.0.1   localhost {{ inventory_hostname }}",
      }
-    - {regexp: "^::1.+localdomain6$",
+    - {
-         line: "::1         localhost {{ inventory_hostname }}"
+        regexp: "^::1.+localdomain6$",
        line: "::1         localhost {{ inventory_hostname }}",
      }
-    - {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
+    - {
-         line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}"
+        regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
        line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
      }
-    - {regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
+    - {
-       line: "127.0.0.1   localhost {{ inventory_hostname }}"
+        regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
        line: "127.0.0.1   localhost {{ inventory_hostname }}",
      }
-    - {regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
+    - {
-       line: "::1         localhost {{ inventory_hostname }}"
+        regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
        line: "::1         localhost {{ inventory_hostname }}",
      }
-    - {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
+    - {
-       line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}"
+        regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
        line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
      }
  loop_control:
    loop_var: hosts_config
  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
 - name: Ensure NetworkManager does not fiddle DNS
  ini_file:
@@ -52,16 +67,18 @@
    backup: yes
  when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7")
  notify:
-    - restart NetworkManager
+    - Restart NetworkManager
  changed_when: false
 - name: Ensure correct permissions (hosts/resolv.conf)
  file:
-    path: "{{item}}"
+    path: "{{ perm_config }}"
    state: touch
    mode: u+rw,g+r,a+r
  with_items:
    - /etc/resolv.conf
    - /etc/hosts
  loop_control:
    loop_var: perm_config
  changed_when: false
  tags: dns
--- a/templates/dynmotd
+++ b/templates/dynmotd
@@ -15,21 +15,22 @@
 #      /usr/local/bin/dynmotd
 #
-USER=`/usr/bin/whoami`
+if getent group "{{ admin_group }}" | grep -qw "$(whoami)"; then
-HOSTNAME=`/usr/bin/uname -n | /usr/bin/cut -d. -f1`
+    USER=`/usr/bin/env whoami`
-IP=`/usr/sbin/ip route get 1 | grep -Po '(?<=src.)[\w\d.]+'`
+    HOSTNAME=`/usr/bin/env uname -n | /usr/bin/env cut -d. -f1`
-IP6=`/sbin/ip -6 addr | awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
+    IP=`/usr/bin/env ip route get 1 | /usr/bin/env grep -Po '(?<=src.)[\w\d.]+'`
-NUM_CPU=`/usr/bin/lscpu | /usr/bin/grep "CPU(s):" | /usr/bin/head -n 1 | /usr/bin/awk '{print $2}'`
+    IP6=`/usr/bin/env ip -6 addr | /usr/bin/env awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
-ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
+    NUM_CPU=`cat /proc/cpuinfo | grep processor | wc -l`
-HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
+    #ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
-BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
+    #HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
-
+    #BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
-MEMORY=`/usr/bin/free -m | /usr/bin/grep "Mem" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
+    FILESYSTEMS=`cat /etc/fstab | grep -v '#' | grep -v 'swap' | grep -v 'proc' | awk '{if(NF>0) {print $2}}'`
-SWAP=`/usr/bin/free -m | /usr/bin/grep "Swap" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
+    MEMORY=`/usr/bin/env free -m | /usr/bin/env grep "Mem" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
-PSA=`/usr/bin/ps -Afl | wc -l`
+    SWAP=`/usr/bin/env free -m | /usr/bin/env grep "Swap" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
    PSA=`/usr/bin/env ps -Afl | /usr/bin/env wc -l`
    # time of day
-HOUR=$(/usr/bin/date +"%H")
+    HOUR=$(/usr/bin/env date +"%H")
    if [ $HOUR -lt 12  -a $HOUR -ge 0 ]
    then    TIME="morning"
    elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
@@ -39,17 +40,17 @@ else
    fi
    #System uptime
-uptime=`/usr/bin/cat /proc/uptime | cut -f1 -d.`
+    uptime=`/usr/bin/env cat /proc/uptime | cut -f1 -d.`
    upDays=$((uptime/60/60/24))
    upHours=$((uptime/60/60%24))
    upMins=$((uptime/60%60))
    upSecs=$((uptime%60))
    #System load
-LOADAVG=`/usr/bin/cat /proc/loadavg`
+    LOADAVG=`/usr/bin/env cat /proc/loadavg`
-LOAD1=`echo $LOADAVG | /usr/bin/awk {'print $1'}`
+    LOAD1=`echo $LOADAVG | /usr/bin/env awk {'print $1'}`
-LOAD5=`echo $LOADAVG | /usr/bin/awk {'print $2'}`
+    LOAD5=`echo $LOADAVG | /usr/bin/env awk {'print $2'}`
-LOAD15=`echo $LOADAVG | /usr/bin/awk {'print $3'}`
+    LOAD15=`echo $LOADAVG | /usr/bin/env awk {'print $3'}`
    echo ""
    echo -e "\e[7m--- GOOD $TIME $USER ----\e[0m"
@@ -63,14 +64,19 @@ RESET_COLORS="\e[0m"
    echo -e "
    ===========================================================================
    $COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
- {% if common_show_ipv6 %}
+    {% if common_show_ipv6 == true %}
