chore: Bump gitea provider ⬆️

Add yamllint to "make lint"

.ansible-lint

@@ -1,3 +1,5 @@
+profile: basic
+
 skip_list: # or 'skip_list' to silence them completely
   - experimental # all rules tagged as experimental
   - unnamed-task # All tasks should be named

.drone.jsonnet

@@ -1,148 +0,0 @@
-// Distros to Test on ;)
-local distros = ['centos7',
-                 'rockylinux8', 
-                 'debian10', 
-                 'debian11'];
-
-/* Configuration of DIND */
-local docker_service() =
- {
-   name: 'docker',
-   image: 'docker:dind',
-   privileged: true,
-   volumes: [{ name: 'dockersock', path: '/var/run' },],
- };
-
-local email_notification() =
- {
-   name: 'notify by email',
-   image: 'drillster/drone-email',
-   settings:
-    { host: 
-        { from_secret: 'EMAIL_HOST' },
-      username:
-        { from_secret: 'EMAIL_USER' },
-      password:
-        { from_secret: 'EMAIL_PASS' },
-      from: 'drone@guise.net.nz'
-    }
-  };
-
-local test_distro(distribution) =
-  {
-    name: 'Molecule test on %(distribution)s' % { distribution: distribution },
-    volumes: [{ name: 'dockersock', path: '/var/run' },],
-    pull: true,
-    image: 'guisea/ansible-molecule:alpine-latest',
-    commands: [
-      'sleep 10', // give docker enough time to start
-      'mkdir ${DRONE_REPO_NAME}',
-      'rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}',
-      'cd ${DRONE_REPO_NAME}',
-      'molecule test'
-    ],
-    environment:
-     { MOLECULE_DISTRO: '%(distribution)s' % { distribution: distribution }
-     },
-  };
-
-local gen_pipeline(distro) = 
-  {kind: 'pipeline',
-   type: 'docker',
-   name: 'Test on %(distro)s' % { distro: distro },
-   steps: 
-    [test_distro(distro)],
-   services: 
-     [docker_service()],
-   volumes: 
-   [{
-     name: 'dockersock',
-     temp: {}, 
-   },],
-   trigger:
-   { event: {exclude: ['tag'],},},
-   when:
-     { event: {exclude: ['tag']},  
-     },
-  };
-
-local gen_release() =
-  {kind: 'pipeline',
-   type: 'docker',
-   image: 'guisea/ansible-molecule:alpine-latest',
-   name: 'Generate Release',
-   environment:
-   { USER: { from_secret: 'GITEA_USER' },
-     TOKEN: { from_secret: 'GITEA_TOKEN' },
-     REPOUSER: { from_secret: 'GITEA_REPOUSER'},
-     URL: { from_secret: 'GITEA_URL' },
-   },
-   commands: [
-      'sleep 10', // give docker enough time to start
-      'env',
-      'mkdir ${DRONE_REPO_NAME}',
-      'rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}',
-      'cd ${DRONE_REPO_NAME}',
-      'echo GITEA_USER=$USER',
-      'apk update && apk add --no-cache curl',
-      'tar -czf ../${DRONE_REPO_NAME}.${DRONE_TAG}.tar.gz ./*', // Create an archive of the role
-      'curl --user $USER:$TOKEN --upload-file ../${DRONE_REPO_NAME}.${DRONE_TAG}.tar.gz https://$URL/api/packages/$REPOUSER/generic/ansible-role-common/${DRONE_TAG}/${DRONE_REPO_NAME}.${DRONE_TAG}.tar.gz',
-   ],
-
-   when:
-   { event: {include: ['tag']},  
-   },
-   trigger:
-   { event: {include: ['tag'],},},
-  };
-
-local gen_pipeline_release() =
-  {kind: 'pipeline',
-   type: 'docker',
-   name: 'Generate release from tag',
-   steps: 
-    [gen_release()],
-   when:
-     { event: {include: ['tag']},  
-     },
-   trigger:
-   { event: {include: ['tag'],},},
-  };
-
-// Generate the output
-[ 
-  gen_pipeline('centos7'),
-  gen_pipeline('rockylinux8'),
-  gen_pipeline('debian10'),
-  gen_pipeline('debian11'),
-  {kind: 'pipeline',
-   type: 'docker',
-   name: 'Notify normal',
-   clone: {disable: true},
-   steps: [email_notification()],
-   trigger:
-   { event: {exclude: ['tag'],},},
-   when:
-     {  status: [ 'success', 'failure' ] ,
-        event: {exclude: ['tag']}, 
-     },
-    depends_on: 
-      ['Test on %(distro)s' % { distro: distro }
-        for distro in distros]
-  },
-  gen_pipeline_release(),
-  {kind: 'pipeline',
-   type: 'docker',
-   clone: {disable: true},
-   name: 'Notify Tagged release',
-   steps: [email_notification()],
-   trigger:
-   { event: {include: ['tag'],},},
-   when:
-     {  status: [ 'success', 'failure' ] ,
-        event: {include: ['tag']}, 
-     },
-    depends_on: 
-      ['Generate release from tag']
-  },
-]

