chore: Bump gitea provider ⬆️

Add yamllint to "make lint"

.ansible-lint

@@ -0,0 +1,6 @@
+profile: basic
+
+skip_list: # or 'skip_list' to silence them completely
+  - experimental # all rules tagged as experimental
+  - unnamed-task # All tasks should be named
+  - fqcn-builtins

.github/workflows/ci.yml

@@ -0,0 +1,82 @@
+name: CI
+on: push
+
+jobs:
+  # lint:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: actions/setup-go@v5
+  #       with:
+  #         go-version: '1.22'
+  #     - uses: golangci/golangci-lint-action@v3
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          #cache: 'pip' # caching pip dependencies
+      - name: Ensure requirements are installed
+        run: pip install -r requirements.txt
+      - name: Lint with ansible-lint
+        run: ansible-lint -c ".ansible-lint"
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+      - name: Lint with yamllint
+        run: yamllint .
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+  molecule:
+    name: Molecule Tests ${{ matrix.os }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [almalinux8, almalinux9]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          #cache: 'pip' # caching pip dependencies
+
+      - name: Ensure requirements are installed
+        run: pip install -r requirements.txt
+
+      - name: Run Molecule tests.
+        run: molecule test
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: ${{ matrix.os }}
+  release:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: actions/checkout@v4
+     - uses: actions/setup-go@v5
+       with:
+         go-version: '1.22'
+     - name: Install gitea provider for Go Semantic Release
+       run: |
+         mkdir -p .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/ && \
+         wget https://github.com/cybercinch/go-semantic-release-provider-gitea/releases/download/v${GITEA_PROVIDER_VER}/go-semantic-release-provider-gitea_v${GITEA_PROVIDER_VER}_linux_amd64 \
+         -O .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea && \
+         chmod a+x .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea
+       env:
+         GITEA_PROVIDER_VER: 1.0.11
+     - run: |
+         echo "github repo: ${GITHUB_REPOSITORY}"
+         echo "env vars: $(env)"
+     - uses: go-semantic-release/action@v1
+       with:
+         custom-arguments: --provider=gitea
+       env:
+         GITEA_TOKEN: ${{ secrets.G_TOKEN }}
+         GITEA_HOST: ${{ secrets.G_SERVER_URL}}

.gitignore

@@ -5,13 +5,14 @@
 *.idea
 # Ignore any retry files from ansible
 *.retry
-
+*/.terraform
 # Ignore roles
 roles/*
 !roles/.gitkeep
 !files/authorized_keys/
 files/authorized_keys/*
 !files/authorized_keys/.gitkeep
+env/
 
 # Do not commit Vault password
 .vault_password.txt

.woodpecker/cron.yml

@@ -0,0 +1,28 @@
+matrix:
+  include:
+    - MOLECULE_DISTRO: centos7
+    - MOLECULE_DISTRO: almalinux8
+
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      recursive: true
+      submodule_update_remote: true
+when:
+  event: [ cron ]
+
+steps:
+  test:
+    name: Test on ${MOLECULE_DISTRO}
+    image: guisea/ansible-molecule
+    pull: true
+    environment:
+      PY_COLORS: '1'
+      ANSIBLE_FORCE_COLOR: '1'
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
+    when:
+      event: [ cron ]

.woodpecker/lint.yml

@@ -0,0 +1,43 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      recursive: true
+      submodule_update_remote: true
+when:
+  event: [ push, manual ]
+
+steps:
+  ansible-lint:
+    group: test
+    name: "Lint: Ansible-lint"
+    image: guisea/ansible-molecule
+    environment:
+      PY_COLORS: '1'
+      ANSIBLE_FORCE_COLOR: '1'
+    commands:
+      - ansible-lint -c ".ansible-lint"
+    when:
+      event: [ push, manual ]
+  yamllint:
+    group: test
+    name: "Lint: Yamllint"
+    image: guisea/ansible-molecule
+    commands:
+      - yamllint -f colored .
+    when:
+      event: [ push, manual ]
+  ntfy:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: "Lint failed for ${CI_REPO_NAME}"
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
+                ${CI_COMMIT_MESSAGE}
+    when:
+      event: [ push, manual ]
+      status: [ failure ]

.woodpecker/release.yml

@@ -0,0 +1,48 @@
+matrix:
+  include:
+    - MOLECULE_DISTRO: centos7
+    - MOLECULE_DISTRO: almalinux8
+    - MOLECULE_DISTRO: almalinux9
+
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      recursive: true
+      submodule_update_remote: true
+when:
+  event: [ push ]
+
+steps:
+  create-release:
+    name: Test on ${MOLECULE_DISTRO}
+    image: guisea/ansible-molecule
+    pull: true
+    environment:
+      PY_COLORS: '1'
+      ANSIBLE_FORCE_COLOR: '1'
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
+    #secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
+    when:
+      event:
+        - push
+        - manual
+  ntfy:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
+                ${CI_COMMIT_MESSAGE}
+    when:
+      event: [ push, manual ]
+      status: [ failure ]
+depends_on:
+  - lint

