Default to an empty list for apache_md_cert_copy

f4c3ad04 · Chris Croome · 0f5dae77 · f4c3ad04 · f4c3ad04 · f4c3ad04
Verified Commit f4c3ad04 authored 1 month ago by Chris Croome
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -40,14 +40,14 @@ stages:
  - trixie
  - bookworm
 trixie:
-  image: registry.git.coop/webarch/containers/images/trixie:20250113
+  image: registry.git.coop/webarch/containers/images/trixie:20250213
  stage: trixie
  script:
    - pre-commit install
    - pre-commit run --all-files
    - molecule test --all
 bookworm:
-  image: registry.git.coop/webarch/containers/images/bookworm:20250113
+  image: registry.git.coop/webarch/containers/images/bookworm:20250213
  stage: bookworm
  script:
    - pre-commit install

--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -25,7 +25,7 @@ repos:
          - templates
  # https://github.com/jackdewinter/pymarkdown/releases
  - repo: https://github.com/jackdewinter/pymarkdown.git
-    rev: v0.9.27
+    rev: v0.9.28
    hooks:
      - id: pymarkdown
        name: Markdown Lint

--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -184,51 +184,56 @@ apache_mods_disabled: []
  # - usertrack
  # - vhost_alias
  # - xml2enc
-apache_md_cert_copy:
-  # Copy the mod_md key pair for Exim4
-  - name: exim4
-    restart: true
-    pkgs:
-      - exim4-config
-      - exim4-daemon-light
-    privkey:
-      src: "/etc/apache2/md/domains/{{ inventory_hostname }}/privkey.secp384r1.pem"
-      dest: /etc/exim4/exim.key
-      owner: Debian-exim
-      group: ssl-cert
-      mode: "0640"
-    pubcert:
-      src: "/etc/apache2/md/domains/{{ inventory_hostname }}/pubcert.secp384r1.pem"
-      dest: /etc/exim4/exim.crt
-      owner: Debian-exim
-      group: ssl-cert
-      mode: "0640"
-    special_time: daily
-  # Copy the mod_md key pair for Authentik
-  # - name: docker
-  #   restart: false
-  #   dirs:
-  #     - path: "/home/authentik/authentik/certs/{{ inventory_hostname }}"
-  #       owner: authentik
-  #       group: authentik
-  #       mode: "0750"
-  #   pkgs:
-  #     - docker-ce
-  #     - docker-ce-cli
-  #     - docker-compose-plugin
-  #   privkey:
-  #     src: "/etc/apache2/md/domains/{{ inventory_hostname }}/privkey.secp384r1.pem"
-  #     dest: "/home/authentik/authentik/certs/{{ inventory_hostname }}/privkey.pem"
-  #     owner: authentik
-  #     group: authentik
-  #     mode: "0640"
-  #   pubcert:
-  #     src: "/etc/apache2/md/domains/{{ inventory_hostname }}/pubcert.secp384r1.pem"
-  #     dest: "/home/authentik/authentik/certs/{{ inventory_hostname }}/fullchain.pem"
-  #     owner: authentik
-  #     group: authentik
-  #     mode: "0640"
-  #   special_time: daily
+apache_md_cert_copy: []
+# apache_md_cert_copy is an empty list by default as when Apache is first
+# installed cert's won't exist so the tasks to copy the certs will fail.  In
+# addition the paths for the Apache MD verts might well need adjusting for each
+# server.
+# apache_md_cert_copy:
+#   # Copy the mod_md key pair for Exim4
+#   - name: exim4
+#     restart: true
+#     pkgs:
+#       - exim4-config
+#       - exim4-daemon-light
+#     privkey:
+#       src: "/etc/apache2/md/domains/{{ inventory_hostname }}/privkey.secp384r1.pem"
+#       dest: /etc/exim4/exim.key
+#       owner: Debian-exim
+#       group: ssl-cert
+#       mode: "0640"
+#     pubcert:
+#       src: "/etc/apache2/md/domains/{{ inventory_hostname }}/pubcert.secp384r1.pem"
+#       dest: /etc/exim4/exim.crt
+#       owner: Debian-exim
+#       group: ssl-cert
+#       mode: "0640"
+#     special_time: daily
+#   # Copy the mod_md key pair for Authentik
+#   # - name: docker
+#   #   restart: false
+#   #   dirs:
+#   #     - path: "/home/authentik/authentik/certs/{{ inventory_hostname }}"
+#   #       owner: authentik
+#   #       group: authentik
+#   #       mode: "0750"
+#   #   pkgs:
+#   #     - docker-ce
+#   #     - docker-ce-cli
+#   #     - docker-compose-plugin
+#   #   privkey:
+#   #     src: "/etc/apache2/md/domains/{{ inventory_hostname }}/privkey.secp384r1.pem"
+#   #     dest: "/home/authentik/authentik/certs/{{ inventory_hostname }}/privkey.pem"
+#   #     owner: authentik
+#   #     group: authentik
+#   #     mode: "0640"
+#   #   pubcert:
+#   #     src: "/etc/apache2/md/domains/{{ inventory_hostname }}/pubcert.secp384r1.pem"
+#   #     dest: "/home/authentik/authentik/certs/{{ inventory_hostname }}/fullchain.pem"
+#   #     owner: authentik
+#   #     group: authentik
+#   #     mode: "0640"
+#   #   special_time: daily
 # See this issue https://github.com/icing/mod_md/issues/260
 apache_md_private_keys:
  - rsa3072