.drone.yml

@@ -1,210 +0,0 @@
----
-kind: pipeline
-name: runners
-steps:
-- commands:
-  - cd terraform
-  - terraform init
-  - terraform plan -out /data/runners.plan
-  - terraform apply /data/runners.plan
-  environment:
-    TF_VAR_linode_api_token:
-      from_secret: linode_api_token
-    TF_VAR_root_pass:
-      from_secret: root_pass
-    TF_VAR_ssh_pubkey:
-      from_secret: TF_VAR_ssh_pubkey
-  image: hashicorp/terraform:1.1.7
-  name: Provision with terraform
-  volumes:
-  - name: terraform-data
-    path: /data
-type: docker
-volumes:
-- host:
-    path: /mnt/nfs/swarm/runners
-  name: terraform-data
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on centos7
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: centos7
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on centos7
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on centos8
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: centos8
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on centos8
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on rockylinux8
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: rockylinux8
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on rockylinux8
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on debian10
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: debian10
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on debian10
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on debian11
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: debian11
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on debian11
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- Test on centos7
-- Test on centos8
-- Test on rockylinux8
-- Test on debian10
-- Test on debian11
-kind: pipeline
-name: Notify
-steps:
-- image: drillster/drone-email
-  name: notify by email
-  settings:
-    from: drone@guise.net.nz
-    host: mail.guise.net.nz
-    password:
-      from_secret: EMAIL_PASS
-    username:
-      from_secret: EMAIL_USER
-type: docker
-when:
-  status:
-  - success
-  - failure

.github/workflows/ci.yml

@@ -0,0 +1,82 @@
+name: CI
+on: push
+
+jobs:
+  # lint:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: actions/setup-go@v5
+  #       with:
+  #         go-version: '1.22'
+  #     - uses: golangci/golangci-lint-action@v3
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          #cache: 'pip' # caching pip dependencies
+      - name: Ensure requirements are installed
+        run: pip install -r requirements.txt
+      - name: Lint with ansible-lint
+        run: ansible-lint -c ".ansible-lint"
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+      - name: Lint with yamllint
+        run: yamllint .
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+  molecule:
+    name: Molecule Tests ${{ matrix.os }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [almalinux8, almalinux9]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          #cache: 'pip' # caching pip dependencies
+
+      - name: Ensure requirements are installed
+        run: pip install -r requirements.txt
+
+      - name: Run Molecule tests.
+        run: molecule test
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: ${{ matrix.os }}
+  release:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: actions/checkout@v4
+     - uses: actions/setup-go@v5
+       with:
+         go-version: '1.22'
+     - name: Install gitea provider for Go Semantic Release
+       run: |
+         mkdir -p .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/ && \
+         wget https://github.com/cybercinch/go-semantic-release-provider-gitea/releases/download/v${GITEA_PROVIDER_VER}/go-semantic-release-provider-gitea_v${GITEA_PROVIDER_VER}_linux_amd64 \
+         -O .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea && \
+         chmod a+x .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea
+       env:
+         GITEA_PROVIDER_VER: 1.0.11
+     - run: |
+         echo "github repo: ${GITHUB_REPOSITORY}"
+         echo "env vars: $(env)"
+     - uses: go-semantic-release/action@v1
+       with:
+         custom-arguments: --provider=gitea
+       env:
+         GITEA_TOKEN: ${{ secrets.G_TOKEN }}
+         GITEA_HOST: ${{ secrets.G_SERVER_URL}}