.woodpecker/test.yml

@@ -0,0 +1,48 @@
+matrix:
+  include:
+    - MOLECULE_DISTRO: centos7
+    - MOLECULE_DISTRO: almalinux8
+    - MOLECULE_DISTRO: almalinux9
+
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      recursive: true
+      submodule_update_remote: true
+when:
+  event: [ push, manual ]
+
+steps:
+  test:
+    name: Test on ${MOLECULE_DISTRO}
+    image: guisea/ansible-molecule
+    pull: true
+    environment:
+      PY_COLORS: '1'
+      ANSIBLE_FORCE_COLOR: '1'
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
+    #secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
+    when:
+      event:
+        - push
+        - manual
+  ntfy:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
+                ${CI_COMMIT_MESSAGE}
+    when:
+      event: [ push, manual ]
+      status: [ failure ]
+depends_on:
+  - lint

.woodpecker/z.ntfy-cron.yml

@@ -0,0 +1,16 @@
+skip_clone: true
+
+steps:
+  ntfy-success:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: Build succeeded on ${CI_REPO_NAME}
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          Test success when run by cron for ${CI_REPO_NAME}.
+depends_on:
+  - "cron"
+runs_on: [ success ]

.woodpecker/z.ntfy.yml

@@ -0,0 +1,20 @@
+skip_clone: true
+
+steps:
+  ntfy:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: "Build completed for ${CI_REPO_NAME}"
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,tada,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
+                ${CI_COMMIT_MESSAGE}
+    when:
+      event: [ push, manual ]
+      status: [ success ]
+depends_on:
+  - lint
+  - test

.woodpecker/zz.ntfy-cron-failed.yml

@@ -0,0 +1,16 @@
+skip_clone: true
+
+steps:
+  ntfy-failed:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: Build failed on ${CI_REPO_NAME}
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,rotating_light,no_entry,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          Test failed when run by cron for ${CI_REPO_NAME}.
+depends_on:
+  - "cron"
+runs_on: [ failure ]

.yamllint

@@ -0,0 +1,35 @@
+---
+# Based on ansible-lint config
+extends: default
+
+ignore: |
+  .venv/
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy: disable

Makefile

@@ -0,0 +1,42 @@
+.PHONY: clean virtualenv lint test docker dist dist-upload
+
+clean:
+	find . -name '*.py[co]' -delete
+
+virtualenv:
+	virtualenv --prompt '|> ansible-role-common <| ' .venv
+	.venv/bin/pip install --upgrade pip
+	.venv/bin/pip install -r requirements.txt
+	.venv/bin/ansible-galaxy collection install -r requirements.yml
+	@echo
+	@echo "VirtualENV Setup Complete. Now run: source .venv/bin/activate"
+	@echo
+
+test:
+	for distro in almalinux9 ; do \
+		MOLECULE_DISTRO=$$distro molecule test --all ; \
+	done
+
+lint:
+	@echo "Linting with Ansible-lint"
+	@echo
+	ansible-lint -c ".ansible-lint" --exclude ".venv"
+	@echo
+	@echo "Linting with Yamllint"
+	@echo
+	yamllint .
+	@echo
+
+
+docker: clean
+	docker buildx build --platform 'linux/amd64,linux/arm64' --push \
+	-t hub.cybercinch.nz/cybercinch/imap_retention_manager:latest \
+	-t docker.io/cybercinch/imap_retention_manager:latest .
+
+dist: clean
+	rm -rf dist/*
+	python setup.py sdist
+	python setup.py bdist_wheel
+
+dist-upload:
+	twine upload dist/*

README.md

@@ -1,9 +1,9 @@
-Role Name
+# Common [![status-badge](https://ci.cybercinch.nz/api/badges/8/status.svg)](https://ci.cybercinch.nz/repos/8)
 =========
 
 A brief description of the role goes here.
 
