fix!: fixed molecule tests, rewrote how custom variables are handled for hosts overrides; fixed invalid services names for clamav handlers

2023-11-29 00:00:00 +00:00 · 2023-11-29 00:00:00 +00:00 · dafa3fbc54
commit dafa3fbc54
parent 6026cfd195
23 changed files with 238 additions and 159 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/common/defaults/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/common/defaults/main.yml
@ -1,13 +1,19 @@
 ---
-custom_github_token: ""
-common_user_account: "{{ custom_base_user_account | lower }}"
-common_gitconfig_enable: false
-common_gitconfig_username: ""
-common_gitconfig_email: ""
-common_gitconfig_force_sign: false
-common_gitconfig_signingkey: ""
-common_apt_packages: []
-common_install_fonts: false
 common:
-  apt_components: ['contrib', 'non-free', 'non-free-firmware']
-  deb822_format: false
+  apt:
+    source_components: ['contrib', 'non-free', 'non-free-firmware']
+    packages: []
+    deb822_format: false
+  git:
+    enable: false
+    username: ""
+    email: ""
+    force_sign: false
+    signing_key: ""
+  github_token: "{{ custom_github_token | default('') }}"
+  install_fonts: false
+  sysctl: {}
+  user_account: "{{ custom_base_user_account | default('root') }}"
+
+custom_common: {}
+recursive_combine: true
--- a/collections/ansible_collections/nullified/infrastructure/roles/common/tasks/home_setup.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/common/tasks/home_setup.yml
@ -2,16 +2,16 @@
 - name: '[home] get user account information'
  ansible.builtin.getent:
    database: passwd
-    key: "{{ common_user_account }}"
+    key: "{{ common.user_account }}"
    split: ":"
  changed_when: false
-  when: getent_passwd is undefined or common_user_account not in getent_passwd
+  when: getent_passwd is undefined or common.user_account not in getent_passwd

 - name: '[home] create common directories'
  become: true
-  become_user: "{{ common_user_account }}"
+  become_user: "{{ common.user_account }}"
  ansible.builtin.file:
-    path: "{{ getent_passwd[common_user_account][4] }}/{{ item }}"
+    path: "{{ getent_passwd[common.user_account][4] }}/{{ item }}"
    state: directory
    mode: '0750'
  loop:
@ -22,19 +22,19 @@

 - name: '[home] setup home files'
  become: true
-  become_user: "{{ common_user_account }}"
+  become_user: "{{ common.user_account }}"
  block:
    - name: '[home] git configuration'
      ansible.builtin.template:
        src: ../templates/home/.gitconfig.j2
-        dest: "{{ getent_passwd[common_user_account][4] }}/.gitconfig"
+        dest: "{{ getent_passwd[common.user_account][4] }}/.gitconfig"
        mode: '0640'
-      when: common_gitconfig_enable | bool
+      when: common.git.enable is truthy

    - name: '[home] basic files'
      ansible.builtin.copy:
        src: "../templates/home/{{ item.name }}"
-        dest: "{{ getent_passwd[common_user_account][4] }}/{{ item.name }}"
+        dest: "{{ getent_passwd[common.user_account][4] }}/{{ item.name }}"
        mode: "{{ item.mode | default('0640') }}"
      loop:
        - { name: ".lessfilter", mode: '0750' }
--- a/collections/ansible_collections/nullified/infrastructure/roles/common/tasks/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/common/tasks/main.yml
@ -1,7 +1,7 @@
 ---
- name: '[common] merge with custom vars'
-  set_fact:
-    common: "{{ common|combine(custom_common) }}"
+- name: '[setup] merge with custom vars'
+  ansible.builtin.set_fact:
+    common: "{{ common | combine(custom_common, recursive=recursive_combine) }}"
  changed_when: false

 - name: '[apt] verify components of default sources'
@ -11,15 +11,15 @@
        path: '/etc/apt/sources.list'
        regexp: '^(deb((?!{{ item }}).)+)$'
        replace: '\1 {{ item }}'
-      when: not common.deb822_format | bool
-      loop: '{{ common.apt_components }}'
+      when: not common.apt.deb822_format | bool
+      loop: '{{ common.apt.source_components }}'
    - name: '[apt] default deb822 debian.sources'
      ansible.builtin.replace:
        path: '/etc/apt/sources.list.d/debian.sources'
        regexp: '^(Components: ((?!{{ item }}).)+)$'
        replace: '\1 {{ item }}'
-      loop: '{{ common.apt_components }}'
-      when: common.deb822_format | bool
+      loop: '{{ common.apt.source_components }}'
+      when: common.apt.deb822_format | bool

 - name: '[apt] install dependencies and tools'
  become: true
@ -57,14 +57,14 @@
      - yq
    state: present

- name: '[GitHub] install tools'
+- name: '[github] install tools'
  become: true
  nullified.infrastructure.github_artifact:
    asset_name: "{{ item.asset_name | default('') }}"
    asset_type: "{{ item.asset_type }}"
    cmds: "{{ item.cmds | default([]) }}"
    creates: "{{ item.creates | default('') }}"
-    github_token: "{{ custom_github_token }}"
+    github_token: "{{ common.github_token }}"
    repository: "{{ item.repository }}"
    version: "{{ item.version | default('') }}"
  loop:
@ -110,7 +110,9 @@
    src: ../templates/system/sysctld.local.conf.j2
    dest: /etc/sysctl.d/local.conf
    mode: '0644'
-  when: custom_sysctl is defined
+  when: common.sysctl is truthy
+  vars:
+    sysctl_values: "{{ common.sysctl }}"
  notify:
    - 'common : [system] reload sysctl configuration'

