ansible/xoxys.ucs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

refactor: migrate to woodpecker
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/notify Pipeline was successful
Details
ci/woodpecker/push/docs Pipeline was successful
Details

Browse Source
This commit is contained in:
Robert Kaussow 2024-09-25 21:30:11 +02:00
parent e407a750e4
commit 124e3902de
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
20 changed files with 282 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
.drone.jsonnet
View File

@ -1,124 +0,0 @@
local PipelineLinting = {
kind: 'pipeline',
name: 'linting',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
name: 'ansible-later',
image: 'thegeeklab/ansible-later',
commands: [
'ansible-later',
],
},
{
name: 'python-format',
image: 'python:3.11',
environment: {
PY_COLORS: 1,
},
commands: [
'pip install -qq yapf',
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
],
},
{
name: 'python-flake8',
image: 'python:3.11',
environment: {
PY_COLORS: 1,
},
commands: [
'pip install -qq flake8',
'flake8',
],
},
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
};
local PipelineDocumentation = {
kind: 'pipeline',
name: 'documentation',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
name: 'generate',
image: 'thegeeklab/ansible-doctor',
environment: {
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
},
},
{
name: 'publish',
image: 'plugins/gh-pages',
settings: {
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
netrc_machine: 'gitea.rknet.org',
username: { from_secret: 'gitea_username' },
password: { from_secret: 'gitea_token' },
pages_directory: '_docs/',
target_branch: 'docs',
},
when: {
ref: ['refs/heads/main'],
},
},
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
depends_on: [
'linting',
],
};
local PipelineNotification = {
kind: 'pipeline',
name: 'notification',
platform: {
os: 'linux',
arch: 'amd64',
},
clone: {
disable: true,
},
steps: [
{
name: 'matrix',
image: 'thegeeklab/drone-matrix',
settings: {
homeserver: { from_secret: 'matrix_homeserver' },
roomid: { from_secret: 'matrix_roomid' },
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
username: { from_secret: 'matrix_username' },
password: { from_secret: 'matrix_password' },
},
},
],
depends_on: [
'documentation',
],
trigger: {
status: ['success', 'failure'],
ref: ['refs/heads/main', 'refs/tags/**'],
},
};
[
PipelineLinting,
PipelineDocumentation,
PipelineNotification,
]

120
.drone.yml
View File

@ -1,120 +0,0 @@
---
kind: pipeline
name: linting
platform:
os: linux
arch: amd64
steps:
- name: ansible-later
image: thegeeklab/ansible-later
commands:
- ansible-later
- name: python-format
image: python:3.11
commands:
- pip install -qq yapf
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
environment:
PY_COLORS: 1
- name: python-flake8
image: python:3.11
commands:
- pip install -qq flake8
- flake8
environment:
PY_COLORS: 1
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
---
kind: pipeline
name: documentation
platform:
os: linux
arch: amd64
steps:
- name: generate
image: thegeeklab/ansible-doctor
environment:
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
- name: publish
image: plugins/gh-pages
settings:
netrc_machine: gitea.rknet.org
pages_directory: _docs/
password:
from_secret: gitea_token
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
target_branch: docs
username:
from_secret: gitea_username
when:
ref:
- refs/heads/main
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- linting
---
kind: pipeline
name: notification
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: matrix
image: thegeeklab/drone-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
username:
from_secret: matrix_username
trigger:
ref:
- refs/heads/main
- refs/tags/**
status:
- success
- failure
depends_on:
- documentation
---
kind: signature
hmac: fdc8576e915a103e3a4aec7dc8bf1068e602ee975ff6d0fb5d92ee2434d9d0ce
...