-Requirements
+Requirements 
 ------------
 
 Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
@@ -23,9 +23,11 @@ Example Playbook
 
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 
+```yaml
     - hosts: servers
       roles:
          - { role: username.rolename, x: 42 }
+```
 
 License
 -------

defaults/main.yml

@@ -9,15 +9,13 @@ dns_servers:
   - 1.0.0.1
   - 1.1.1.1
 
-ADMIN_GROUP: admins
+admin_group: admins
 
 
 common_grub_timeout: 5
 postfix_configure: false
 
 common_packages:
-  - libselinux-python
-  - MySQL-python
   - nano
   - git
   - htop
@@ -26,13 +24,15 @@ common_packages:
   - bind-utils
   - yum-utils
   - unzip
-  
+
 win_packages:
   - notepadplusplus.install
   - firefoxesr
   - baretail
   - 7zip.install
-  
+
 apply_win_updates: false
 
-common_show_ipv6: false|bool
+common_show_ipv6: false|bool
+common_root_pwd: l3tm31nN0w
+common_root_email: admin@somplace.co.nz

files/helpers/set_dhcp_ip.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# This script will reset the IP Address back to default of DHCP
+# helpful for a pending restore
+
+/bin/nmcli c m "System eth0" ipv4.method auto
+/bin/nmcli c m "System eth0" ipv4.address "" ipv4.gateway ""
+/bin/nmcli connection up "System eth0"

files/helpers/set_static_ip.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# get subnet
+subnet=$(ip a | grep "inet " | tail -1 | awk '{print $2}')
+
+# get router/gateway
+router=$(ip route show | head -1 | awk '{print $3}')
+
+# get size of network portion of address in bytes
+sz=$(echo $subnet | awk -F / '{print $2}')
+bytes=$(("$sz" / 8))
+prefix=$(echo "$subnet" | cut -d. -f1-$bytes)      # e.g., 192.168.0
+
+# get IP address to be set
+IP=$(hostname -I | awk '{print $1}')             # current IP
+echo -n "Keep IP address?—$IP [yn]> "
+read -r ans
+if [ "$ans" == "n" ]; then
+  echo -n "Enter new IP address: "
+  read -r IP
+  # check if specified IP is properly formatted
+  if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+    echo Invalid IP
+  fi
+  # check if specified IP works for local network
+  if [[ ! $IP =~ ^$prefix ]]; then
+    echo "ERROR: Specified IP not usable for local network"
+    exit
+  fi
+fi
+
+# check if specified IP is properly formatted
+if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+  echo Invalid IP
+fi
+
+# fetch the UUID
+UUID=$(nmcli connection show | tail -1 | awk '{print $4}')
+if [[ "$UUID" == "ethernet" ]]; then
+ # This is the other format of nmcli connection show
+ UUID=$(nmcli connection show | head -2 | tail -1 | awk '{print $3}')
+fi
+
+# run commands to set up the permanent IP address
+nmcli connection modify "$UUID" IPv4.address "$IP"/"$sz"
+nmcli connection modify "$UUID" IPv4.gateway "$router"
+nmcli connection modify "$UUID" IPv4.method manual
+nmcli connection up "$UUID"

handlers/main.yml

@@ -1,27 +1,33 @@
 ---
 # handlers file for guisea.common
 - name: Restart Postfix
-  service: 
+  service:
     name: postfix
     state: reloaded
-    
+
 - name: Restart SSH
   service:
     name: sshd
     state: restarted
-    
+
 - name: Restart NTPD
   service:
     name: ntpd
     state: restarted
-    
-- name: reboot windows
+
+- name: Reboot Windows
   win_reboot:
-  
-- name: restart NetworkManager
+
+- name: Restart NetworkManager
   service:
     name: NetworkManager
     state: restarted
 
+- name: Check if grub.cfg exists
+  stat:
+    path: /boot/grub2/grub.cfg
+  register: grub_cfg
+
 - name: Update GRUB
   command: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
+  when: grub_cfg.stat.exists