@ -121,7 +123,7 @@
    force_apt_get: true
    cache_valid_time: 3600
    pkg:
-      "{{ common_apt_packages }}"
+      "{{ common.apt.packages }}"

 - include_tasks: home_setup.yml

--- a/collections/ansible_collections/nullified/infrastructure/roles/common/tasks/shell_customization.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/common/tasks/shell_customization.yml
@ -2,10 +2,10 @@
 - name: '[home] get user account information'
  ansible.builtin.getent:
    database: passwd
-    key: "{{ common_user_account }}"
+    key: "{{ common.user_account }}"
    split: ":"
  changed_when: false
-  when: getent_passwd is undefined or common_user_account not in getent_passwd
+  when: getent_passwd is undefined or common.user_account not in getent_passwd

 - name: '[shell] install ZSH and dependencies'
  become: true
@ -20,7 +20,7 @@

 - name: '[shell] install custom fonts'
  become: true
-  become_user: "{{ common_user_account }}"
+  become_user: "{{ common.user_account }}"
  block:
    - name: '[fonts] add fonts tooling'
      become_user: root
@ -34,18 +34,18 @@
    - name: '[fonts] adding fonts'
      ansible.builtin.copy:
        src: ../assets/fonts/
-        dest: "{{ getent_passwd[common_user_account][4] }}/.local/share/fonts"
+        dest: "{{ getent_passwd[common.user_account][4] }}/.local/share/fonts"
        mode: '0640'

    - name: '[fonts] refresh fonts cache'
      ansible.builtin.command:
        cmd: fc-cache
      changed_when: false
-  when: common_install_fonts | bool
+  when: common.install_fonts is truthy

 - name: '[shell] install Oh-My-ZSH'
  become: true
-  become_user: "{{ common_user_account }}"
+  become_user: "{{ common.user_account }}"
  block:
    - name: '[omz] get install script'
      ansible.builtin.get_url:
@ -56,22 +56,22 @@
    - name: '[omz] install OMZ'
      ansible.builtin.command:
        cmd: sh /tmp/zsh-install.sh --unattended
-        creates: "{{ getent_passwd[common_user_account][4] }}/.oh-my-zsh"
+        creates: "{{ getent_passwd[common.user_account][4] }}/.oh-my-zsh"

 - name: '[shell] install powerlevel10k customization for OMZ'
  become: true
-  become_user: "{{ common_user_account }}"
+  become_user: "{{ common.user_account }}"
  ansible.builtin.git:
    repo: https://github.com/romkatv/powerlevel10k.git
-    dest: "{{ getent_passwd[common_user_account][4] }}/.oh-my-zsh/custom/themes/powerlevel10k"
+    dest: "{{ getent_passwd[common.user_account][4] }}/.oh-my-zsh/custom/themes/powerlevel10k"
    depth: 1

 - name: '[home] copy zsh files'
  become: true
-  become_user: "{{ common_user_account }}"
+  become_user: "{{ common.user_account }}"
  ansible.builtin.copy:
    src: "../templates/home/{{ item }}"
-    dest: "{{ getent_passwd[common_user_account][4] }}/{{ item }}"
+    dest: "{{ getent_passwd[common.user_account][4] }}/{{ item }}"
    mode: '0640'
  loop:
    - .p10k.zsh
@ -84,6 +84,6 @@
 - name: '[shell] update user shell to ZSH'
  become: true
  ansible.builtin.user:
-    name: "{{ common_user_account }}"
+    name: "{{ common.user_account }}"
    shell: "/usr/bin/zsh"
    state: present
--- a/collections/ansible_collections/nullified/infrastructure/roles/common/templates/home/.gitconfig.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/common/templates/home/.gitconfig.j2
@ -1,17 +1,17 @@
 [user]
-    name = {{ common_gitconfig_username }}
-    email = {{ common_gitconfig_email }}
-{% if common_gitconfig_force_sign and common_gitconfig_signingkey %}
-    signingkey = {{ common_gitconfig_signingkey }}
+    name = {{ common.git.username }}
+    email = {{ common.git.email }}
+{% if common.git.force_sign and common.git.signing_key %}
+    signingkey = {{ common.git.signing_key }}
 {% endif %}
 [commit]
-{% if common_gitconfig_force_sign %}
+{% if common.git.force_sign %}
    gpgsign = true
 {% else %}
    gpgsign = false
 {% endif %}
 [tag]
-{% if common_gitconfig_force_sign %}
+{% if common.git.force_sign %}
    gpgsign = true
 {% else %}
    gpgsign = false
@ -104,4 +104,4 @@
    statusUoption = false
    submoduleAlternateErrorStrategyDie = false
    waitingForEditor = false
-{% endraw %}
+{% endraw %}
--- a/collections/ansible_collections/nullified/infrastructure/roles/common/templates/system/sysctld.local.conf.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/common/templates/system/sysctld.local.conf.j2
@ -1,3 +1,3 @@
-{% for item in custom_sysctl.keys() -%}
-    {{ item }} = {{ custom_sysctl[item] }}
+{% for item in sysctl_values.keys() -%}
+    {{ item }} = {{ sysctl_values[item] }}
 {% endfor %}