.gitignore

@@ -12,6 +12,7 @@ roles/*
 !files/authorized_keys/
 files/authorized_keys/*
 !files/authorized_keys/.gitkeep
+env/
 
 # Do not commit Vault password
 .vault_password.txt

.woodpecker/cron.yml

@@ -0,0 +1,28 @@
+matrix:
+  include:
+    - MOLECULE_DISTRO: centos7
+    - MOLECULE_DISTRO: almalinux8
+
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      recursive: true
+      submodule_update_remote: true
+when:
+  event: [ cron ]
+
+steps:
+  test:
+    name: Test on ${MOLECULE_DISTRO}
+    image: guisea/ansible-molecule
+    pull: true
+    environment:
+      PY_COLORS: '1'
+      ANSIBLE_FORCE_COLOR: '1'
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
+    when:
+      event: [ cron ]

.woodpecker/lint.yml

@@ -0,0 +1,43 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      recursive: true
+      submodule_update_remote: true
+when:
+  event: [ push, manual ]
+
+steps:
+  ansible-lint:
+    group: test
+    name: "Lint: Ansible-lint"
+    image: guisea/ansible-molecule
+    environment:
+      PY_COLORS: '1'
+      ANSIBLE_FORCE_COLOR: '1'
+    commands:
+      - ansible-lint -c ".ansible-lint"
+    when:
+      event: [ push, manual ]
+  yamllint:
+    group: test
+    name: "Lint: Yamllint"
+    image: guisea/ansible-molecule
+    commands:
+      - yamllint -f colored .
+    when:
+      event: [ push, manual ]
+  ntfy:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: "Lint failed for ${CI_REPO_NAME}"
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
+                ${CI_COMMIT_MESSAGE}
+    when:
+      event: [ push, manual ]
+      status: [ failure ]

.woodpecker/release.yml

@@ -0,0 +1,48 @@
+matrix:
+  include:
+    - MOLECULE_DISTRO: centos7
+    - MOLECULE_DISTRO: almalinux8
+    - MOLECULE_DISTRO: almalinux9
+
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      recursive: true
+      submodule_update_remote: true
+when:
+  event: [ push ]
+
+steps:
+  create-release:
+    name: Test on ${MOLECULE_DISTRO}
+    image: guisea/ansible-molecule
+    pull: true
+    environment:
+      PY_COLORS: '1'
+      ANSIBLE_FORCE_COLOR: '1'
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
+    #secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
+    when:
+      event:
+        - push
+        - manual
+  ntfy:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
+                ${CI_COMMIT_MESSAGE}
+    when:
+      event: [ push, manual ]
+      status: [ failure ]
+depends_on:
+  - lint

.woodpecker/test.yml

@@ -0,0 +1,48 @@
+matrix:
+  include:
+    - MOLECULE_DISTRO: centos7
+    - MOLECULE_DISTRO: almalinux8
+    - MOLECULE_DISTRO: almalinux9
+
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      recursive: true
+      submodule_update_remote: true
+when:
+  event: [ push, manual ]
+
+steps:
+  test:
+    name: Test on ${MOLECULE_DISTRO}
+    image: guisea/ansible-molecule
+    pull: true
+    environment:
+      PY_COLORS: '1'
+      ANSIBLE_FORCE_COLOR: '1'
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
+    #secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
+    when:
+      event:
+        - push
+        - manual
+  ntfy:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
+                ${CI_COMMIT_MESSAGE}
+    when:
+      event: [ push, manual ]
+      status: [ failure ]
+depends_on:
+  - lint

.woodpecker/z.ntfy-cron.yml

@@ -0,0 +1,16 @@
+skip_clone: true
+
+steps:
+  ntfy-success:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: Build succeeded on ${CI_REPO_NAME}
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          Test success when run by cron for ${CI_REPO_NAME}.
+depends_on:
+  - "cron"
+runs_on: [ success ]

.woodpecker/z.ntfy.yml

@@ -0,0 +1,20 @@
+skip_clone: true
+
+steps:
+  ntfy:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: "Build completed for ${CI_REPO_NAME}"
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,tada,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
+                ${CI_COMMIT_MESSAGE}
+    when:
+      event: [ push, manual ]
+      status: [ success ]
+depends_on:
+  - lint
+  - test