meta/main.yml

@@ -1,152 +1,17 @@
 ---
 galaxy_info:
-  author: your name
-  description: 
-  company: your company (optional)
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
-  license: license (GPLv2, CC-BY, etc)
-  min_ansible_version: 1.2
-  #
-  # Below are all platforms currently available. Just uncomment
-  # the ones that apply to your role. If you don't see your 
-  # platform on this list, let us know and we'll get it added!
-  #
-  #platforms:
-  #- name: EL
-  #  versions:
-  #  - all
-  #  - 5
-  #  - 6
-  #  - 7
-  #- name: GenericUNIX
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Solaris
-  #  versions:
-  #  - all
-  #  - 10
-  #  - 11.0
-  #  - 11.1
-  #  - 11.2
-  #  - 11.3
-  #- name: Fedora
-  #  versions:
-  #  - all
-  #  - 16
-  #  - 17
-  #  - 18
-  #  - 19
-  #  - 20
-  #  - 21
-  #  - 22
-  #  - 23
-  #- name: Windows
-  #  versions:
-  #  - all
-  #  - 2012R2
-  #- name: SmartOS
-  #  versions:
-  #  - all
-  #  - any
-  #- name: opensuse
-  #  versions:
-  #  - all
-  #  - 12.1
-  #  - 12.2
-  #  - 12.3
-  #  - 13.1
-  #  - 13.2
-  #- name: Amazon
-  #  versions:
-  #  - all
-  #  - 2013.03
-  #  - 2013.09
-  #- name: GenericBSD
-  #  versions:
-  #  - all
-  #  - any
-  #- name: FreeBSD
-  #  versions:
-  #  - all
-  #  - 10.0
-  #  - 10.1
-  #  - 10.2
-  #  - 8.0
-  #  - 8.1
-  #  - 8.2
-  #  - 8.3
-  #  - 8.4
-  #  - 9.0
-  #  - 9.1
-  #  - 9.1
-  #  - 9.2
-  #  - 9.3
-  #- name: Ubuntu
-  #  versions:
-  #  - all
-  #  - lucid
-  #  - maverick
-  #  - natty
-  #  - oneiric
-  #  - precise
-  #  - quantal
-  #  - raring
-  #  - saucy
-  #  - trusty
-  #  - utopic
-  #  - vivid
-  #- name: SLES
-  #  versions:
-  #  - all
-  #  - 10SP3
-  #  - 10SP4
-  #  - 11
-  #  - 11SP1
-  #  - 11SP2
-  #  - 11SP3
-  #- name: GenericLinux
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Debian
-  #  versions:
-  #  - all
-  #  - etch
-  #  - jessie
-  #  - lenny
-  #  - squeeze
-  #  - wheezy
-  #
-  # Below are all categories currently available. Just as with
-  # the platforms above, uncomment those that apply to your role.
-  #
-  #categories:
-  #- cloud
-  #- cloud:ec2
-  #- cloud:gce
-  #- cloud:rax
-  #- clustering
-  #- database
-  #- database:nosql
-  #- database:sql
-  #- development
-  #- monitoring
-  #- networking
-  #- packaging
-  #- system
-  #- web
+  author: guisea <aaron@guise.net.nz>
+  role_name: common # if absent directory name hosting role is used instead
+  namespace: cybercinch # if absent, author is used instead
+  description: Commonplace system setup
+  company: CyberCinch
+  license: MIT
+  min_ansible_version: "2.9"
+
+  platforms:
+    - name: EL
+      versions:
+        - all
+  galaxy_tags: []
+
 dependencies: []
-  # List your role dependencies here, one per line.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
-  

molecule/default/converge.yml

@@ -0,0 +1,7 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include common"
+      include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"

molecule/default/molecule.yml

@@ -0,0 +1,24 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: molecule-${MOLECULE_DISTRO:-almalinux8}
+    image: "cybercinch/docker-${MOLECULE_DISTRO:-almalinux8}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  env:
+    MOLECULE_NO_LOG: true
+# verifier:
+#  name: ansible
+# lint: |
+#   set -e
+#   yamllint .
+#   ansible-lint

molecule/default/verify.yml

@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    assert:
+      that: true

requirements.txt

@@ -0,0 +1,6 @@
+ansible-core<2.17
+ansible-compat<4
+molecule[docker]<5.0.0
+ansible-lint==6.16.2
+yamllint==1.32.0
+passlib==1.7.4

requirements.yml

@@ -0,0 +1,3 @@
+collections:
+  - ansible.windows
+  - community.general

tasks/RedHat.yml

@@ -1,25 +1,23 @@
 ---
 # tasks file for common role
-- include: networking.yml
+- include_tasks: networking.yml
 
-- name: Ensure common packages
-  yum: 
-    name: "{{item}}"
+- name: Ensure common packages (RHEL)
+  yum:
+    name: "{{ common_packages }}"
     state: present
     enablerepo: epel
-  with_items: "{{ common_packages }}"
   when: ansible_distribution != 'OracleLinux'
   tags: packages
 
-- name: Ensure common packages
+- name: Ensure common packages (OracleLinux)
   yum:
-    name: "{{item}}"
+    name: "{{ common_packages }}"
     state: present
     enablerepo: ol7_developer_EPEL
-  with_items: "{{ common_packages }}"
   when: ansible_distribution == 'OracleLinux'
   tags: packages
-  
+
 - name: Check if SELinux is installed
   stat:
     path: /etc/selinux/config
@@ -40,7 +38,9 @@
 #  tags: security
 
 - name: Create admin group
-  group: name={{ADMIN_GROUP}} state=present
+  group:
+    name: "{{ admin_group }}"
+    state: present
 
 - name: Configure yum limit
   lineinfile:
@@ -51,26 +51,22 @@
 
 - name: Ensure Helpers are present
   copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
+    src: helpers/
+    dest: /usr/local/bin/
     mode: u+rwx,g+rx,o+rx
-  with_items:
-    - src: helpers/reload_scsi_devices
-      dest: /usr/local/bin/reload_scsi_devices
-    - src: helpers/reload_scsi_hosts
-      dest: /usr/local/bin/reload_scsi_hosts
-    
+
 - name: Ensure Hostname is set
-  hostname: 
+  hostname:
     name: "{{ inventory_hostname }}.{{ domain }}"
-    
+  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
+
 - name: Change root password
-  user:  
-    name: root 
-    password: "{{ root_pwd }}"
+  user:
+    name: root
+    password: "{{ common_root_pwd | password_hash('sha512') }}"
   changed_when: false
   tags: rootpw
 
