🚨: fix ansible-lint

.ansible-lint-ignore

@@ -0,0 +1 @@
+roles/nsd/tasks/zones.yml no-tabs

inventory/host_vars/bt.yml

@@ -6,6 +6,7 @@ web_hostname:
   - host: btf.mateu.be
     allowlistv4:
       - 88.175.123.77/32
+      - 109.9.84.47/32
     allowlistv6:
       - 2a01:e0a:9bd:2811::/64
       - 2a01:e0a:9bd:2810::/64
@@ -15,6 +16,7 @@ web_hostname:
       - 2001:910:13c8::/48
       - 2a01:e0a:bde:d350::/64
       - 2a01:cb00:f55:2d00::/64
+      - 2a01:cb00:89e3:2c00::/64
 nginx_extra_mods:
   - fancyindex
 

inventory/host_vars/dc1.yml

@@ -0,0 +1,4 @@
+---
+web_hostname:
+  - host: kck.test.mateu.be
+  - host: vlt.test.mateu.be

inventory/host_vars/jabber.yml

@@ -1,6 +1,7 @@
 ---
 web_hostname:
   - host: libertus.eu
+    acme_reload_cmd: "systemctl restart prosody.service"
   - host: upload.libertus.eu
   - host: xmpp.libertus.eu
 

inventory/host_vars/ks3370405.yml

@@ -2,6 +2,7 @@
 
 web_hostname:
   - host: mail-relay.mateu.be
+    acme_reload_cmd: "systemctl restart postfix.service"
 
 allowed_smtp_ips: "{{ [global_public_ip_address] + ['80.67.179.200'] }}"
 
@@ -9,3 +10,4 @@ global_smtp_relay_allowed_ips: "{{ allowed_smtp_ips }}"
 ufw_allowed_smtp_ips: "{{ allowed_smtp_ips }}"
 
 nsd_master: true
+nsd_ansible_host: "nsd-master1.ext.mateu.be"

inventory/host_vars/mail.yml

@@ -1,4 +1,6 @@
 ---
 web_hostname:
   - host: imap.libertus.eu
+    acme_reload_cmd: "systemctl restart dovecot.service"
   - host: smtp.libertus.eu
+    acme_reload_cmd: "systemctl restart postfix.service"

inventory/host_vars/web1.yml

@@ -13,9 +13,10 @@ web_hostname:
     type: bac
   - host: mail.libertus.eu
     type: roundcube
-  - host: perso.nintendojo.fr
-  - host: perso.libertus.eu
   - host: r.mateu.be
+    san:
+      - perso.libertus.eu
+      - perso.nintendojo.fr
   - host: ff.libertus.eu
     type: firefly3
   - host: koi.libertus.eu

inventory/host_vars/web2.yml

@@ -2,13 +2,16 @@
 php_modules: ['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath', 'curl', 'imagick']
 
 web_hostname:
-  - host: nintendojo.fr
   - host: www.nintendojo.fr
-  - host: wwwdev.nintendojo.fr
+    type: wordpress
+    san:
+      - nintendojo.fr
   - host: forum.nintendojo.fr
-  - host: nintendojofr.com
+    type: phpbb
   - host: www.nintendojofr.com
     type: retrodojo
+    san:
+      - nintendojofr.com
   - host: forum.nintendojofr.com
 
 mariadb_root_pass: !vault |
@@ -19,6 +22,16 @@ mariadb_root_pass: !vault |
           3437653064323138310a663363373736623931336432376466316666616234356133383263373136
           31343534663063663134306464306234366430323762656165653930333134326231
 
+phpbb_maria_database: "dojo_forum"
+phpbb_maria_user: "adm_forum"
+phpbb_maria_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65306237643235363962653566336537303632386466646462656234333836396630306438336632
+          3334663566303963646135313265643235623538633463650a663637386436306538616266626232
+          36373332396338326437663832383237623836643137323432323435333231633363386432303830
+          3465306161666563630a356462363561653431303438653935346564343861303962363030323633
+          3632
+
 wordpress_maria_database: "dojo_wp"
 wordpress_maria_user: "adm_wp"
 wordpress_maria_password: !vault |
@@ -38,12 +51,3 @@ retrodojo_maria_password: !vault |
         65386530353032336161353330313863623231646632643861666562353764373066663337353063
         6364633734323732390a363539333537396164633965346637313532666366336362346663326661
         6663
-
-webapps_htpasswd_editeurs: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          63663638356139373663646639633762393761333536393331363066353039393266306638326336
-          3235353238666261373032363633626333646662343461330a393534633530353330323637386239
-          63336532646235663732623561333963643436353165633165663430313132626561363361333736
-          6662313535333063390a386532313335663836393562656564306633303933633234393139316131
-          61376332373961303961303963656565633639333130346565386361313338346235623434616239
-          6637613630333963363963646465633939663863356633373264

inventory/host_vars/web3.yml

@@ -2,16 +2,23 @@
 php_modules: ['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath', 'curl', 'imagick']
 
 web_hostname:
-  - host: sebicomics.com
-  - host: www.sebicomics.com
+  - host: wwwdev.nintendojo.fr
+    type: wordpress
 
 mariadb_root_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256
-          66613630653961396639336136333837343866646263353135303233383336356166663466623438
-          6438653832313536363631336363306337366165616561370a316466353535313164623934626563
-          65343238333661333765636131323962316637613036393366343161343162393337376232633432
-          3233653232353534370a393962663766623237313166333638343561306134663062333230333635
-          63343339363833626136646134353365393734346561613262633531386135366634
+          65373663323065306532306235313032383331353337396131383766323535633831383062393632
+          3438613735613365333264356465336162346263666236300a306234336566303863346539343531
+          37313932653964366233393038306235353134356230653336306232373430386662306634616431
+          6332333837663064340a643535386465626636343436303263666333383461383730396135396666
+          3539
 