19
.later.yml
View File

@ -1,19 +0,0 @@
---
ansible:
custom_modules:
- iptables_raw
- openssl_pkcs12
- proxmox_kvm
- ucr
- corenetworks_dns
- corenetworks_token
rules:
exclude_files:
- molecule/
- "LICENSE*"
- "**/*.md"
- "**/*.ini"
exclude_filter:
- LINT0009

7
.markdownlint.yml Normal file
View File

@ -0,0 +1,7 @@
---
default: True
MD013: False
MD041: False
MD024: False
MD004:
style: dash

1
.prettierignore Normal file
View File

@ -0,0 +1 @@
LICENSE

47
.woodpecker/docs.yaml Normal file
View File

@ -0,0 +1,47 @@
---
when:
- event: [pull_request]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: generate
image: quay.io/thegeeklab/ansible-doctor
environment:
ANSIBLE_DOCTOR_EXCLUDE_FILES: "['molecule/']"
ANSIBLE_DOCTOR_RENDERER__FORCE_OVERWRITE: "true"
ANSIBLE_DOCTOR_LOGGING__LEVEL: info
ANSIBLE_DOCTOR_ROLE__NAME: ${CI_REPO_NAME}
ANSIBLE_DOCTOR_TEMPLATE__NAME: readme
- name: format
image: quay.io/thegeeklab/alpine-tools
commands:
- prettier -w README.md
- name: diff
image: quay.io/thegeeklab/alpine-tools
commands:
- git diff --color=always README.md
- name: publish
image: quay.io/thegeeklab/wp-git-action
settings:
action:
- commit
- push
author_email: ci-bot@rknet.org
author_name: ci-bot
branch: main
message: "[skip ci] automated docs update"
netrc_machine: gitea.rknet.org
netrc_password:
from_secret: gitea_token
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
depends_on:
- lint

30
.woodpecker/lint.yaml Normal file
View File

@ -0,0 +1,30 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: ansible-lint
image: quay.io/thegeeklab/ansible-dev-tools:1
commands:
- ansible-lint
environment:
FORCE_COLOR: "1"
- name: python-format
image: docker.io/python:3.12
commands:
- pip install -qq ruff
- ruff format --check --diff .
environment:
PY_COLORS: "1"
- name: python-lint
image: docker.io/python:3.12
commands:
- pip install -qq ruff
- ruff check .
environment:
PY_COLORS: "1"

26
.woodpecker/notify.yml Normal file
View File

@ -0,0 +1,26 @@
---
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
runs_on: [success, failure]
steps:
- name: matrix
image: quay.io/thegeeklab/wp-matrix
settings:
homeserver:
from_secret: matrix_homeserver
room_id:
from_secret: matrix_room_id
user_id:
from_secret: matrix_user_id
access_token:
from_secret: matrix_access_token
when:
- status: [failure]
depends_on:
- docs

20
.yamllint Normal file
View File

@ -0,0 +1,20 @@
---
extends: default
rules:
truthy:
allowed-values: ["True", "False"]
comments:
min-spaces-from-content: 1
comments-indentation: False
line-length: disable
braces:
min-spaces-inside: 0
max-spaces-inside: 1
brackets:
min-spaces-inside: 0
max-spaces-inside: 0
indentation: enable
octal-values:
forbid-implicit-octal: True
forbid-explicit-octal: True

18
handlers/main.yml
View File

@ -1,30 +1,24 @@
---
- name: Restart apache service
service:
ansible.builtin.service:
name: apache2
state: restarted
enabled: yes
enabled: True
listen: __ucs_apache_restart
when: ucs_custom_tls_apache2_enabled
become: True
become_user: root
- name: Restart dovecot service
service:
ansible.builtin.service:
name: dovecot
state: restarted
enabled: yes
enabled: True
listen: __ucs_dovecot_restart
when: ucs_custom_tls_dovecot_enabled
become: True
become_user: root
- name: Restart postfix service
service:
ansible.builtin.service:
name: postfix
state: restarted
enabled: yes
enabled: True
listen: __ucs_postfix_restart
when: ucs_custom_tls_postfix_enabled
become: True
become_user: root

8
meta/main.yml
View File

@ -1,4 +1,3 @@
# Standards: 0.2
---
galaxy_info:
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
@ -21,16 +20,13 @@ galaxy_info:
# @end
description: Configure an Univention Corporate Server
license: MIT
min_ansible_version: 2.10
min_ansible_version: "2.10"
platforms:
- name: EL
versions:
- 7
- "9"
galaxy_tags:
- univention
- ucs
- domain
dependencies: []
collections:
- xoxys.general
- community.general