-- include: grub.yml
-- include: communication.yml
-- include: motd.yml
+- include_tasks: grub.yml
+- include_tasks: communication.yml
+- include_tasks: motd.yml

tasks/Windows.yml

@@ -11,14 +11,14 @@
     state: present
     update_password: always
   changed_when: false
-  
+
 - name: Ensure System Culture Set
   win_region:
     location: 183
     format: en-NZ
     unicode_language: en-NZ
     copy_settings: true
-    
+
 - name: Ensure DNS is set
   win_dns_client:
     adapter_names: "*"
@@ -30,7 +30,7 @@
     admin_password: "{{ vault_ad_password }}"
     domain_name: "{{ authconfig_domain }}"
   when: ad_domain_joined
-  notify: reboot windows
+  notify: Reboot Windows
 - meta: flush_handlers
 
 - name: Ensure Important dirs exist
@@ -40,7 +40,7 @@
   with_items:
     - 'C:\Temp'
     - 'C:\Tools'
-  
+
 #- name: Ensure Profile Tool Present
 #  win_copy:
 #    src: Defprof.exe
@@ -53,7 +53,7 @@
 - name: Apply Windows Updates
   win_updates:
   when: apply_windows_updates
-  notify: reboot windows
+  notify: Reboot Windows
 - meta: flush_handlers
 
 - name: Ensure default applications installed
@@ -61,4 +61,3 @@
     name: "{{ item }}"
     state: present
   with_items: "{{ win_packages }}"
-

tasks/common.yml

@@ -0,0 +1,5 @@
+---
+- include_tasks: networking.yml
+- include_tasks: communication.yml
+- include_tasks: grub.yml
+- include_tasks: motd.yml

tasks/communication.yml

@@ -1,43 +1,48 @@
 ---
 - name: Postfix Configuration
+  when: postfix_configure
   block:
-    - name: postfix | Apply postfix configuration
+    - name: Postfix | Apply postfix configuration
       lineinfile:
-        dest: "{{item.dest}}"
-        regexp: "{{item.regexp}}"
-        line: "{{item.line}}"
+        dest: "{{ configurations.dest }}"
+        regexp: "{{ configurations.regexp }}"
+        line: "{{ configurations.line }}"
         insertafter: EOF
       notify: Restart Postfix
       when: "'SMTP0' not in inventory_hostname"
       with_items:
-        - { dest: /etc/postfix/main.cf,
+        - {
+            dest: /etc/postfix/main.cf,
             regexp: "^.?inet_protocols =",
-            line: "inet_protocols = ipv4"
+            line: "inet_protocols = ipv4",
           }
-        - { dest: /etc/postfix/main.cf,
+        - {
+            dest: /etc/postfix/main.cf,
             regexp: "^.?inet_interfaces =",
-            line: "inet_interfaces = all"
+            line: "inet_interfaces = all",
           }
-        - { dest: /etc/postfix/main.cf,
+        - {
+            dest: /etc/postfix/main.cf,
             regexp: "^.?relayhost =",
-            line: "relayhost = {{ relayhost }}"
+            line: "relayhost = {{ relayhost }}",
           }
         - {
             dest: /etc/postfix/main.cf,
             regexp: "^.?smtp_randomize_addresses =",
-            line: "smtp_randomize_addresses = no"
+            line: "smtp_randomize_addresses = no",
           }
+      loop_control:
+        loop_var: configurations
 
-    - name: postfix | Ensure Postfix is Started/Enabled
+    - name: Postfix | Ensure Postfix is Started/Enabled
       service:
         name: postfix
         state: started
         enabled: yes
-  when: postfix_configure
 
 - name: Ensure root forwarding address is set
   lineinfile:
     dest: ~/.forward
-    regexp: "{{ root_email }}"
-    line: "{{ root_email }}"
+    regexp: "{{ common_root_email }}"
+    line: "{{ common_root_email }}"
     create: yes

tasks/grub.yml

@@ -18,7 +18,9 @@
     option: GRUB_TIMEOUT
     value: "{{ common_grub_timeout }}"
     no_extra_spaces: yes
-  when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'"
-  notify: Update GRUB
+  when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version > '6'"
+  notify:
+    - Check if grub.cfg exists
+    - Update GRUB
   tags:
-    - grub
+    - grub

tasks/main.yml

@@ -1,2 +1,9 @@
 ---
-- include: "{{ ansible_os_family }}.yml"
+- name: Include tasks only if one of the files exist, otherwise skip the task
+  include_tasks: "{{ item }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_os_family }}.yml"
+        - "common.yml"
+  loop: "{{ q('first_found', params, errors='ignore') }}"