-# 283M of base memory + 20MB/connection -> 1267M of RAM max
-mariadb_max_connections: 50
+wordpress_maria_database: "dojo_wpdev"
+wordpress_maria_user: "adm_wpdev"
+wordpress_maria_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          66613837353166633536656166383232646232303535643931313531636230353265633638626231
+          6231323738656466333164326238666166383931633133380a633764366462323261376632666565
+          63646365636133363338383233653930663139343238313131313365646663393761656361333332
+          6634333736356438390a316237373836373132666334306661363863383665663139623935646437
+          6331

playbooks/docker.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Install docker
+  hosts: dockerservers
+  roles:
+    - docker

playbooks/gitea.yml

@@ -10,5 +10,4 @@
   hosts: actrunnerservers
   diff: true
   roles:
-    - docker
     - act_runner

playbooks/site.yml

@@ -54,6 +54,8 @@
   import_playbook: peertube.yml
 - name: Run elasticsearch playbook
   import_playbook: elasticsearch.yml
+- name: Run docker playbook
+  import_playbook: docker.yml
 - name: Run gitea playbook
   import_playbook: gitea.yml
 - name: Run vaultwarden playbook

playbooks/webapps.yml

@@ -23,5 +23,16 @@
   hosts: web2
   diff: true
   roles:
-    - wordpress
-    - retrodojo
+    - role: wordpress
+      tags: [never, wordpress]
+    - role: phpbb
+      tags: [never, phpbb]
+    - role: retrodojo
+      tags: [never, retrodojo]
+
+- name: Install dojo webapplications
+  hosts: web3
+  diff: true
+  roles:
+    - role: wordpress
+      tags: [never, wordpress]

roles/act_runner/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-act_runner_version: "0.2.11"
+act_runner_version: "0.2.12"
 act_runner_url: "https://gitea.com/gitea/act_runner/releases/download/v{{ act_runner_version }}/act_runner-{{ act_runner_version }}-linux-amd64"
 act_runner_home: "/var/lib/act_runner"
 act_runner_bin: "/usr/local/bin/act_runner"

roles/firefly3/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-firefly3_version: "6.2.10"
+firefly3_version: "6.2.21"
 firefly3_url: "https://github.com/firefly-iii/firefly-iii/releases/download/v{{ firefly3_version }}/FireflyIII-v{{ firefly3_version }}.tar.gz"
 
 firefly3_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'firefly3') | map(attribute='host') | first }}"

roles/firewall/templates/firewall.j2

@@ -512,6 +512,38 @@ config rule
 	option target 'ACCEPT'
 	option family 'ipv4'
 
+# Allow Home Assitant to OpenEVSE
+config rule
+	option name 'Allow-FORWARD-Home-Assistant-OpenEVSE'
+	option src 'iot'
+	option src_ip '{{ lookup('dig', 'evse.mateu.be') }}'
+	list proto 'tcp'
+	option dest 'dmz'
+	option dest_ip '{{ lookup('dig', 'ha.mateu.be') }}'
+	option dest_port '1883'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
+config rule
+	option name 'Allow-FORWARD-Home-Assistant-Kodi'
+	option src 'dmz'
+	option src_ip '{{ lookup('dig', 'ha.mateu.be') }}'
+	list proto 'tcp'
+	option dest 'lan'
+	option dest_ip '{{ lookup('dig', 'libreelec.mateu.be') }}'
+	option dest_port '8080'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
+config rule
+	option name 'Allow-FORWARD-Home-Assistant-RM4Pro'
+	option src 'dmz'
+	option src_ip '{{ lookup('dig', 'ha.mateu.be') }}'
+	option dest 'iot'
+	option dest_ip '{{ lookup('dig', 'rm4pro.mateu.be') }}'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
 ### IoT Rules
 ## General Rules
 # ICMP

roles/freshrss/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-freshrss_version: "1.26.1"
+freshrss_version: "1.26.3"
 freshrss_url: "https://github.com/FreshRSS/FreshRSS/archive/refs/tags/{{ freshrss_version }}.tar.gz"
 
 freshrss_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'freshrss') | map(attribute='host') | first }}"

roles/garage/templates/garage.toml.j2

@@ -10,7 +10,7 @@ db_engine = "lmdb"
 
 block_size = "{{ garage_block_size }}"
 
-replication_mode = "{{ garage_replication_mode }}"
+replication_factor = {{ garage_replication_mode }}
 
 compression_level = 2
 

roles/garage/vars/main.yml

@@ -2,5 +2,5 @@
 
 garage_url: "https://garagehq.deuxfleurs.fr/_releases/{{ garage_version }}/{{ garage_arch }}-unknown-linux-musl/garage"
 garage_bin: "/usr/local/bin/garage"
-garage_version: v1.1.0
+garage_version: v2.0.0
 garage_arch: x86_64

roles/gitea/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-gitea_version: "1.23.6"
+gitea_version: "1.24.3"
 gitea_url: "https://dl.gitea.com/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
 gitea_bin: "/usr/local/bin/gitea"
 gitea_path: "/srv/gitea"

roles/haproxy/templates/haproxy.cfg.j2

@@ -42,10 +42,19 @@ frontend http
 	acl letsencrypt path_beg /.well-known/acme-challenge
 	redirect scheme https code 301 if !letsencrypt
 {% for server in haproxy_backend_servers %}
-{% for hostname in hostvars[server]['web_hostname'] | sort(attribute='host') %}
-	## {{ hostname.host }} configuration
-	acl host_{{ hostname.host }} hdr(host) -i {{ hostname.host }}
-	use_backend http_{{ hostvars[server].ansible_host }} if letsencrypt host_{{ hostname.host }}
+{% for hostname in (
+        (hostvars[server].web_hostname
+        | map(attribute='host'))
+        +
+        (hostvars[server].web_hostname
+        | selectattr('san', 'defined')
+        | map(attribute='san')
+        | flatten)
+        ) | sort
+%}
+	## {{ hostname }} configuration
+	acl host_{{ hostname }} hdr(host) -i {{ hostname }}
+	use_backend http_{{ hostvars[server].ansible_host }} if letsencrypt host_{{ hostname }}
 