    $COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS  
    $COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS  
- {% else %}
+    {% else %} $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
 $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
    {% endif %}
- $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `cat {{ ansible_distribution_file_path }}` $RESET_COLORS
+    {% if ansible_distribution == "Alpine" %}
    $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE Alpine `/usr/bin/env cat /etc/os-release` $RESET_COLORS
    {% else %}
    $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `/usr/bin/env cat /etc/os-release | /usr/bin/env grep PRETTY_NAME | /usr/bin/env cut -d '"' -f 2` $RESET_COLORS
    {% endif %}
    {% if ansible_distribution != "Alpine" %}
    $COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
    {% endif %}
    =========================================================================== $RESET_COLORS
    $COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
    $COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
@@ -79,7 +85,19 @@ echo -e "
    $COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
    $COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
    $COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
- $COLOR_COLUMN- Disk space$RESET_COLORS..........: $COLOR_VALUE $ROOT remaining $RESET_COLORS
+    {% if ansible_virtualization_type != "lxc" %}
    $COLOR_COLUMN- Disk space$RESET_COLORS..........: "
    for FS in ${FILESYSTEMS}; do
    echo -e " $COLOR_COLUMN- ..........$RESET_COLORS..........: $COLOR_VALUE `df -H ${FS} | grep -v 'Filesystem' | grep -v '^[[:space:]]*$' | awk '{print $6 \" \" $4}'` remaining $RESET_COLORS"
    done
    {% endif %}
    echo -e "
    ===========================================================================
 `/usr/bin/cat /etc/motd`
    "
    if [ -f /etc/motd ]; then
    /usr/bin/env cat /etc/motd
    fi
 else
  # Just exit :)
  exit 0
 fi;
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -0,0 +1,22 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/linode/linode" {
  version     = "1.16.0"
  constraints = "1.16.0"
  hashes = [
    "h1:JpBtHnebAi6yr/aDdlk8EybaEiEY+VPtFP3o0QoMTng=",
    "zh:03c867440797b82012cd5d97f58fef5885dc0248683227299a39af836df222db",
    "zh:0486be7f72d6ea73d10140e23be8c1d2772b2d8be28c7bb39c73be83601405cf",
    "zh:181929d6880cac6500f4af1f3799385c47ccd69872cacf1042a3a48e445b2b02",
    "zh:18b7f6cc1ddf86e28322638607e1f84c1e9d56824c26903e22d4d12352f20b6e",
    "zh:4e65e7f9e17c334ff7047fc2dd8fc479c2509cba66834d89e2033a45e9275fe3",
    "zh:6077eda3fdf77a5158d9dc1a0c38492e23f7d679b1ac96382ba92ebe92e19266",
    "zh:642e7c96867c519176d84228a7f9104352212ae3c999b409eee1076b7ed90a96",
    "zh:6451f5117125fad9884214fe2f2635a2bed95912e64cf1c66a57c38558dfe907",
    "zh:83b957b30da19586393b9aea2cc93524a7d4c43dd07d11129a11d29c2b4bfb21",
    "zh:852954fe6cfe5278bd7c3d1079a9832bbf8c58436486489ed85154c0a0600633",
    "zh:a2385c51147a3c40707f7bfceb673c077e1054e8af6fb4c808cef56f995b8193",
    "zh:d21cd5cb5a635d18547430fe6cdfe3c6898541f9f3adc110edbf8d6e0439390d",
  ]
 }
--- a/terraform/drone-runners.tf
+++ b/terraform/drone-runners.tf
@@ -0,0 +1,58 @@
 variable "drone_instances" {
  description = "How many runner instances should there be?"
  default = 3
 }
 variable "root_pass" {
  description = "Root password to set on the node"
 }
 variable "linode_api_token" {
  description = "Linode API Token"
 }
 variable "ssh_pubkey" {
    description = "SSH key to be allowed access by default"
 }
 terraform {
  required_providers {
    linode = {
      source = "linode/linode"
      version = "1.16.0"
    }
  }
 backend "local" {
         path = "/data/runner.tfstate"  
 }
 }
 provider "linode" {
  token = var.linode_api_token
 }
 resource "linode_instance" "terraform-drone" {
  connection { 
               type = "ssh"
               user = "root"
               password = var.root_pass    
               host     = self.ip_address  
             }
        count = var.drone_instances
        image = "private/15818922"
        label = "drone-runner-${count.index + 1}"
        group = "docker"
        tags = ["tag_Testing","docker"]
        region = "ap-southeast"
        type = "g6-standard-2"
        authorized_keys = [ var.ssh_pubkey ]
        root_pass = var.root_pass
  provisioner "remote-exec" {
    inline = [
        "yum upgrade -y && systemctl restart docker",
        "docker rm -f runner",
        "docker run --detach --volume=/var/run/docker.sock:/var/run/docker.sock --env=DRONE_RPC_PROTO=https --env=DRONE_RPC_HOST=drone.guise.net.nz --env=DRONE_RPC_SECRET=super-duper-secret --env=DRONE_RUNNER_CAPACITY=2 --env=DRONE_RUNNER_NAME=drone-runner-${count.index + 1} --env=DRONE_RUNNER_LABELS='linodrone:true' --env=--publish=3000:3000 --restart=always --name=runner drone/drone-runner-docker:1"
    ]
  }
 }
--- a/test.sh
+++ b/test.sh
@@ -0,0 +1,7 @@
 #!/bin/bash
 if getent group "wheel" | grep -qw "$(whoami)"; then
  echo true
 else
  echo false
 fi;