tasks/motd.yml

@@ -16,4 +16,4 @@
     dest: /etc/profile.d/motd.sh
     regexp: "^/usr/local/bin/dynmotd"
     line: "/usr/local/bin/dynmotd"
-    create: yes
+    create: yes

tasks/networking.yml

@@ -1,47 +1,62 @@
 ---
+- name: What is virtualization type?
+  debug:
+    msg: "Virtualization is: {{ ansible_virtualization_type }}"
+
 - name: Ensure DNS and SSH common config
   template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
+    src: "{{ network_config.src }}"
+    dest: "{{ network_config.dest }}"
+    mode: "{{ network_config.mode }}"
     backup: yes
   with_items:
-    - { src: etc.sysconfig.network.j2,
+    - {
+        src: etc.sysconfig.network.j2,
         dest: /etc/sysconfig/network,
-        mode: u+rw,a+r
-      }
-    - { src: etc.resolv.conf.j2,
-        dest: /etc/resolv.conf,
-        mode: u+rw,a+r
+        mode: u+rw,
+        a+r,
       }
+    - { src: etc.resolv.conf.j2, dest: /etc/resolv.conf, mode: u+rw, a+r }
+  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
+  loop_control:
+    loop_var: network_config
   tags: dns
 
 - name: Ensure hosts file correct
   lineinfile:
     dest: /etc/hosts
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
+    regexp: "{{ hosts_config.regexp }}"
+    line: "{{ hosts_config.line }}"
     backrefs: yes
     backup: yes
   with_items:
-    - {regexp: "^127.0.0.1.+localdomain4$",
-         line: "127.0.0.1   localhost {{ inventory_hostname }}"
+    - {
+        regexp: "^127.0.0.1.+localdomain4$",
+        line: "127.0.0.1   localhost {{ inventory_hostname }}",
       }
-    - {regexp: "^::1.+localdomain6$",
-         line: "::1         localhost {{ inventory_hostname }}"
+    - {
+        regexp: "^::1.+localdomain6$",
+        line: "::1         localhost {{ inventory_hostname }}",
       }
-    - {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
-         line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}"
+    - {
+        regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
+        line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
       }
-    - {regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
-       line: "127.0.0.1   localhost {{ inventory_hostname }}"
+    - {
+        regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
+        line: "127.0.0.1   localhost {{ inventory_hostname }}",
       }
-    - {regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
-       line: "::1         localhost {{ inventory_hostname }}"
+    - {
+        regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
+        line: "::1         localhost {{ inventory_hostname }}",
       }
-    - {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
-       line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}"
+    - {
+        regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
+        line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
       }
+  loop_control:
+    loop_var: hosts_config
+  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
 
 - name: Ensure NetworkManager does not fiddle DNS
   ini_file:
@@ -52,16 +67,18 @@
     backup: yes
   when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7")
   notify:
-    - restart NetworkManager
+    - Restart NetworkManager
   changed_when: false
 
 - name: Ensure correct permissions (hosts/resolv.conf)
   file:
-    path: "{{item}}"
+    path: "{{ perm_config }}"
     state: touch
     mode: u+rw,g+r,a+r
   with_items:
     - /etc/resolv.conf
     - /etc/hosts
+  loop_control:
+    loop_var: perm_config
   changed_when: false
-  tags: dns
+  tags: dns

templates/dynmotd

@@ -15,70 +15,89 @@
 #      /usr/local/bin/dynmotd
 #
 
-USER=`/usr/bin/whoami`
-HOSTNAME=`/usr/bin/uname -n | /usr/bin/cut -d. -f1`
-IP=`/usr/sbin/ip route get 1 | grep -Po '(?<=src.)[\w\d.]+'`
-IP6=`/sbin/ip -6 addr | awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
-NUM_CPU=`/usr/bin/lscpu | /usr/bin/grep "CPU(s):" | /usr/bin/head -n 1 | /usr/bin/awk '{print $2}'`
-ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
-HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
-BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
+if getent group "{{ admin_group }}" | grep -qw "$(whoami)"; then
+    USER=`/usr/bin/env whoami`
+    HOSTNAME=`/usr/bin/env uname -n | /usr/bin/env cut -d. -f1`
+    IP=`/usr/bin/env ip route get 1 | /usr/bin/env grep -Po '(?<=src.)[\w\d.]+'`
+    IP6=`/usr/bin/env ip -6 addr | /usr/bin/env awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
+    NUM_CPU=`cat /proc/cpuinfo | grep processor | wc -l`
+    #ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
+    #HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
+    #BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
+    FILESYSTEMS=`cat /etc/fstab | grep -v '#' | grep -v 'swap' | grep -v 'proc' | awk '{if(NF>0) {print $2}}'`
+    MEMORY=`/usr/bin/env free -m | /usr/bin/env grep "Mem" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
+    SWAP=`/usr/bin/env free -m | /usr/bin/env grep "Swap" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
+    PSA=`/usr/bin/env ps -Afl | /usr/bin/env wc -l`
 