.woodpecker/zz.ntfy-cron-failed.yml

@@ -0,0 +1,16 @@
+skip_clone: true
+
+steps:
+  ntfy-failed:
+    image: codeberg.org/l-x/woodpecker-ntfy
+    settings:
+        url: https://ntfy.cybercinch.nz/ci-status
+        title: Build failed on ${CI_REPO_NAME}
+        priority: urgent
+        icon: https://woodpecker-ci.org/img/logo.svg
+        tags: robot,rotating_light,no_entry,${CI_BUILD_EVENT},${CI_REPO_NAME}
+        message: >
+          Test failed when run by cron for ${CI_REPO_NAME}.
+depends_on:
+  - "cron"
+runs_on: [ failure ]

.yamllint

@@ -2,6 +2,8 @@
 # Based on ansible-lint config
 extends: default
 
+ignore: |
+  .venv/
 rules:
   braces:
     max-spaces-inside: 1
@@ -26,8 +28,8 @@ rules:
   indentation: disable
   key-duplicates: enable
   line-length: disable
-  new-line-at-end-of-file: disable
+  new-line-at-end-of-file: enable
   new-lines:
     type: unix
-  trailing-spaces: disable
+  trailing-spaces: enable
   truthy: disable

Makefile

@@ -0,0 +1,42 @@
+.PHONY: clean virtualenv lint test docker dist dist-upload
+
+clean:
+	find . -name '*.py[co]' -delete
+
+virtualenv:
+	virtualenv --prompt '|> ansible-role-common <| ' .venv
+	.venv/bin/pip install --upgrade pip
+	.venv/bin/pip install -r requirements.txt
+	.venv/bin/ansible-galaxy collection install -r requirements.yml
+	@echo
+	@echo "VirtualENV Setup Complete. Now run: source .venv/bin/activate"
+	@echo
+
+test:
+	for distro in almalinux9 ; do \
+		MOLECULE_DISTRO=$$distro molecule test --all ; \
+	done
+
+lint:
+	@echo "Linting with Ansible-lint"
+	@echo
+	ansible-lint -c ".ansible-lint" --exclude ".venv"
+	@echo
+	@echo "Linting with Yamllint"
+	@echo
+	yamllint .
+	@echo
+
+
+docker: clean
+	docker buildx build --platform 'linux/amd64,linux/arm64' --push \
+	-t hub.cybercinch.nz/cybercinch/imap_retention_manager:latest \
+	-t docker.io/cybercinch/imap_retention_manager:latest .
+
+dist: clean
+	rm -rf dist/*
+	python setup.py sdist
+	python setup.py bdist_wheel
+
+dist-upload:
+	twine upload dist/*

README.md

@@ -1,9 +1,9 @@
-# Common [![Build Status](https://drone.guise.net.nz/api/badges/ansible-roles/common/status.svg)](https://drone.guise.net.nz/ansible-roles/common) 
+# Common [![status-badge](https://ci.cybercinch.nz/api/badges/8/status.svg)](https://ci.cybercinch.nz/repos/8)
 =========
 
 A brief description of the role goes here.
 
-Requirements
+Requirements 
 ------------
 
 Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.

defaults/main.yml

@@ -9,7 +9,7 @@ dns_servers:
   - 1.0.0.1
   - 1.1.1.1
 
-ADMIN_GROUP: admins
+admin_group: admins
 
 
 common_grub_timeout: 5
@@ -24,15 +24,15 @@ common_packages:
   - bind-utils
   - yum-utils
   - unzip
-  
+
 win_packages:
   - notepadplusplus.install
   - firefoxesr
   - baretail
   - 7zip.install
-  
+
 apply_win_updates: false
 
 common_show_ipv6: false|bool
 common_root_pwd: l3tm31nN0w
-common_root_email: admin@somplace.co.nz
+common_root_email: admin@somplace.co.nz

files/helpers/set_dhcp_ip.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# This script will reset the IP Address back to default of DHCP
+# helpful for a pending restore
+
+/bin/nmcli c m "System eth0" ipv4.method auto
+/bin/nmcli c m "System eth0" ipv4.address "" ipv4.gateway ""
+/bin/nmcli connection up "System eth0"