17
pyproject.toml Normal file
View File

@ -0,0 +1,17 @@
[tool.ruff]
exclude = [".git", "__pycache__"]
line-length = 99
indent-width = 4
[tool.ruff.lint]
ignore = ["W191", "E111", "E114", "E117", "S101", "S105"]
select = ["F", "E", "I", "W", "S"]
[tool.ruff.format]
quote-style = "double"
indent-style = "space"
line-ending = "lf"
[tool.pytest.ini_options]
filterwarnings = ["ignore::FutureWarning", "ignore::DeprecationWarning"]

7
requirements.yml Normal file
View File

@ -0,0 +1,7 @@
---
collections:
- name: https://gitea.rknet.org/ansible/xoxys.general
type: git
- name: ansible.posix
roles: []

12
setup.cfg
View File

@ -1,12 +0,0 @@
[flake8]
ignore = D100, D101, D102, D103, D105, D107, E402, W503
max-line-length = 99
inline-quotes = double
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
[yapf]
based_on_style = google
column_limit = 99
dedent_closing_brackets = true
coalesce_brackets = true
split_before_logical_operator = true

18
tasks/cron.yml
View File

@ -1,18 +0,0 @@
---
- name: Setup custom cronjobs
cron:
name: "{{ item.name }}"
minute: "{{ item.minute | default(0) }}"
hour: "{{ item.hour | default(3) }}"
day: "{{ item.day | default('*') }}"
weekday: "{{ item.weekday | default('*') }}"
month: "{{ item.month | default('*') }}"
user: "{{ item.user | default('root') }}"
cron_file: univention-custom
job: "{{ item.job }}"
state: "{{ item.state | default('present') }}"
loop: "{{ ucs_cronjobs }}"
loop_control:
label: "{{ item.name }}"
become: True
become_user: root

15
tasks/filesystem.yml
View File

@ -1,15 +0,0 @@
---
- name: Set acl for shares
acl:
path: "{{ item.path }}"
entity: "{{ item.entity }}"
etype: "{{ item.etype }}"
permissions: "{{ item.permissions }}"
state: "{{ item.state | default('query') }}"
recursive: "{{ item.recursive | default('no') }}"
default: "{{ item.default | default('no') }}"
loop: "{{ ucs_filesystem_acl }}"
loop_control:
label: "{{ item.path }}"
become: True
become_user: root

55
tasks/main.yml
View File

@ -1,7 +1,52 @@
---
- include_tasks: registry.yml
- include_tasks: users_groups.yml
- include_tasks: filesystem.yml
- include_tasks: cron.yml
- import_tasks: tls.yml
- name: Set system settings to registry
xoxys.general.ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
state: "{{ item.state | default('present') }}"
loop: "{{ __usc_registry_settings + ucs_registry_extra }}"
- name: Create system groups
community.general.udm_group:
name: "{{ item.name }}"
description: "{{ item.description | default(omit) }}"
subpath: "{{ item.subpath | default(omit) }}"
ou: "{{ item.ou | default(omit) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ ucs_system_groups }}"
loop_control:
label: "{{ item.name }}"
- name: Set acl for shares
ansible.posix.acl:
path: "{{ item.path }}"
entity: "{{ item.entity }}"
etype: "{{ item.etype }}"
permissions: "{{ item.permissions }}"
state: "{{ item.state | default('query') }}"
recursive: "{{ item.recursive | default('no') }}"
default: "{{ item.default | default('no') }}"
loop: "{{ ucs_filesystem_acl }}"
loop_control:
label: "{{ item.path }}"
- name: Setup custom cronjobs
ansible.builtin.cron:
name: "{{ item.name }}"
minute: "{{ item.minute | default(0) }}"
hour: "{{ item.hour | default(3) }}"
day: "{{ item.day | default('*') }}"
weekday: "{{ item.weekday | default('*') }}"
month: "{{ item.month | default('*') }}"
user: "{{ item.user | default('root') }}"
cron_file: univention-custom
job: "{{ item.job }}"
state: "{{ item.state | default('present') }}"
loop: "{{ ucs_cronjobs }}"
loop_control:
label: "{{ item.name }}"
- name: Deploy custom tls certs
ansible.builtin.import_tasks: tls.yml
when: ucs_custom_tls_enabled
tags: tls_renewal

