fix!: fixed molecule tests, rewrote how custom variables are handled for hosts overrides; fixed invalid services names for clamav handlers

2023-11-29 00:00:00 +00:00 · 2023-11-29 00:00:00 +00:00 · dafa3fbc54
commit dafa3fbc54
parent 6026cfd195
23 changed files with 238 additions and 159 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/defaults/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/defaults/main.yml
@ -1,2 +1,7 @@
 ---
-security_clamav_version: 1.2.1
+security:
+  clamav:
+    version: 1.2.1
+
+custom_security: {}
+recursive_combine: true
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/handlers/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/handlers/main.yml
@ -14,7 +14,7 @@
 - name: '[freshclam] restart service'
  become: true
  ansible.builtin.systemd_service:
-    name: sshd.service
+    name: clamav-freshclam.service
    enabled: true
    state: restarted

@ -28,6 +28,6 @@
 - name: '[clamd] restart service'
  become: true
  ansible.builtin.systemd_service:
-    name: sshd.service
+    name: clamav-clamd.service
    enabled: true
    state: restarted
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/main.yml
@ -4,6 +4,11 @@
    gather_subset:
      - distribution

+- name: '[setup] merge with custom vars'
+  ansible.builtin.set_fact:
+    security: "{{ security | combine(custom_security, recursive=recursive_combine) }}"
+  changed_when: false
+
 - name: '[ssh] hardening sshd'
  become: true
  block:
@ -12,6 +17,11 @@
        src: ../templates/openssh-server/sshd_config.j2
        dest: /etc/ssh/sshd_config
        mode: '0644'
+    - name: '[ssh] ensure directories exist'
+      ansible.builtin.file:
+        path: /etc/ssh/sshd_config.d
+        state: directory
+        mode: '0755'
    - name: '[ssh] setup sshd_config.d'
      ansible.builtin.template:
        src: ../templates/openssh-server/sshd_config.d/encryption.conf.j2
@ -68,7 +78,7 @@
  block:
    - name: '[clamav] retrieve and install clamav package'
      ansible.builtin.apt:
-        deb: https://www.clamav.net/downloads/production/clamav-{{ security_clamav_version }}.linux.x86_64.deb
+        deb: https://www.clamav.net/downloads/production/clamav-{{ security.clamav.version }}.linux.x86_64.deb
        force_apt_get: true
        state: present
    - name: '[clamav] add clamav group'