files/helpers/set_static_ip.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# get subnet
+subnet=$(ip a | grep "inet " | tail -1 | awk '{print $2}')
+
+# get router/gateway
+router=$(ip route show | head -1 | awk '{print $3}')
+
+# get size of network portion of address in bytes
+sz=$(echo $subnet | awk -F / '{print $2}')
+bytes=$(("$sz" / 8))
+prefix=$(echo "$subnet" | cut -d. -f1-$bytes)      # e.g., 192.168.0
+
+# get IP address to be set
+IP=$(hostname -I | awk '{print $1}')             # current IP
+echo -n "Keep IP address?—$IP [yn]> "
+read -r ans
+if [ "$ans" == "n" ]; then
+  echo -n "Enter new IP address: "
+  read -r IP
+  # check if specified IP is properly formatted
+  if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+    echo Invalid IP
+  fi
+  # check if specified IP works for local network
+  if [[ ! $IP =~ ^$prefix ]]; then
+    echo "ERROR: Specified IP not usable for local network"
+    exit
+  fi
+fi
+
+# check if specified IP is properly formatted
+if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+  echo Invalid IP
+fi
+
+# fetch the UUID
+UUID=$(nmcli connection show | tail -1 | awk '{print $4}')
+if [[ "$UUID" == "ethernet" ]]; then
+ # This is the other format of nmcli connection show
+ UUID=$(nmcli connection show | head -2 | tail -1 | awk '{print $3}')
+fi
+
+# run commands to set up the permanent IP address
+nmcli connection modify "$UUID" IPv4.address "$IP"/"$sz"
+nmcli connection modify "$UUID" IPv4.gateway "$router"
+nmcli connection modify "$UUID" IPv4.method manual
+nmcli connection up "$UUID"

handlers/main.yml

@@ -15,10 +15,10 @@
     name: ntpd
     state: restarted
 
-- name: reboot windows
+- name: Reboot Windows
   win_reboot:
 
-- name: restart NetworkManager
+- name: Restart NetworkManager
   service:
     name: NetworkManager
     state: restarted

molecule/default/converge.yml

@@ -4,4 +4,4 @@
   tasks:
     - name: "Include common"
       include_role:
-        name: "common"
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"

molecule/default/molecule.yml

@@ -4,18 +4,21 @@ dependency:
 driver:
   name: docker
 platforms:
-  - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+  - name: molecule-${MOLECULE_DISTRO:-almalinux8}
+    image: "cybercinch/docker-${MOLECULE_DISTRO:-almalinux8}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
     privileged: true
     pre_build_image: true
 provisioner:
   name: ansible
+  env:
+    MOLECULE_NO_LOG: true
 # verifier:
 #  name: ansible
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
+# lint: |
+#   set -e
+#   yamllint .
+#   ansible-lint

requirements.txt

@@ -0,0 +1,6 @@
+ansible-core<2.17
+ansible-compat<4
+molecule[docker]<5.0.0
+ansible-lint==6.16.2
+yamllint==1.32.0
+passlib==1.7.4

requirements.yml

@@ -0,0 +1,3 @@
+collections:
+  - ansible.windows
+  - community.general

tasks/RedHat.yml

@@ -3,7 +3,7 @@
 - include_tasks: networking.yml
 
 - name: Ensure common packages (RHEL)
-  yum: 
+  yum:
     name: "{{ common_packages }}"
     state: present
     enablerepo: epel
@@ -17,7 +17,7 @@
     enablerepo: ol7_developer_EPEL
   when: ansible_distribution == 'OracleLinux'
   tags: packages
-  
+
 - name: Check if SELinux is installed
   stat:
     path: /etc/selinux/config
@@ -38,7 +38,9 @@
 #  tags: security
 
 - name: Create admin group
-  group: name={{ ADMIN_GROUP }} state=present
+  group:
+    name: "{{ admin_group }}"
+    state: present
 
