diff --git a/.later.yml b/.later.yml index 07e8dc4..1d2a51d 100644 --- a/.later.yml +++ b/.later.yml @@ -4,4 +4,8 @@ rules: - molecule/ubuntu/tests - README.md +yamllint: + document-end: + present: True + ... diff --git a/defaults/main.yml b/defaults/main.yml index 703183b..e24ebd5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,3 @@ -# Standards: 1.2 --- # @var ipsec_charon_debug:description: Debugging levels for charon ipsec_charon_debug: ike 1, knl 1, cfg 0 diff --git a/flake.lock b/flake.lock index 526cd37..28755a1 100644 --- a/flake.lock +++ b/flake.lock @@ -2,15 +2,15 @@ "nodes": { "devshell": { "inputs": { - "nixpkgs": "nixpkgs", - "systems": "systems" + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1692793255, - "narHash": "sha256-yVyj0AE280JkccDHuG1XO9oGxN6bW8ksr/xttXcXzK0=", + "lastModified": 1705332421, + "narHash": "sha256-USpGLPme1IuqG78JNqSaRabilwkCyHmVWY0M9vYyqEA=", "owner": "numtide", "repo": "devshell", - "rev": "2aa26972b951bc05c3632d4e5ae683cb6771a7c6", + "rev": "83cb93d6d063ad290beee669f4badf9914cc16ec", "type": "github" }, "original": { @@ -22,11 +22,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -40,11 +40,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1706830856, + "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", "type": "github" }, "original": { @@ -53,15 +53,33 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_2" }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -78,11 +96,11 @@ ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", "type": "github" }, "original": { @@ -93,11 +111,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677383253, - "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", + "lastModified": 1704161960, + "narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9952d6bc395f5841262b006fbace8dd7e143b634", + "rev": "63143ac2c9186be6d9da6035fa22620018c85932", "type": "github" }, "original": { @@ -110,11 +128,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1690881714, - "narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=", + "lastModified": 1706550542, + "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e1960bc196baf6881340d53dccb203a951745a2", + "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", "type": "github" }, "original": { @@ -127,27 +145,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1685801374, - "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", + "lastModified": 1704874635, + "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", + "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1693377291, - "narHash": "sha256-vYGY9bnqEeIncNarDZYhm6KdLKgXMS+HA2mTRaWEc80=", + "lastModified": 1706913249, + "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e7f38be3775bab9659575f192ece011c033655f0", + "rev": "e92b6015881907e698782c77641aa49298330223", "type": "github" }, "original": { @@ -159,11 +177,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1689261696, - "narHash": "sha256-LzfUtFs9MQRvIoQ3MfgSuipBVMXslMPH/vZ+nM40LkA=", + "lastModified": 1704842529, + "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "df1eee2aa65052a18121ed4971081576b25d6b5c", + "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", "type": "github" }, "original": { @@ -176,17 +194,17 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "gitignore": "gitignore", "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1692274144, - "narHash": "sha256-BxTQuRUANQ81u8DJznQyPmRsg63t4Yc+0kcyq6OLz8s=", + "lastModified": 1706424699, + "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa", + "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf", "type": "github" }, "original": { diff --git a/handlers/main.yml b/handlers/main.yml index 86c96ea..201fbb5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,7 +1,6 @@ -# Standards: 1.2 --- - name: Reload strongswan - systemd: + ansible.builtin.systemd: name: "{{ ipsec_service_name }}" state: reloaded daemon_reload: True diff --git a/meta/main.yml b/meta/main.yml index 952b0fa..12eeffe 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,4 +1,3 @@ -# Standards: 1.2 --- # @meta author:value: [Thomas Boerger](https://github.com/tboerger) # @meta description: > @@ -28,7 +27,6 @@ galaxy_info: platforms: - name: Ubuntu versions: - - bionic - focal - jammy galaxy_tags: diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index d396cc4..abacf34 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,4 +1,3 @@ -# Standards: 1.2 --- - name: Converge hosts: all diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 9b62f4b..2bd251f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,4 +1,3 @@ -# Standards: 1.2 --- dependency: name: galaxy @@ -41,21 +40,6 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw environment: container: docker - - name: ipsec-ubuntu-18 - image: docker.io/geerlingguy/docker-ubuntu1804-ansible:latest - hostname: ubuntu - privileged: True - pre_build_image: True - override_command: False - cgroupns_mode: host - tmpfs: - - /tmp - - /run - - /run/lock - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - environment: - container: docker provisioner: name: ansible diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 17c083a..2b6e8c7 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,21 +1,51 @@ -# Standards: 1.2 --- - name: Prepare hosts: all gather_facts: False tasks: + - name: Stat apt dir + register: aptdir + ansible.builtin.stat: + path: /var/lib/apt + - name: Wait for aptlock - shell: while fuser /var/lib/apt/lists/lock >/dev/null 2>&1; do echo 'Waiting for apt list lock.' && sleep 10; done + when: aptdir.stat.exists changed_when: False + ansible.builtin.shell: + cmd: while fuser /var/lib/apt/lists/lock >/dev/null 2>&1; do echo 'Waiting for apt list lock.' && sleep 10; done - name: Update package cache - apt: + when: aptdir.stat.exists + ansible.builtin.apt: update_cache: True - - name: Install gpg dependency - apt: - name: python3-gpg + - name: Install test dependencies + when: aptdir.stat.exists + loop: + - python3-gpg + - curl + ansible.builtin.apt: + name: "{{ item }}" state: present + - name: Create man dirs + changed_when: False + loop: + - /usr/share/man/man1 + - /usr/share/man/man2 + - /usr/share/man/man3 + - /usr/share/man/man4 + - /usr/share/man/man5 + - /usr/share/man/man6 + - /usr/share/man/man7 + - /usr/share/man/man8 + - /usr/share/man/man9 + ansible.builtin.file: + path: "{{ item }}" + owner: root + group: root + mode: u=rwx,g=rx,o=rx + state: directory + ... diff --git a/molecule/requirements.yml b/molecule/requirements.yml index 89d85f0..586fd81 100644 --- a/molecule/requirements.yml +++ b/molecule/requirements.yml @@ -1,4 +1,3 @@ -# Standards: 1.2 --- collections: [] roles: [] diff --git a/tasks/main.yml b/tasks/main.yml index 76abece..565b96f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,6 @@ -# Standards: 1.2 --- - name: Include OS vars - include_vars: "{{ item }}" + ansible.builtin.include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version }}.yml" - "{{ ansible_distribution | lower }}.yml" @@ -18,7 +17,7 @@ - libstrongswan-extra-plugins - libstrongswan-standard-plugins - libcharon-extra-plugins - package: + ansible.builtin.package: name: "{{ item }}" state: present tags: @@ -27,7 +26,7 @@ - name: Write secrets config notify: - Reload strongswan - template: + ansible.builtin.template: src: secrets.j2 dest: /etc/ipsec.secrets owner: root @@ -39,7 +38,7 @@ - name: Write ipsec config notify: - Reload strongswan - template: + ansible.builtin.template: src: config.j2 dest: /etc/ipsec.conf owner: root @@ -49,7 +48,7 @@ - ipsec - name: Start strongswan service - systemd: + ansible.builtin.systemd: name: "{{ ipsec_service_name }}" state: started daemon_reload: True diff --git a/vars/ubuntu-18.04.yml b/vars/ubuntu-18.04.yml index 10c962d..cb363b0 100644 --- a/vars/ubuntu-18.04.yml +++ b/vars/ubuntu-18.04.yml @@ -1,4 +1,3 @@ -# Standards: 1.2 --- ipsec_service_name: strongswan diff --git a/vars/ubuntu-20.04.yml b/vars/ubuntu-20.04.yml index 0b9f129..2f6d354 100644 --- a/vars/ubuntu-20.04.yml +++ b/vars/ubuntu-20.04.yml @@ -1,4 +1,3 @@ -# Standards: 1.2 --- ipsec_service_name: strongswan-starter diff --git a/vars/ubuntu-22.04.yml b/vars/ubuntu-22.04.yml index 0b9f129..2f6d354 100644 --- a/vars/ubuntu-22.04.yml +++ b/vars/ubuntu-22.04.yml @@ -1,4 +1,3 @@ -# Standards: 1.2 --- ipsec_service_name: strongswan-starter