10
tasks/registry.yml
View File

@ -1,10 +0,0 @@
---
- block:
- name: Set system settings to registry
ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
state: "{{ item.state | default('present') }}"
loop: "{{ __usc_registry_settings + ucs_registry_extra }}"
become: True
become_user: root

58
tasks/tls.yml
View File

@ -1,22 +1,25 @@
---
- block:
- name: Create tls folder structure
file:
- name: Create tls folder structure
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0700
mode: "0700"
loop:
- "{{ ucs_tls_certs_dir }}"
- "{{ ucs_tls_key_dir }}"
- name: Copy certs and private key
copy:
- name: Copy certs and private key
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "{{ ucs_tls_cert_path }}", dest: "{{ ucs_tls_certs_dir }}/ucs.pem", mode: '0600' }
- { src: "{{ ucs_tls_key_path }}", dest: "{{ ucs_tls_key_dir }}/ucs.pem", mode: '0750' }
- src: "{{ ucs_tls_cert_path }}"
dest: "{{ ucs_tls_certs_dir }}/ucs.pem"
mode: "0600"
- src: "{{ ucs_tls_key_path }}"
dest: "{{ ucs_tls_key_dir }}/ucs.pem"
mode: "0750"
loop_control:
label: "{{ item.dest }}"
notify:
@ -24,43 +27,48 @@
- __ucs_dovecot_restart
- __ucs_postfix_restart
- name: Set apache2 ucr vars
ucr:
- name: Set apache2 ucr vars
xoxys.general.ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
loop:
- { path: apache2/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- { path: apache2/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- { path: saml/apache2/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- { path: saml/apache2/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- path: apache2/ssl/certificate
value: "{{ ucs_tls_certs_dir }}/ucs.pem"
- path: apache2/ssl/key
value: "{{ ucs_tls_key_dir }}/ucs.pem"
- path: saml/apache2/ssl/certificate
value: "{{ ucs_tls_certs_dir }}/ucs.pem"
- path: saml/apache2/ssl/key
value: "{{ ucs_tls_key_dir }}/ucs.pem"
loop_control:
label: "variable: {{ item.path }}={{ item.value }}"
notify: __ucs_apache_restart
when: ucs_custom_tls_apache2_enabled
- name: Set dovecot ucr vars
ucr:
- name: Set dovecot ucr vars
xoxys.general.ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
loop:
- { path: mail/dovecot/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- { path: mail/dovecot/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- path: mail/dovecot/ssl/certificate,
value: "{{ ucs_tls_certs_dir }}/ucs.pem"
- path: mail/dovecot/ssl/key
value: "{{ ucs_tls_key_dir }}/ucs.pem"
loop_control:
label: "variable: {{ item.path }}={{ item.value }}"
notify: __ucs_dovecot_restart
when: ucs_custom_tls_dovecot_enabled
- name: Set postfix ucr vars
ucr:
- name: Set postfix ucr vars
xoxys.general.ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
loop:
- { path: mail/postfix/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- { path: mail/postfix/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- path: mail/postfix/ssl/certificate
value: "{{ ucs_tls_certs_dir }}/ucs.pem"
- path: mail/postfix/ssl/key
value: "{{ ucs_tls_key_dir }}/ucs.pem"
loop_control:
label: "variable: {{ item.path }}={{ item.value }}"
notify: __ucs_postfix_restart
when: ucs_custom_tls_postfix_enabled
become: True
become_user: root
when: ucs_custom_tls_enabled

13
tasks/users_groups.yml
View File

@ -1,13 +0,0 @@
---
- name: Create system groups
udm_group:
name: "{{ item.name }}"
description: "{{ item.description | default(omit) }}"
subpath: "{{ item.subpath | default(omit) }}"
ou: "{{ item.ou | default(omit) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ ucs_system_groups }}"
loop_control:
label: "{{ item.name }}"
become: True
become_user: root