 - name: Configure yum limit
   lineinfile:
@@ -49,25 +51,18 @@
 
 - name: Ensure Helpers are present
   copy:
-    src: "{{ helpers.src }}"
-    dest: "{{ helpers.dest }}"
+    src: helpers/
+    dest: /usr/local/bin/
     mode: u+rwx,g+rx,o+rx
-  with_items:
-    - src: helpers/reload_scsi_devices
-      dest: /usr/local/bin/reload_scsi_devices
-    - src: helpers/reload_scsi_hosts
-      dest: /usr/local/bin/reload_scsi_hosts
-  loop_control:
-    loop_var: helpers
-    
+
 - name: Ensure Hostname is set
-  hostname: 
+  hostname:
     name: "{{ inventory_hostname }}.{{ domain }}"
-  when: ansible_virtualization_type != "docker"
-    
+  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
+
 - name: Change root password
-  user:  
-    name: root 
+  user:
+    name: root
     password: "{{ common_root_pwd | password_hash('sha512') }}"
   changed_when: false
   tags: rootpw

tasks/Windows.yml

@@ -30,7 +30,7 @@
     admin_password: "{{ vault_ad_password }}"
     domain_name: "{{ authconfig_domain }}"
   when: ad_domain_joined
-  notify: reboot windows
+  notify: Reboot Windows
 - meta: flush_handlers
 
 - name: Ensure Important dirs exist
@@ -53,7 +53,7 @@
 - name: Apply Windows Updates
   win_updates:
   when: apply_windows_updates
-  notify: reboot windows
+  notify: Reboot Windows
 - meta: flush_handlers
 
 - name: Ensure default applications installed

tasks/communication.yml

@@ -1,7 +1,8 @@
 ---
 - name: Postfix Configuration
+  when: postfix_configure
   block:
-    - name: postfix | Apply postfix configuration
+    - name: Postfix | Apply postfix configuration
       lineinfile:
         dest: "{{ configurations.dest }}"
         regexp: "{{ configurations.regexp }}"
@@ -33,12 +34,11 @@
       loop_control:
         loop_var: configurations
 
-    - name: postfix | Ensure Postfix is Started/Enabled
+    - name: Postfix | Ensure Postfix is Started/Enabled
       service:
         name: postfix
         state: started
         enabled: yes
-  when: postfix_configure
 
 - name: Ensure root forwarding address is set
   lineinfile:

tasks/grub.yml

@@ -20,7 +20,7 @@
     no_extra_spaces: yes
   when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version > '6'"
   notify:
-    - Check if grub.cfg exists 
+    - Check if grub.cfg exists
     - Update GRUB
   tags:
-    - grub
+    - grub

tasks/networking.yml

@@ -1,4 +1,8 @@
 ---
+- name: What is virtualization type?
+  debug:
+    msg: "Virtualization is: {{ ansible_virtualization_type }}"
+
 - name: Ensure DNS and SSH common config
   template:
     src: "{{ network_config.src }}"
@@ -13,7 +17,7 @@
         a+r,
       }
     - { src: etc.resolv.conf.j2, dest: /etc/resolv.conf, mode: u+rw, a+r }
-  when: ansible_virtualization_type != "docker"
+  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
   loop_control:
     loop_var: network_config
   tags: dns
@@ -52,7 +56,7 @@
       }
   loop_control:
     loop_var: hosts_config
-  when: ansible_virtualization_type != "docker"
+  when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
 
 - name: Ensure NetworkManager does not fiddle DNS
   ini_file:
@@ -63,7 +67,7 @@
     backup: yes
   when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7")
   notify:
-    - restart NetworkManager
+    - Restart NetworkManager
   changed_when: false
 
 - name: Ensure correct permissions (hosts/resolv.conf)