 {% endfor %}
 {% endfor %}
@@ -57,14 +66,24 @@ frontend https
 	tcp-request inspect-delay 3s
 	tcp-request content accept if { req.ssl_hello_type 1 }
 {% for server in haproxy_backend_servers %}
-{% for hostname in hostvars[server]['web_hostname'] | sort(attribute='host') %}
-	## {{ hostname.host }} configuration
-	acl host_{{ hostname.host }} req.ssl_sni -i {{ hostname.host }}
-{% if hostname.allowlistv4 is defined %}
-	acl network_allowed_{{ hostname.host }} src {% for addrv4 in hostname.allowlistv4 %}{{ addrv4 }}{% endfor %}
+{% for hostname in (
+        (hostvars[server].web_hostname
+        | map(attribute='host'))
+        +
+        (hostvars[server].web_hostname
+        | selectattr('san', 'defined')
+        | map(attribute='san')
+        | flatten)
+        ) | sort
+%}
+	## {{ hostname }} configuration
+	acl host_{{ hostname }} req.ssl_sni -i {{ hostname }}
+{% set host = (hostvars[server].web_hostname | selectattr('host', '==', hostname))[0] %}
+{% if host.allowlistv4 is defined %}
+	acl network_allowed_{{ hostname }} src {% for addrv4 in host.allowlistv4 %} {{ addrv4 }}{% endfor %}
 
 {% endif %}
-	use_backend https_{{ hostvars[server].ansible_host }} if host_{{ hostname.host }}{% if hostname.allowlistv4 is defined %} network_allowed_{{ hostname.host }}{% endif %}
+	use_backend https_{{ hostvars[server].ansible_host }} if host_{{ hostname }}{% if host.allowlistv4 is defined %} network_allowed_{{ hostname }}{% endif %}
 
 
 {% endfor %}

roles/jackett/vars/main.yml

@@ -1,5 +1,5 @@
 ---
 
-jackett_version: "v0.22.1685"
+jackett_version: "v0.22.2162"
 jackett_download_url: "https://github.com/Jackett/Jackett/releases/download/{{ jackett_version }}/Jackett.Binaries.LinuxAMDx64.tar.gz"
 jackett_home: "/opt/Jackett"

roles/koillection/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-koillection_version: "1.6.12"
+koillection_version: "1.6.15"
 koillection_url: "https://giteu.be/koillection/koillection/releases/download/{{ koillection_version }}/koillection-{{ koillection_version }}.tar.gz"
 
 koillection_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'koillection') | map(attribute='host') | first }}"

roles/mariadb/tasks/main.yml

@@ -36,7 +36,7 @@
 - name: Check if .my.cnf file exists
   ansible.builtin.stat:
     path: /root/.my.cnf
-  register: dot_my_cnf
+  register: mariadb_dot_my_cnf
 
 - name: Set root password
   community.mysql.mysql_user:
@@ -44,7 +44,7 @@
     host: localhost
     name: root
     password: "{{ mariadb_root_pass }}"
-  when: not dot_my_cnf.stat.exists
+  when: not mariadb_dot_my_cnf.stat.exists
 
 - name: Put .my.cnf file
   ansible.builtin.template:

roles/mastodon/tasks/cron.yml

@@ -6,4 +6,4 @@
     name: Mastodon tootctl
     minute: "0"
     hour: "2"
-    job: "{{ mastodon_home }}/bin/remove_media.sh"
+    job: "{{ mastodon_home }}/bin/remove_media.sh > /dev/null"

roles/mastodon/tasks/main.yml

@@ -40,6 +40,7 @@
       - git-core
       - g++
       - libprotobuf-dev
+      - libvips-tools
       - protobuf-compiler
       - pkg-config
       - nodejs

roles/mastodon/tasks/mastodon.yml

@@ -6,6 +6,7 @@
     repo: "https://github.com/mastodon/mastodon.git"
     dest: "{{ mastodon_home }}/live"
     version: "v{{ mastodon_version }}"
+  notify: Restart mastodon
 
 - name: Exec bundle
   remote_user: mastodon

roles/mastodon/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-mastodon_version: "4.3.6"
+mastodon_version: "4.4.1"
 
 mastodon_nodejs_key_url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key"
 mastodon_nodejs_key_path: "/usr/share/keyrings/nodesource.gpg"
@@ -8,7 +8,7 @@ mastodon_nodejs_key_path: "/usr/share/keyrings/nodesource.gpg"
 mastodon_yarn_key_url: "https://dl.yarnpkg.com/debian/pubkey.gpg"
 mastodon_yarn_key_path: "/usr/share/keyrings/yarnkey.gpg"
 
-mastodon_ruby_version: "3.3.5"
+mastodon_ruby_version: "3.4.4"
 
 mastodon_home: "/srv/mastodon"
 mastodon_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'mastodon') | map(attribute='host') | first }}"

roles/munin_client/files/garage_bucket

@@ -6,7 +6,7 @@ HEADER="Authorization: Bearer ${BEARER}"
 # Create associative array
 declare -A BUCKETS=()
 
-API_BUCKETS_JSON=$(curl -s -H "${HEADER}" "http://[::1]:3903/v1/bucket?list" | jq -r '.[] | .id + "," + (if (.globalAliases[0]|test("\\.")) then .globalAliases[1] else .globalAliases[0] end)')
+API_BUCKETS_JSON=$(curl -s -H "${HEADER}" "http://[::1]:3903/v2/ListBuckets" | jq -r '.[] | .id + "," + (if (.globalAliases[0]|test("\\.")) then .globalAliases[1] else .globalAliases[0] end)')
 
 # Populate associative array
 for bucket in ${API_BUCKETS_JSON}
@@ -59,7 +59,7 @@ declare -A REQUESTS
 
 for i in "${!BUCKETS[@]}"
 do
-	REQUESTS+=([${BUCKETS[${i}]}]=$(curl -s -H "${HEADER}" "http://[::1]:3903/v1/bucket?id=${i}"))
+	REQUESTS+=([${BUCKETS[${i}]}]=$(curl -s -H "${HEADER}" "http://[::1]:3903/v2/GetBucketInfo?id=${i}"))
 done
 
 echo "multigraph garage_bucket_unfinished"

roles/munin_client/tasks/main.yml

@@ -2,26 +2,25 @@
 
 - name: Set package fact
   ansible.builtin.set_fact:
-    muninpkgs:
+    munin_client_muninpkgs:
       - muninlite
-    munin_need_reconfigure: false
+    munin_client_munin_need_reconfigure: false
   when: ansible_facts['distribution'] == "LEDE" or ansible_facts['distribution'] == "OpenWRT" or ansible_facts['distribution'] == "OpenWrt"
 