-MEMORY=`/usr/bin/free -m | /usr/bin/grep "Mem" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
-SWAP=`/usr/bin/free -m | /usr/bin/grep "Swap" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
-PSA=`/usr/bin/ps -Afl | wc -l`
+    # time of day
+    HOUR=$(/usr/bin/env date +"%H")
+    if [ $HOUR -lt 12  -a $HOUR -ge 0 ]
+    then    TIME="morning"
+    elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
+    then    TIME="afternoon"
+    else
+        TIME="evening"
+    fi
 
-# time of day
-HOUR=$(/usr/bin/date +"%H")
-if [ $HOUR -lt 12  -a $HOUR -ge 0 ]
-then    TIME="morning"
-elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
-then    TIME="afternoon"
+    #System uptime
+    uptime=`/usr/bin/env cat /proc/uptime | cut -f1 -d.`
+    upDays=$((uptime/60/60/24))
+    upHours=$((uptime/60/60%24))
+    upMins=$((uptime/60%60))
+    upSecs=$((uptime%60))
+
+    #System load
+    LOADAVG=`/usr/bin/env cat /proc/loadavg`
+    LOAD1=`echo $LOADAVG | /usr/bin/env awk {'print $1'}`
+    LOAD5=`echo $LOADAVG | /usr/bin/env awk {'print $2'}`
+    LOAD15=`echo $LOADAVG | /usr/bin/env awk {'print $3'}`
+
+    echo ""
+    echo -e "\e[7m--- GOOD $TIME $USER ----\e[0m"
+    echo ""
+    #MESSAGE=`/usr/bin/fortune | /usr/bin/cowsay`
+    #echo -e " $MESSAGE"
+
+    COLOR_COLUMN="\e[1m-"
+    COLOR_VALUE="\e[31m"
+    RESET_COLORS="\e[0m"
+    echo -e "
+    ===========================================================================
+    $COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
+    {% if common_show_ipv6 == true %}
+    $COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS  
+    $COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS  
+    {% else %} $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
+    {% endif %}
+    {% if ansible_distribution == "Alpine" %}
+    $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE Alpine `/usr/bin/env cat /etc/os-release` $RESET_COLORS
+    {% else %}
+    $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `/usr/bin/env cat /etc/os-release | /usr/bin/env grep PRETTY_NAME | /usr/bin/env cut -d '"' -f 2` $RESET_COLORS
+    {% endif %}
+    {% if ansible_distribution != "Alpine" %}
+    $COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
+    {% endif %}
+    =========================================================================== $RESET_COLORS
+    $COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
+    $COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
+    $COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
+    $COLOR_COLUMN- Memory used$RESET_COLORS.........: $COLOR_VALUE $MEMORY (total-used-free) $RESET_COLORS
+    $COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
+    $COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
+    $COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
+    {% if ansible_virtualization_type != "lxc" %}
+    $COLOR_COLUMN- Disk space$RESET_COLORS..........: "
+    for FS in ${FILESYSTEMS}; do
+    echo -e " $COLOR_COLUMN- ..........$RESET_COLORS..........: $COLOR_VALUE `df -H ${FS} | grep -v 'Filesystem' | grep -v '^[[:space:]]*$' | awk '{print $6 \" \" $4}'` remaining $RESET_COLORS"
+    done
+    {% endif %}
+    echo -e "
+    ===========================================================================
+    "
+    if [ -f /etc/motd ]; then
+    /usr/bin/env cat /etc/motd
+    fi
 else
-    TIME="evening"
-fi
-
-#System uptime
-uptime=`/usr/bin/cat /proc/uptime | cut -f1 -d.`
-upDays=$((uptime/60/60/24))
-upHours=$((uptime/60/60%24))
-upMins=$((uptime/60%60))
-upSecs=$((uptime%60))
-
-#System load
-LOADAVG=`/usr/bin/cat /proc/loadavg`
-LOAD1=`echo $LOADAVG | /usr/bin/awk {'print $1'}`
-LOAD5=`echo $LOADAVG | /usr/bin/awk {'print $2'}`
-LOAD15=`echo $LOADAVG | /usr/bin/awk {'print $3'}`
-
-echo ""
-echo -e "\e[7m--- GOOD $TIME $USER ----\e[0m"
-echo ""
-#MESSAGE=`/usr/bin/fortune | /usr/bin/cowsay`
-#echo -e " $MESSAGE"
-
-COLOR_COLUMN="\e[1m-"
-COLOR_VALUE="\e[31m"
-RESET_COLORS="\e[0m"
-echo -e "
-===========================================================================
- $COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
-{% if common_show_ipv6 == true %}
- $COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS  
- $COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS  
-{% else %} $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
-{% endif %}
- $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `cat {{ ansible_distribution_file_path }}` $RESET_COLORS
- $COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
-=========================================================================== $RESET_COLORS
- $COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
- $COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
- $COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
- $COLOR_COLUMN- Memory used$RESET_COLORS.........: $COLOR_VALUE $MEMORY (total-used-free) $RESET_COLORS
- $COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
- $COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
- $COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
- $COLOR_COLUMN- Disk space$RESET_COLORS..........: $COLOR_VALUE $ROOT remaining $RESET_COLORS
-===========================================================================
-`/usr/bin/cat /etc/motd`
-"
+  # Just exit :)
+  exit 0
+fi;

