test using community.general.to_ini filter

b2465976 · Chris Croome · 9e3efadb · b2465976 · b2465976 · b2465976
Verified Commit b2465976 authored 4 months ago by Chris Croome
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -11,5 +11,6 @@
 # https://docs.ansible.com/ansible-lint/rules/default_rules.html
 skip_list:
  - key-order[task]
+var_naming_pattern: "^[fail2ban|molecule]_?[a-z0-9_]*$"
 # vim: syntax=yaml
 ...
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,13 +9,19 @@
 # You should have received a copy of the GNU General Public License along with the Webarchitects Fail2ban Ansible role. If not, see <https://www.gnu.org/licenses/>.
 ---
 variables:
+  ANSIBLE_ANY_ERRORS_FATAL: "1"
  ANSIBLE_CALLBACK_RESULT_FORMAT: "yaml"
+  ANSIBLE_DIFF_ALWAYS: "1"
  ANSIBLE_DISPLAY_SKIPPED_HOSTS: "0"
+  ANSIBLE_ERROR_ON_UNDEFINED_VARS: "1"
  ANSIBLE_FORCE_COLOR: "1"
  ANSIBLE_INJECT_FACT_VARS: "0"
  ANSIBLE_REMOTE_TMP: "/tmp"
  ANSIBLE_SHELL_ALLOW_WORLD_READABLE_TEMP: "1"
+  DEBIAN_FRONTEND: noninteractive
+  DEFAULT_MANAGED_STR: "Ansible managed"
  MOLECULE_VERBOSITY: "0"
+  PRE_COMMIT_COLOR: always
  PY_COLORS: "1"
 before_script:
  - whoami
@@ -30,26 +36,26 @@ before_script:
  - touch /var/log/auth.log
 stages:
  - bookworm
-  # - bullseye
  - jammy
+  - noble
  - trixie
 bookworm:
-  image: registry.git.coop/webarch/containers/images/bookworm:20240911
+  image: registry.git.coop/webarch/containers/images/bookworm:20241107
  stage: bookworm
  script:
    - molecule test
-# bullseye:
-#   image: registry.git.coop/webarch/containers/images/bullseye:20240911
-#   stage: bullseye
-#   script:
-#     - molecule test
 jammy:
-  image: registry.git.coop/webarch/containers/images/jammy:20240911
+  image: registry.git.coop/webarch/containers/images/jammy:20241107
  stage: jammy
  script:
    - molecule test
+noble:
+  image: registry.git.coop/webarch/containers/images/noble:20241107
+  stage: bullseye
+  script:
+    - molecule test
 trixie:
-  image: registry.git.coop/webarch/containers/images/trixie:20240911
+  image: registry.git.coop/webarch/containers/images/trixie:20241107
  stage: trixie
  script:
    - molecule test

--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -25,7 +25,7 @@ repos:
          - templates
  # https://github.com/jackdewinter/pymarkdown/releases
  - repo: https://github.com/jackdewinter/pymarkdown.git
-    rev: v0.9.23
+    rev: v0.9.25
    hooks:
      - id: pymarkdown
        name: Markdown Lint
@@ -34,7 +34,7 @@ repos:
          - README.md
  # https://github.com/ansible/ansible-lint/releases
  - repo: https://github.com/ansible/ansible-lint.git
-    rev: v24.9.2
+    rev: v24.10.0
    hooks:
      - id: ansible-lint
        name: Ansible Lint

--- a/.yamllint
+++ b/.yamllint
@@ -21,5 +21,10 @@ rules:
    level: error
  line-length: disable
  comments-indentation: disable
+  comments:
+    min-spaces-from-content: 1
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
 # vim: syntax=yaml
 ...
--- a/tasks/conf_file.yml
+++ b/tasks/conf_file.yml
@@ -20,7 +20,7 @@
        path: "{{ fail2ban_config_file.path }}"
      register: fail2ban_config_file_path
-    - name: Delete the file, creating a backup
+    - name: Delete the file, creating a backup, when it is set to be absent
      ansible.builtin.command: "mv {{ fail2ban_config_file.path }} {{ fail2ban_config_file.path }}.{{ fail2ban_backup_extension }}"
      args:
        creates: "{{ fail2ban_config_file.path }}.{{ fail2ban_backup_extension }}"
@@ -59,6 +59,18 @@
    - name: Create or edit the file
      block:
+        # The config files can be templated if cases sensitivity in booloans is not an issue?
+        # https://github.com/fail2ban/fail2ban/discussions/3886
+        # - name: "Template the fail2ban config file at {{ fail2ban_config_file.path }}"
+        #   ansible.builtin.template:
+        #     src: fail2ban.conf.j2
+        #     dest: "{{ fail2ban_config_file.path }}"
+        #     mode: "0644"
+        #     owner: root
+        #     group: root
+        #     validate: fail2ban-client -t
+        #   notify: Restart fail2ban
        - name: Include the file section edited tasks
          ansible.builtin.include_tasks: conf_file_section.yml
          loop: "{{ fail2ban_config_file.conf | dict2items }}"

--- a/tasks/conf_file_section.yml
+++ b/tasks/conf_file_section.yml
@@ -18,7 +18,7 @@
        option: "{{ fail2ban_config_file_variable_pair.key }}"
        value: "{% if fail2ban_config_file_variable_pair.value | type_debug == 'bool' %}{{ fail2ban_config_file_variable_pair.value | lower }}{% else %}{{ fail2ban_config_file_variable_pair.value }}{% endif %}"
        no_extra_spaces: false
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
      when: >-

--- a/templates/fail2ban.conf.j2
+++ b/templates/fail2ban.conf.j2
+# {{ ansible_managed }}
+{% if fail2ban_config_file.name is defined and fail2ban_config_file.name | length > 0 %}
+# {{ fail2ban_config_file.name }}
+{% endif %}
+{{ fail2ban_config_file.conf | community.general.to_ini }}
+# {# vim: syntax=jinja2 #}vim: syntax=dosini