 - name: Set other packages fact
   ansible.builtin.set_fact:
-    muninpkgs:
+    munin_client_muninpkgs:
       - munin-node
       - munin-plugins-core
       - munin-plugins-extra
-    munin_need_reconfigure: true
+    munin_client_munin_need_reconfigure: true
   when: ansible_facts['distribution'] == "Debian"
 
 - name: Install munin node packages
   ansible.builtin.package:
-    name: "{{ item }}"
+    name: "{{ munin_client_muninpkgs }}"
     state: present
     update_cache: true
-  loop: "{{ muninpkgs }}"
 
 - name: Put munin-node configuration file
   ansible.builtin.template:
@@ -30,7 +29,7 @@
     mode: "0o644"
   notify:
     - Restart munin-node
-  when: munin_need_reconfigure
+  when: munin_client_munin_need_reconfigure
 
 ## Adding modules for specific functions
 # for NginX webservers
@@ -99,14 +98,14 @@
   changed_when: true
   notify:
     - Restart munin-node
-  when: munin_need_reconfigure
+  when: munin_client_munin_need_reconfigure
 
 # Useless junks for everyone
 - name: Delete useless junks for everyone
   ansible.builtin.file:
     path: "/etc/munin/plugins/{{ item }}"
     state: absent
-  when: munin_need_reconfigure
+  when: munin_client_munin_need_reconfigure
   loop:
     - users
 

roles/munin_client/templates/munin-node.conf.j2

@@ -41,7 +41,7 @@ host_name {{ ansible_host }}
 # network notation unless the perl module Net::CIDR is installed.  You
 # may repeat the allow line as many times as you'd like
 
-allow ^{{ hostvars['munin']['ansible_default_ipv4']['address'].split('.')|join('\.') }}
+allow ^{{ hostvars['munin']['proxmox_net0']['ip'] | ansible.utils.ipaddr('address') | split('.') |join('\.') }}
 allow ^127\.0\.0\.1$
 allow ^::1$
 

roles/nextcloud/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-nextcloud_version: "31.0.2"
+nextcloud_version: "31.0.7"
 nextcloud_url: "https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2"
 
 nextcloud_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'nextcloud') | map(attribute='host') | first }}"
@@ -19,6 +19,7 @@ nextcloud_userdata_app_dirs:
 # Supplementary modules
 nextcloud_modules:
   - name: calendar
+  - name: contacts
   - name: tasks
   - name: user_external
     force: true

roles/nginx/tasks/acme.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Issue certificate
+  ansible.builtin.command:
+    cmd: "/etc/x509/acme.sh --issue --domain {{ host.host }} {{ ['--domain'] | product(host.san | default([])) | map('join', ' ') | join(' ') }} --webroot {{ nginx_letsencrypt_dir }} --reloadcmd \"{{ acme_reload_cmd | default('systemctl reload nginx.service') }}\""
+    creates: "/etc/x509/{{ host.host }}*"
+  environment:
+    LE_WORKING_DIR: "/etc/x509"
+
+- name: Check if ecc dir
+  ansible.builtin.stat:
+    path: "/etc/x509/{{ host.host }}_ecc"
+  register: _nginx_x509_ecc_dir
+
+- name: Move dir if exists
+  when: _nginx_x509_ecc_dir.stat.exists
+  block:
+    - name: Copy ecc dir
+      ansible.builtin.copy:
+        remote_src: true
+        src: "/etc/x509/{{ host.host }}_ecc/"
+        dest: "/etc/x509/{{ host.host }}"
+        mode: "{{ _nginx_x509_ecc_dir.stat.mode }}"
+
+    - name: Remove ecc dir
+      ansible.builtin.file:
+        path: "/etc/x509/{{ host.host }}_ecc/"
+        state: absent

roles/nginx/tasks/main.yml

@@ -41,5 +41,14 @@
     mode: 'u+rwx,g+rs,o-rwx'
     state: directory
 
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- name: Include acme auto cert
+  ansible.builtin.include_tasks: acme.yml
+  loop: "{{ web_hostname }}"
+  loop_control:
+    loop_var: "host"
+
 - name: Include vhosts
   ansible.builtin.include_tasks: vhosts.yml

roles/nginx/templates/header.conf.j2

@@ -3,7 +3,7 @@
 	
 	ssl_certificate /etc/x509/{{ item.host }}/fullchain.cer;
 	ssl_certificate_key /etc/x509/{{ item.host }}/{{ item.host }}.key;
-	server_name {{ item.host }};
+	server_name {{ item.host }}{{ ' ' ~ item.san | join(' ') if item.san is defined }};
 	access_log /var/log/nginx/{{ item.host }}.access.log combined;
 	access_log syslog:server=unix:/dev/log combined;
 	error_log /var/log/nginx/{{ item.host }}.error.log;

roles/nginx/templates/nginx.ssl.conf.j2

@@ -3,7 +3,7 @@
 # ANY MODIFICATION IS LIKELY TO BE ERASED
 ##########
 	ssl_session_timeout 1d;
-	ssl_session_cache shared:SSL:50m;
+	ssl_session_cache shared:SSL:10m;
 	ssl_session_tickets off;
 
 	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
@@ -11,7 +11,7 @@
 
 	# intermediate configuration. tweak to your needs.
 	ssl_protocols TLSv1.2 TLSv1.3;
-	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 	ssl_prefer_server_ciphers off;
 