terraform/.terraform.lock.hcl

@@ -0,0 +1,22 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/linode/linode" {
+  version     = "1.16.0"
+  constraints = "1.16.0"
+  hashes = [
+    "h1:JpBtHnebAi6yr/aDdlk8EybaEiEY+VPtFP3o0QoMTng=",
+    "zh:03c867440797b82012cd5d97f58fef5885dc0248683227299a39af836df222db",
+    "zh:0486be7f72d6ea73d10140e23be8c1d2772b2d8be28c7bb39c73be83601405cf",
+    "zh:181929d6880cac6500f4af1f3799385c47ccd69872cacf1042a3a48e445b2b02",
+    "zh:18b7f6cc1ddf86e28322638607e1f84c1e9d56824c26903e22d4d12352f20b6e",
+    "zh:4e65e7f9e17c334ff7047fc2dd8fc479c2509cba66834d89e2033a45e9275fe3",
+    "zh:6077eda3fdf77a5158d9dc1a0c38492e23f7d679b1ac96382ba92ebe92e19266",
+    "zh:642e7c96867c519176d84228a7f9104352212ae3c999b409eee1076b7ed90a96",
+    "zh:6451f5117125fad9884214fe2f2635a2bed95912e64cf1c66a57c38558dfe907",
+    "zh:83b957b30da19586393b9aea2cc93524a7d4c43dd07d11129a11d29c2b4bfb21",
+    "zh:852954fe6cfe5278bd7c3d1079a9832bbf8c58436486489ed85154c0a0600633",
+    "zh:a2385c51147a3c40707f7bfceb673c077e1054e8af6fb4c808cef56f995b8193",
+    "zh:d21cd5cb5a635d18547430fe6cdfe3c6898541f9f3adc110edbf8d6e0439390d",
+  ]
+}

terraform/drone-runners.tf

@@ -0,0 +1,58 @@
+variable "drone_instances" {
+  description = "How many runner instances should there be?"
+  default = 3
+}
+variable "root_pass" {
+  description = "Root password to set on the node"
+}
+
+variable "linode_api_token" {
+  description = "Linode API Token"
+}
+
+variable "ssh_pubkey" {
+    description = "SSH key to be allowed access by default"
+}
+
+terraform {
+  required_providers {
+    linode = {
+      source = "linode/linode"
+      version = "1.16.0"
+    }
+  }
+ backend "local" {
+         path = "/data/runner.tfstate"  
+ }
+}
+
+provider "linode" {
+  token = var.linode_api_token
+}
+
+resource "linode_instance" "terraform-drone" {
+  connection { 
+               type = "ssh"
+               user = "root"
+               password = var.root_pass    
+               host     = self.ip_address  
+             }
+
+        count = var.drone_instances
+        image = "private/15818922"
+        label = "drone-runner-${count.index + 1}"
+        group = "docker"
+        tags = ["tag_Testing","docker"]
+        region = "ap-southeast"
+        type = "g6-standard-2"
+        authorized_keys = [ var.ssh_pubkey ]
+        root_pass = var.root_pass
+
+  provisioner "remote-exec" {
+    inline = [
+        "yum upgrade -y && systemctl restart docker",
+        "docker rm -f runner",
+        "docker run --detach --volume=/var/run/docker.sock:/var/run/docker.sock --env=DRONE_RPC_PROTO=https --env=DRONE_RPC_HOST=drone.guise.net.nz --env=DRONE_RPC_SECRET=super-duper-secret --env=DRONE_RUNNER_CAPACITY=2 --env=DRONE_RUNNER_NAME=drone-runner-${count.index + 1} --env=DRONE_RUNNER_LABELS='linodrone:true' --env=--publish=3000:3000 --restart=always --name=runner drone/drone-runner-docker:1"
+    ]
+  }
+}

test.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if getent group "wheel" | grep -qw "$(whoami)"; then
+  echo true
+else
+  echo false
+fi;