templates/dynmotd

@@ -15,84 +15,89 @@
 #      /usr/local/bin/dynmotd
 #
 
-USER=`/usr/bin/env whoami`
-HOSTNAME=`/usr/bin/env uname -n | /usr/bin/env cut -d. -f1`
-IP=`/usr/bin/env ip route get 1 | /usr/bin/env grep -Po '(?<=src.)[\w\d.]+'`
-IP6=`/usr/bin/env ip -6 addr | /usr/bin/env awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
-NUM_CPU=`cat /proc/cpuinfo | grep processor | wc -l`
-#ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
-#HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
-#BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
-FILESYSTEMS=`cat /etc/fstab | grep -v '#' | grep -v 'swap' | awk '{if(NF>0) {print $2}}'`
-MEMORY=`/usr/bin/env free -m | /usr/bin/env grep "Mem" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
-SWAP=`/usr/bin/env free -m | /usr/bin/env grep "Swap" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
-PSA=`/usr/bin/env ps -Afl | /usr/bin/env wc -l`
+if getent group "{{ admin_group }}" | grep -qw "$(whoami)"; then
+    USER=`/usr/bin/env whoami`
+    HOSTNAME=`/usr/bin/env uname -n | /usr/bin/env cut -d. -f1`
+    IP=`/usr/bin/env ip route get 1 | /usr/bin/env grep -Po '(?<=src.)[\w\d.]+'`
+    IP6=`/usr/bin/env ip -6 addr | /usr/bin/env awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
+    NUM_CPU=`cat /proc/cpuinfo | grep processor | wc -l`
+    #ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
+    #HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
+    #BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
+    FILESYSTEMS=`cat /etc/fstab | grep -v '#' | grep -v 'swap' | grep -v 'proc' | awk '{if(NF>0) {print $2}}'`
+    MEMORY=`/usr/bin/env free -m | /usr/bin/env grep "Mem" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
+    SWAP=`/usr/bin/env free -m | /usr/bin/env grep "Swap" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
+    PSA=`/usr/bin/env ps -Afl | /usr/bin/env wc -l`
 
-# time of day
-HOUR=$(/usr/bin/env date +"%H")
-if [ $HOUR -lt 12  -a $HOUR -ge 0 ]
-then    TIME="morning"
-elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
-then    TIME="afternoon"
+    # time of day
+    HOUR=$(/usr/bin/env date +"%H")
+    if [ $HOUR -lt 12  -a $HOUR -ge 0 ]
+    then    TIME="morning"
+    elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
+    then    TIME="afternoon"
+    else
+        TIME="evening"
+    fi
+
+    #System uptime
+    uptime=`/usr/bin/env cat /proc/uptime | cut -f1 -d.`
+    upDays=$((uptime/60/60/24))
+    upHours=$((uptime/60/60%24))
+    upMins=$((uptime/60%60))
+    upSecs=$((uptime%60))
+
+    #System load
+    LOADAVG=`/usr/bin/env cat /proc/loadavg`
+    LOAD1=`echo $LOADAVG | /usr/bin/env awk {'print $1'}`
+    LOAD5=`echo $LOADAVG | /usr/bin/env awk {'print $2'}`
+    LOAD15=`echo $LOADAVG | /usr/bin/env awk {'print $3'}`
+
+    echo ""
+    echo -e "\e[7m--- GOOD $TIME $USER ----\e[0m"
+    echo ""
+    #MESSAGE=`/usr/bin/fortune | /usr/bin/cowsay`
+    #echo -e " $MESSAGE"
+
+    COLOR_COLUMN="\e[1m-"
+    COLOR_VALUE="\e[31m"
+    RESET_COLORS="\e[0m"
+    echo -e "
+    ===========================================================================
+    $COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
+    {% if common_show_ipv6 == true %}
+    $COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS  
+    $COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS  
+    {% else %} $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
+    {% endif %}
+    {% if ansible_distribution == "Alpine" %}
+    $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE Alpine `/usr/bin/env cat /etc/os-release` $RESET_COLORS
+    {% else %}
+    $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `/usr/bin/env cat /etc/os-release | /usr/bin/env grep PRETTY_NAME | /usr/bin/env cut -d '"' -f 2` $RESET_COLORS
+    {% endif %}
+    {% if ansible_distribution != "Alpine" %}
+    $COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
+    {% endif %}
+    =========================================================================== $RESET_COLORS
+    $COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
+    $COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
+    $COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
+    $COLOR_COLUMN- Memory used$RESET_COLORS.........: $COLOR_VALUE $MEMORY (total-used-free) $RESET_COLORS
+    $COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
+    $COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
+    $COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
+    {% if ansible_virtualization_type != "lxc" %}
+    $COLOR_COLUMN- Disk space$RESET_COLORS..........: "
+    for FS in ${FILESYSTEMS}; do
+    echo -e " $COLOR_COLUMN- ..........$RESET_COLORS..........: $COLOR_VALUE `df -H ${FS} | grep -v 'Filesystem' | grep -v '^[[:space:]]*$' | awk '{print $6 \" \" $4}'` remaining $RESET_COLORS"
+    done
+    {% endif %}
+    echo -e "
+    ===========================================================================
+    "
+    if [ -f /etc/motd ]; then
+    /usr/bin/env cat /etc/motd
+    fi
 else
-    TIME="evening"
-fi
-
-#System uptime
-uptime=`/usr/bin/env cat /proc/uptime | cut -f1 -d.`
-upDays=$((uptime/60/60/24))
-upHours=$((uptime/60/60%24))
-upMins=$((uptime/60%60))
-upSecs=$((uptime%60))
-
-#System load
-LOADAVG=`/usr/bin/env cat /proc/loadavg`
-LOAD1=`echo $LOADAVG | /usr/bin/env awk {'print $1'}`
-LOAD5=`echo $LOADAVG | /usr/bin/env awk {'print $2'}`
-LOAD15=`echo $LOADAVG | /usr/bin/env awk {'print $3'}`
-
-echo ""
-echo -e "\e[7m--- GOOD $TIME $USER ----\e[0m"
-echo ""
-#MESSAGE=`/usr/bin/fortune | /usr/bin/cowsay`
-#echo -e " $MESSAGE"
-
-COLOR_COLUMN="\e[1m-"
-COLOR_VALUE="\e[31m"
-RESET_COLORS="\e[0m"
-echo -e "
-===========================================================================
- $COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
-{% if common_show_ipv6 == true %}
- $COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS  
- $COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS  
-{% else %} $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
-{% endif %}
-{% if ansible_distribution == "Alpine" %}
- $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE Alpine `/usr/bin/env cat {{ ansible_distribution_file_path }}` $RESET_COLORS
-{% else %}
- $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `/usr/bin/env cat {{ ansible_distribution_file_path }} | /usr/bin/env grep PRETTY_NAME | /usr/bin/env cut -d '"' -f 2` $RESET_COLORS
-{% endif %}
-{% if ansible_distribution != "Alpine" %}
- $COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
-{% endif %}
-=========================================================================== $RESET_COLORS
- $COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
- $COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
- $COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
- $COLOR_COLUMN- Memory used$RESET_COLORS.........: $COLOR_VALUE $MEMORY (total-used-free) $RESET_COLORS
- $COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
- $COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
- $COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
-{% if ansible_virtualization_type != "lxc" %}
- $COLOR_COLUMN- Disk space$RESET_COLORS..........: "
-for FS in ${FILESYSTEMS}; do
-echo -e " $COLOR_COLUMN- ..........$RESET_COLORS..........: $COLOR_VALUE `df -H ${FS} | grep -v 'Filesystem' | grep -v '^[[:space:]]*$' | awk '{print $6 \" \" $4}'` remaining $RESET_COLORS"
-done
-{% endif %}
-echo -e "
-===========================================================================
-"
-if [ -f /etc/motd ]; then
- `/usr/bin/env cat /etc/motd`
-fi
+  # Just exit :)
+  exit 0
+fi;

