diff --git a/.ansible-lint b/.ansible-lint
index f950d31d76c1651520b89b91ee2b82d0e06635f8..142c079c8c83c7a09fcb662f4b099fef4a0908a4 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -11,5 +11,6 @@
# https://docs.ansible.com/ansible-lint/rules/default_rules.html
skip_list:
- key-order[task]
+var_naming_pattern: "^[fail2ban|molecule]_?[a-z0-9_]*$"
# vim: syntax=yaml
...
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 65e474e68b4ed6a216aa86123d110d5402dfb03b..2d04c698213f1c90ad1d25ff43676ba6bd33c2c6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,13 +9,19 @@
# You should have received a copy of the GNU General Public License along with the Webarchitects Fail2ban Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
variables:
+ ANSIBLE_ANY_ERRORS_FATAL: "1"
ANSIBLE_CALLBACK_RESULT_FORMAT: "yaml"
+ ANSIBLE_DIFF_ALWAYS: "1"
ANSIBLE_DISPLAY_SKIPPED_HOSTS: "0"
+ ANSIBLE_ERROR_ON_UNDEFINED_VARS: "1"
ANSIBLE_FORCE_COLOR: "1"
ANSIBLE_INJECT_FACT_VARS: "0"
ANSIBLE_REMOTE_TMP: "/tmp"
ANSIBLE_SHELL_ALLOW_WORLD_READABLE_TEMP: "1"
+ DEBIAN_FRONTEND: noninteractive
+ DEFAULT_MANAGED_STR: "Ansible managed"
MOLECULE_VERBOSITY: "0"
+ PRE_COMMIT_COLOR: always
PY_COLORS: "1"
before_script:
- whoami
@@ -30,26 +36,26 @@ before_script:
- touch /var/log/auth.log
stages:
- bookworm
- # - bullseye
- jammy
+ - noble
- trixie
bookworm:
- image: registry.git.coop/webarch/containers/images/bookworm:20240911
+ image: registry.git.coop/webarch/containers/images/bookworm:20241107
stage: bookworm
script:
- molecule test
-# bullseye:
-# image: registry.git.coop/webarch/containers/images/bullseye:20240911
-# stage: bullseye
-# script:
-# - molecule test
jammy:
- image: registry.git.coop/webarch/containers/images/jammy:20240911
+ image: registry.git.coop/webarch/containers/images/jammy:20241107
stage: jammy
script:
- molecule test
+noble:
+ image: registry.git.coop/webarch/containers/images/noble:20241107
+ stage: bullseye
+ script:
+ - molecule test
trixie:
- image: registry.git.coop/webarch/containers/images/trixie:20240911
+ image: registry.git.coop/webarch/containers/images/trixie:20241107
stage: trixie
script:
- molecule test
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 21fa24dd90baa6c3079266b1ca2da3e34146d62d..62ecb584d5cc64fceffcf0b2b3abb09a87e23a57 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -25,7 +25,7 @@ repos:
- templates
# https://github.com/jackdewinter/pymarkdown/releases
- repo: https://github.com/jackdewinter/pymarkdown.git
- rev: v0.9.23
+ rev: v0.9.25
hooks:
- id: pymarkdown
name: Markdown Lint
@@ -34,7 +34,7 @@ repos:
- README.md
# https://github.com/ansible/ansible-lint/releases
- repo: https://github.com/ansible/ansible-lint.git
- rev: v24.9.2
+ rev: v24.10.0
hooks:
- id: ansible-lint
name: Ansible Lint
diff --git a/.yamllint b/.yamllint
index 76a0161fb0d22a6ce18554e4be3a62f6e68b6189..38550c497a52a2a8de27a475c9cadf239d9b600f 100644
--- a/.yamllint
+++ b/.yamllint
@@ -21,5 +21,10 @@ rules:
level: error
line-length: disable
comments-indentation: disable
+ comments:
+ min-spaces-from-content: 1
+ octal-values:
+ forbid-implicit-octal: true
+ forbid-explicit-octal: true
# vim: syntax=yaml
...
diff --git a/tasks/conf_file.yml b/tasks/conf_file.yml
index f34193989b9909ce230ca2ec2e4f6b3876384c4e..326f41508c34e602f39240c80a1295be2e7e7b0c 100644
--- a/tasks/conf_file.yml
+++ b/tasks/conf_file.yml
@@ -20,7 +20,7 @@
path: "{{ fail2ban_config_file.path }}"
register: fail2ban_config_file_path
- - name: Delete the file, creating a backup
+ - name: Delete the file, creating a backup, when it is set to be absent
ansible.builtin.command: "mv {{ fail2ban_config_file.path }} {{ fail2ban_config_file.path }}.{{ fail2ban_backup_extension }}"
args:
creates: "{{ fail2ban_config_file.path }}.{{ fail2ban_backup_extension }}"
@@ -59,6 +59,18 @@
- name: Create or edit the file
block:
+ # The config files can be templated if cases sensitivity in booloans is not an issue?
+ # https://github.com/fail2ban/fail2ban/discussions/3886
+ # - name: "Template the fail2ban config file at {{ fail2ban_config_file.path }}"
+ # ansible.builtin.template:
+ # src: fail2ban.conf.j2
+ # dest: "{{ fail2ban_config_file.path }}"
+ # mode: "0644"
+ # owner: root
+ # group: root
+ # validate: fail2ban-client -t
+ # notify: Restart fail2ban
+
- name: Include the file section edited tasks
ansible.builtin.include_tasks: conf_file_section.yml
loop: "{{ fail2ban_config_file.conf | dict2items }}"
diff --git a/tasks/conf_file_section.yml b/tasks/conf_file_section.yml
index 055498b0953f6456bce971160d3aa52112eee9e4..eb1e3901cee2a2c4c9289d279318fba9ce889819 100644
--- a/tasks/conf_file_section.yml
+++ b/tasks/conf_file_section.yml
@@ -18,7 +18,7 @@
option: "{{ fail2ban_config_file_variable_pair.key }}"
value: "{% if fail2ban_config_file_variable_pair.value | type_debug == 'bool' %}{{ fail2ban_config_file_variable_pair.value | lower }}{% else %}{{ fail2ban_config_file_variable_pair.value }}{% endif %}"
no_extra_spaces: false
- mode: 0644
+ mode: "0644"
owner: root
group: root
when: >-
diff --git a/templates/fail2ban.conf.j2 b/templates/fail2ban.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..554e1007c4db5ce6f743d27ae80523d8a9236e77
--- /dev/null
+++ b/templates/fail2ban.conf.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+{% if fail2ban_config_file.name is defined and fail2ban_config_file.name | length > 0 %}
+# {{ fail2ban_config_file.name }}
+{% endif %}
+
+{{ fail2ban_config_file.conf | community.general.to_ini }}
+
+# {# vim: syntax=jinja2 #}vim: syntax=dosini