 	# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)

roles/nginx/templates/vhosts/analyse.nintendojo.fr.conf.j2

@@ -1,33 +0,0 @@
-server {
-{% include './templates/header.conf.j2' %}
-	
-	root /srv/http/analyse.nintendojo.fr/;
-	index index.html index.htm index.php;
-	
-	location ~ ^/(status|ping|apc_info.php)$ {
-		access_log off;
-		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-		include fastcgi_params;
-		fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock;
-	}
-	
-	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-		expires 2w;
-		log_not_found off;
-	}
-	
-	location ~ \.htaccess$ {
-		deny all;
-	}
-	
-	location ~ ^/tmp {
-		deny all;
-	}
-	
-	location ~ \.php$ {
-		try_files $uri $uri/ =404;
-		fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock;
-		include fastcgi_params;
-	}
-}
-

roles/nginx/templates/vhosts/forum.nintendojo.fr.conf.j2

@@ -1,6 +1,6 @@
 server {
 {% include './templates/header.conf.j2' %}
-	root /srv/http/forum.nintendojo.fr/;
+	root /var/www/forum.nintendojo.fr/;
 	index index.html index.htm index.php;
 	
 	client_max_body_size 10M;

roles/nginx/templates/vhosts/forum.nintendojofr.com.conf.j2

@@ -1,6 +1,5 @@
 server {
 {% include './templates/header.conf.j2' %}
-	root /srv/http/forum.nintendojofr.com/;
 	index index.html index.htm index.php;
 	
 	location / {

roles/nginx/templates/vhosts/kck.test.mateu.be.conf.j2

@@ -0,0 +1,8 @@
+server {
+{% include './templates/header.conf.j2' %}
+	
+	location / {
+		proxy_pass http://localhost:8080;
+	}
+}
+

roles/nginx/templates/vhosts/r.mateu.be.conf.j2

@@ -1,15 +1,5 @@
 server {
-	listen *:443 ssl http2;
-	listen [::]:443 ssl http2;
-
-	server_name r.mateu.be perso.nintendojo.fr perso.libertus.eu;
-	access_log /var/log/nginx/r.mateu.be.access.log combined;
-	access_log syslog:server=unix:/dev/log combined;
-	error_log /var/log/nginx/r.mateu.be.error.log;
-	error_log syslog:server=unix:/dev/log;
-	ssl_certificate /etc/x509/r.mateu.be/fullchain.cer;
-	ssl_certificate_key /etc/x509/r.mateu.be/r.mateu.be.key;
-
+{% include './templates/header.conf.j2' %}
 	root /srv/www-data/r.mateu.be/;
 
 	location / {

roles/nginx/templates/vhosts/vlt.test.mateu.be.conf.j2

@@ -0,0 +1,8 @@
+server {
+{% include './templates/header.conf.j2' %}
+	
+	location / {
+		proxy_pass http://localhost:8200;
+	}
+}
+

roles/nginx/templates/vhosts/www.nintendojo.fr.conf.j2

@@ -1,16 +1,15 @@
 ## WP NintendojoFR
-server {
-	listen *:443 ssl http2;
-	listen [::]:443 ssl http2;
-	server_name nintendojo.fr www.nintendojo.fr;
-	access_log /var/log/nginx/nintendojo.fr.access.log combined;
-	access_log syslog:server=unix:/dev/log combined;
-	error_log /var/log/nginx/nintendojo.fr.error.log;
-	error_log syslog:server=unix:/dev/log;
-	ssl_certificate /etc/x509/www.nintendojo.fr/fullchain.cer;
-	ssl_certificate_key /etc/x509/www.nintendojo.fr/www.nintendojo.fr.key;
+fastcgi_cache_path
+	/dev/shm/nginx
+	levels=1:2
+	keys_zone=wpdojo:25m
+	inactive=1h
+	max_size=250m;
 
-	root /srv/http/www.nintendojo.fr/;
+server {
+{% include './templates/header.conf.j2' %}
+
+	root /var/www/www.nintendojo.fr/;
 	index index.html index.htm index.php;
 
 	client_max_body_size 2G;

roles/nginx/templates/vhosts/www.nintendojofr.com.conf.j2

@@ -1,15 +1,7 @@
 server {
-	listen *:443 ssl http2;
-	listen [::]:443 ssl http2;
-	server_name nintendojofr.com www.nintendojofr.com;
-	access_log /var/log/nginx/nintendojofr.com.access.log combined;
-	access_log syslog:server=unix:/dev/log combined;
-	error_log /var/log/nginx/nintendojofr.com.error.log;
-	error_log syslog:server=unix:/dev/log;
-	ssl_certificate /etc/x509/nintendojofr.com/fullchain.cer;
-	ssl_certificate_key /etc/x509/nintendojofr.com/nintendojofr.com.key;
+{% include './templates/header.conf.j2' %}
 
-	root /srv/http/www.nintendojofr.com/;
+	root /var/www/www.nintendojofr.com/;
 	index index.html index.htm index.php;
 
 	location ~ ^/forum/(.*)$ {

roles/nginx/templates/vhosts/www.sebicomics.com.conf.j2

@@ -1,54 +0,0 @@
-## WP Sebicomics
-server {
-	listen *:443 ssl http2;
-	listen [::]:443 ssl http2;
-	server_name sebicomics.com www.sebicomics.com;
-	access_log /var/log/nginx/www.sebicomics.com.access.log combined;
-	access_log syslog:server=unix:/dev/log combined;
-	error_log /var/log/nginx/www.sebicomics.com.error.log;
-	error_log syslog:server=unix:/dev/log;
-	ssl_certificate /etc/x509/www.sebicomics.com/fullchain.cer;
-	ssl_certificate_key /etc/x509/www.sebicomics.com/www.sebicomics.com.key;
-
-	root /srv/http/www.sebicomics.com/;
-	index index.html index.htm index.php;
-
-	client_max_body_size 512M;
-
-	# couper les fichiers cachés
-	location ~* /(?:uploads|files)/.*\.php$ {
-		deny all;
-	}
-
-	# couper les fichiers textes du captcha
-	location ~* /wp-content/uploads/wpcf7_captcha/.*\.txt$ {
-		deny all;
-	}
-
-	# Optimisation des images
-	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-		expires 1w;
-		log_not_found off;
-	}
-
-	# Interprétation PHP
-	location ~ ^/(index).php(/.*)+ {
-		fastcgi_split_path_info ^(.+\.php)(/.*)$;
-		try_files $fastcgi_script_name =404;
-		fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
-		fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock;
-		fastcgi_read_timeout 60;
-		include fastcgi_params;
-	}
-
-	location ~ \.php$ {
-		try_files $uri $uri/ =404;
-		fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock;
-		fastcgi_read_timeout 60;
-		include fastcgi_params;
-	}
-
-	location / {
-		try_files $uri $uri/ /index.php$uri?$args;
-	}
-}

roles/nginx/templates/vhosts/wwwdev.nintendojo.fr.conf.j2

@@ -1,11 +1,9 @@
-## WP NintendojoFR
+## WP dev NintendojoFR
 server {
 {% include './templates/header.conf.j2' %}
 