test.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if getent group "wheel" | grep -qw "$(whoami)"; then
+  echo true
+else
+  echo false
+fi;

utils.libsonnet

@@ -1,42 +0,0 @@
-{
-docker_service()::
- {
-   name: 'docker',
-   image: 'docker:dind',
-   privileged: true,
-   volumes: [{ name: 'dockersock', path: '/var/run' },],
- },
-
-email_notification()::
- {
-   name: 'notify by email',
-   image: 'drillster/drone-email',
-   settings:
-    { host: 'mail.guise.net.nz',
-      username:
-        { from_secret: 'EMAIL_USER' },
-      password:
-        { from_secret: 'EMAIL_PASS' },
-      from: 'drone@guise.net.nz'
-    },
-   when:
-     {  status: [ 'changed', 'failure' ] },
-  },
-
-test_distro(distribution)::
-  {
-    name: 'Test on %(distribution)s' % { distribution: distribution },
-    volumes: [{ name: 'dockersock', path: '/var/run' },],
-    image: 'guisea/ansible-molecule:latest',
-    commands: [
-      'sleep 10', // give docker enough time to start
-      'mkdir ${DRONE_REPO_NAME}',
-      'rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}',
-      'cd ${DRONE_REPO_NAME}',
-      'molecule test'
-    ],
-    environment:
-     { MOLECULE_DISTRO: '%(distribution)s' % { distribution: distribution }
-     },
-  },
-}