-	root /srv/http/wwwdev.nintendojo.fr/;
+	root /var/www/wwwdev.nintendojo.fr/;
 	index index.html index.htm index.php;
-	auth_basic "Restricted Area";
-	auth_basic_user_file /etc/nginx/wwwdev.htpasswd;
 
 	client_max_body_size 2G;
 
@@ -19,15 +17,17 @@ server {
 		deny all;
 	}
 
-	# redirige twitter
-	location /feed/twitter {
-		return 307 https://m.nintendojo.fr/@nintendojofr.rss;
+	# Optimisation des images
+	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+		expires 1w;
+		log_not_found off;
 	}
 
 	# Interprétation PHP
 	location ~ ^/(index).php(/.*)+ {
 		fastcgi_split_path_info ^(.+\.php)(/.*)$;
 		try_files $fastcgi_script_name =404;
+		fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
 		fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock;
 		fastcgi_read_timeout 60;
 		include fastcgi_params;

roles/nsd/tasks/prerequisites.yml

@@ -5,14 +5,14 @@
 
 - name: Detect systemd-resolve
   ansible.builtin.set_fact:
-    _systemd_resolve_enable: "{{ ansible_facts.udp_listen | selectattr('port', 'eq', 53) | selectattr('name', 'eq', 'systemd-resolve') | count > 0 }}"
+    nsd_systemd_resolve_enable: "{{ ansible_facts.udp_listen | selectattr('port', 'eq', 53) | selectattr('name', 'eq', 'systemd-resolve') | count > 0 }}"
 
 - name: Deactivate DNS stublistener
   ansible.builtin.lineinfile:
     path: /etc/systemd/resolved.conf
     regex: '^#DNSStubListener=yes'
     line: DNSStubListener=no
-  when: _systemd_resolve_enable
+  when: nsd_systemd_resolve_enable
   notify:
     - Restart systemd-resolved
 

roles/nsd/tasks/zones.yml

@@ -11,7 +11,17 @@
     dns_serial: "{{ ansible_date_time.epoch }}"
     web_hostname_block: |-
       {% for webserver in groups['webservers'] | sort -%}
-      {% for web_hostname in (hostvars[webserver]['web_hostname'] | selectattr('host', 'match', '.*' ~ item.name) | map(attribute='host') | sort) -%}
+      {% for web_hostname in (
+          (hostvars[webserver]['web_hostname']
+          | selectattr('host', 'match', '.*' ~ item.name)
+          | map(attribute='host')
+          +
+          (hostvars[webserver]['web_hostname']
+          | selectattr('san', 'defined')
+          | map(attribute='san')
+          | flatten
+          | select('match', '.*' ~ item.name)))
+        | sort) -%}
       {% if web_hostname is match("(\S+\.){2}") %}
       {{ web_hostname | regex_replace('\.' ~ item.name ~ '$', '') }}		IN CNAME {{ hostvars[webserver].ansible_host }}.
       {% else %}
@@ -45,14 +55,14 @@
 - name: Stat associated keys
   ansible.builtin.stat:
     path: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds"
-  register: _stat_keys
+  register: nsd_stat_keys
 
 - name: Sign zone file
   become: true
   become_user: nsd
   ansible.builtin.command:
     chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/"
-    cmd: "ldns-signzone -o {{ item.name }} -u {{ nsd_default_etc_path }}/zones/{{ item.name }}.zone {{ (_stat_keys.stat.lnk_target | split('.'))[:-1] | join('.') }}"
+    cmd: "ldns-signzone -o {{ item.name }} -u {{ nsd_default_etc_path }}/zones/{{ item.name }}.zone {{ (nsd_stat_keys.stat.lnk_target | split('.'))[:-1] | join('.') }}"
   changed_when: true
 
 - name: Reload zone

roles/nsd/templates/zones/giteu.be.zone.j2

@@ -1,5 +1,6 @@
 $TTL 86400
-@		IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
+{% set firstserver = groups['master_nsdservers'] | first %}
+@		IN SOA {{ hostvars[firstserver].nsd_ansible_host | default(hostvars[firstserver].ansible_host) }}. tech.ovh.net. (
 				{{ dns_serial }}; timestamp serial number
 				28800; Refresh
 				7200; Retry
@@ -8,11 +9,11 @@ $TTL 86400
 			)
 
 {% for server in groups['nsdservers'] %}
-@		IN NS {{ hostvars[server].ansible_host }}.
+@		IN NS {{ hostvars[server].nsd_ansible_host | default(hostvars[server].ansible_host) }}.
 {% endfor %}
 
 $ORIGIN {{ item.name }}.
-@		IN CAA 0 issue ";"
+@		IN CAA 0 issue "letsencrypt.org"
 @		IN MX 0 .
 @		IN TXT "v=spf1 -all"
 @		IN TXT "spf2.0/mfrom -all"

roles/nsd/templates/zones/libertus.eu.zone.j2

@@ -1,5 +1,6 @@
 $TTL 86400
-@		IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
+{% set firstserver = groups['master_nsdservers'] | first %}
+@		IN SOA {{ hostvars[firstserver].nsd_ansible_host | default(hostvars[firstserver].ansible_host) }}. tech.ovh.net. (
 				{{ dns_serial }}; timestamp serial number
 				28800; Refresh
 				7200; Retry
@@ -8,7 +9,7 @@ $TTL 86400
 			)
 
 {% for server in groups['nsdservers'] %}
-@		IN NS {{ hostvars[server].ansible_host }}.
+@		IN NS {{ hostvars[server].nsd_ansible_host | default(hostvars[server].ansible_host) }}.
 {% endfor %}
 
 $ORIGIN {{ item.name }}.

roles/nsd/templates/zones/mateu.be.zone.j2

@@ -1,5 +1,7 @@
 $TTL 86400
-@		IN	SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
+{% set firstserver = groups['master_nsdservers'] | first %}
+{% set current_firstserver = hostvars[firstserver].nsd_ansible_host | default(hostvars[firstserver].ansible_host) %}
+@		IN SOA {{ current_firstserver | regex_replace('^([a-z0-9-]+)\\.', '\\1-v4.') if current_firstserver.endswith('mateu.be') else current_firstserver }}. tech.ovh.net. (
 				{{ dns_serial }}; timestamp serial number
 				28800; Refresh
 				7200; Retry
@@ -8,7 +10,8 @@ $TTL 86400
 			)
 
 {% for server in groups['nsdservers'] %}
-@		IN NS {{ hostvars[server].ansible_host | regex_replace('^([a-z0-9-]+)\\.', '\\1-v4.') if hostvars[server].ansible_host.endswith('dmz.mateu.be') else hostvars[server].ansible_host }}.
+{% set current_host = hostvars[server].nsd_ansible_host | default(hostvars[server].ansible_host) %}
+@		IN NS {{ current_host | regex_replace('^([a-z0-9-]+)\\.', '\\1-v4.') if current_host.endswith('mateu.be') else current_host }}.
 {% endfor %}
 
 $ORIGIN {{ item.name }}.
@@ -26,7 +29,6 @@ backup		IN A 10.233.212.60
 baybay-ponay		IN AAAA 2a01:e0a:9bd:2810:9e6b:ff:fe13:ef88
 ciol		IN A 109.190.68.133
 derdriu		IN A 10.233.212.77
-dom		IN A 10.233.212.15
 enbarr.dmz		IN AAAA 2a01:e0a:9bd:2811::50
 evse		IN A 10.233.211.198
 fc		IN A 10.233.211.194
@@ -34,20 +36,29 @@ frederica.dmz		IN A {{ global_public_ip_address }}
 frederica.dmz		IN AAAA 2a01:e0a:9bd:2811::60
 ftp		IN A 10.233.212.14
 garreg-mach		IN A 10.233.212.66
-imprimante		IN A 10.233.212.94
+haos.dmz		IN A {{ global_public_ip_address }}
+haos.dmz		IN AAAA 2a01:e0a:9bd:2811::51
+ha				IN A 10.233.212.51
+libreelec		IN A 10.233.212.91
 machinbox		IN A {{ global_public_ip_address }}
 machinbox		IN AAAA 2a01:e0a:9bd:2810::1
 mailalt		IN CNAME altsrv
 memcardprogc	IN A 10.233.211.199
 nfs		IN A 10.233.212.60
+nsd-master1.ext		IN A 37.187.5.75
+nsd-master1-v4.ext		IN A 37.187.5.75
+nsd-master1.ext		IN AAAA 2001:41d0:a:54b::1
+nsd-master1-v6.ext		IN AAAA 2001:41d0:a:54b::1
 rb		IN A 194.156.203.253
 rc		IN A 10.233.211.195
+rm4pro	IN A 10.233.211.200
 serenor.dmz		IN A {{ global_public_ip_address }}
 serenor.dmz		IN AAAA 2a01:e0a:9bd:2811::59
-{% for proxmox_host in (groups['proxmox_all_lxc'] + groups['proxmox_all_qemu']) | sort %}
+{% for proxmox_host in groups['proxmox_all_lxc'] | sort %}
 {{ proxmox_host }}.dmz	IN A {{ global_public_ip_address }}
 {% if proxmox_host.startswith('dns') %}
 {{ proxmox_host }}-v4.dmz	IN A {{ global_public_ip_address }}
+{{ proxmox_host }}-v6.dmz	IN AAAA {{ hostvars[proxmox_host].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}
 {% endif %}
 {{ proxmox_host }}.dmz	IN AAAA {{ hostvars[proxmox_host].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}
 {% endfor %}

roles/nsd/templates/zones/nintendojo.fr.zone.j2

@@ -1,5 +1,6 @@
 $TTL 86400
-@		IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
+{% set firstserver = groups['master_nsdservers'] | first %}
+@		IN SOA {{ hostvars[firstserver].nsd_ansible_host | default(hostvars[firstserver].ansible_host) }}. tech.ovh.net. (
 				{{ dns_serial }}; timestamp serial number
 				28800; Refresh
 				7200; Retry
@@ -8,7 +9,7 @@ $TTL 86400
 			)
 
 {% for server in groups['nsdservers'] %}
-@		IN NS {{ hostvars[server].ansible_host }}.
+@		IN NS {{ hostvars[server].nsd_ansible_host | default(hostvars[server].ansible_host) }}.
 {% endfor %}
 
 $ORIGIN {{ item.name }}.

roles/nsd/templates/zones/nintendojofr.com.zone.j2

@@ -1,5 +1,6 @@
 $TTL 86400
-@		IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
+{% set firstserver = groups['master_nsdservers'] | first %}
+@		IN SOA {{ hostvars[firstserver].nsd_ansible_host | default(hostvars[firstserver].ansible_host) }}. tech.ovh.net. (
 				{{ dns_serial }}; timestamp serial number
 				28800; Refresh
 				7200; Retry
@@ -8,7 +9,7 @@ $TTL 86400
 			)
 
 {% for server in groups['nsdservers'] %}
-@		IN NS {{ hostvars[server].ansible_host }}.
+@		IN NS {{ hostvars[server].nsd_ansible_host | default(hostvars[server].ansible_host) }}.
 {% endfor %}
 
 $ORIGIN {{ item.name }}.

roles/nsd/templates/zones/parking.zone.j2

@@ -1,5 +1,6 @@
 $TTL 86400
-@		IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
+{% set firstserver = groups['master_nsdservers'] | first %}
+@		IN SOA {{ hostvars[firstserver].nsd_ansible_host | default(hostvars[firstserver].ansible_host) }}. tech.ovh.net. (
 				{{ dns_serial }}; timestamp serial number
 				28800; Refresh
 				7200; Retry
@@ -8,7 +9,7 @@ $TTL 86400
 			)
 
 {% for server in groups['nsdservers'] %}
-@		IN NS {{ hostvars[server].ansible_host }}.
+@		IN NS {{ hostvars[server].nsd_ansible_host | default(hostvars[server].ansible_host) }}.
 {% endfor %}
 
 $ORIGIN {{ item.name }}.

roles/oolatoocs/vars/main.yml

@@ -2,5 +2,5 @@
 
 oolatoocs_db_dir: /var/lib/oolatoocs
 oolatoocs_url: https://r.mateu.be/oolatoocs/oolatoocs
-oolatoocs_version: v4.2.0
+oolatoocs_version: v4.3.0
 oolatoocs_local_bin_path: /usr/local/bin/oolatoocs

roles/peertube/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-peertube_version: "7.1.0"
+peertube_version: "7.2.2"
 peertube_home: "/srv/peertube"
 peertube_url: "https://github.com/Chocobozzz/PeerTube/releases/download/v{{ peertube_version }}/peertube-v{{ peertube_version }}.zip"
 

roles/phpbb/files/dojopeertube.yml

@@ -0,0 +1,7 @@
+---
+name: DojoPeertube
+host: p.nintendojo.fr
+example: https://p.nintendojo.fr/videos/embed/19bc46e8-7640-4417-86a1-03aa2b439508
+extract: "!//p.nintendojo.fr/videos/embed/(?'id'[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12})!"
+iframe:
+    src: "https://p.nintendojo.fr/videos/embed/{@id}"

roles/phpbb/files/mastodon.yml

@@ -0,0 +1,18 @@
+---
+name: "Mastodon"
+host: m.nintendojo.fr
+example: https://mastodon.social/@HackerNewsBot/100181134752056592
+extract: "!//(?'host'[-.\\w]+)/@(?'name'\\w+)/(?'id'\\d+)!"
+oembed:
+    endpoint: https://m.nintendojo.fr/api/oembed
+    scheme: https://m.nintendojo.fr/@{@name}/{@id}
+scrape:
+    - extract: "!\"url\":\"https://(?'host'[-.\\w]+)/@(?'name'\\w+)/(?'id'\\d+)\"!"
+    - match: "!^(?'origin'https://[^/]+)/@\\w+@[-.\\w]+/(?'id'\\d+)!"
+    - url: "{@origin}/api/v1/statuses/{@id}"
+iframe:
+    data-s9e-livepreview-ignore-attrs: "style"
+    onload: "let c=new MessageChannel;c.port1.onmessage=e=>this.style.height=e.data+'px';this.contentWindow.postMessage('s9e:init','*',[c.port2])"
+    width: "550"
+    height: "300"
+    src: https://s9e.github.io/iframe/2/mastodon.min.html#<xsl:value-of select="@name"/><xsl:if test="@host and@host!='mastodon.social'">@<xsl:value-of select="@host"/></xsl:if>/<xsl:value-of select="@id"/>

roles/phpbb/tasks/db.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create phpbb db user
+  community.mysql.mysql_user:
+    login_unix_socket: "/var/run/mysqld/mysqld.sock"
+    login_user: root
+    login_password: "{{ mariadb_root_pass }}"
+    name: "{{ phpbb_maria_user }}"
+    password: "{{ phpbb_maria_password }}"
+    priv: "{{ phpbb_maria_database }}.*:ALL"

roles/phpbb/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Init db
+  ansible.builtin.include_tasks: db.yml
+
+- name: Install phpbb
+  ansible.builtin.include_tasks: phpbb.yml
+
+- name: Install phpbb’s styles
+  ansible.builtin.include_tasks: phpbb_styles.yml
+  loop: "{{ phpbb_styles }}"
+
+- name: Install phpbb’s languages
+  ansible.builtin.include_tasks: phpbb_languages.yml
+  loop: "{{ phpbb_languages }}"
+
+- name: Install phpbb’s extensions
+  ansible.builtin.include_tasks: phpbb_exts.yml
+  loop: "{{ phpbb_exts }}"
+  loop_control:
+    loop_var: ext
+
+- name: Custom part
+  ansible.builtin.include_tasks: phpbb_customs.yml
+
+- name: Migrate db
+  ansible.builtin.include_tasks: migrate_db.yml

roles/phpbb/tasks/migrate_db.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Migrate db
+  become: true
+  become_user: www-data
+  ansible.builtin.command:
+    cmd: "/usr/bin/php bin/phpbbcli.php db:migrate"
+    chdir: "{{ phpbb_app_home }}"
+  changed_when: false
+
+- name: Remove install directory
+  ansible.builtin.file:
+    dest: "{{ phpbb_app_home }}/install"
+    state: absent

roles/phpbb/tasks/phpbb.yml

@@ -0,0 +1,77 @@
+---
+
+- name: Remove phpbb previous version
+  ansible.builtin.file:
+    state: absent
+    dest: "{{ phpbb_app_home }}"
+
+## Handle app data
+- name: Create app home
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ phpbb_app_home }}"
+    owner: root
+    group: www-data
+    mode: "0o750"
+
+- name: Install phpbb application
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ phpbb_url }}"
+    dest: "{{ phpbb_app_home }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    exclude: "{{ phpbb_userdata_app_dirs | map('regex_replace', '^^', 'phpBB' ~ phpbb_major_version ~ '/') }}"
+
+- name: Check writable dirs
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ phpbb_app_home }}/{{ item }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    recurse: true
+  loop: "{{ phpbb_writable_app_dirs }}"
+
+## Handle user data
+- name: Create data home
+  ansible.builtin.file:
+    state: directory
+    path: "{{ phpbb_data_home }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+
+- name: Get data dir
+  ansible.builtin.stat:
+    path: "{{ phpbb_data_home }}/{{ phpbb_userdata_app_dirs[0] }}"
+  register: _phpbb_userdata_dir_stat
+
+- name: Install phpbb data dir
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ phpbb_url }}"
+    dest: "{{ phpbb_data_home }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    include: "{{ phpbb_userdata_app_dirs | map('regex_replace', '^^', 'phpBB' ~ phpbb_major_version ~ '/') }}"
+  when: not _phpbb_userdata_dir_stat.stat.exists
+
+- name: Link phpbb userdata dirs
+  ansible.builtin.file:
+    state: link
+    src: "{{ phpbb_data_home }}/{{ item }}"
+    dest: "{{ phpbb_app_home }}/{{ item }}"
+  loop: "{{ phpbb_userdata_app_dirs }}"
+
+- name: Put phpbb config file
+  ansible.builtin.template:
+    src: config.php.j2
+    dest: "{{ phpbb_app_home }}/config.php"
+    owner: root
+    group: www-data
+    mode: "0o640"

roles/phpbb/tasks/phpbb_customs.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Put logo file
+  ansible.builtin.copy:
+    src: files/ndfr_casual.png
+    dest: "{{ phpbb_app_home }}/styles/prosilver/theme/images/ndfr_casual.png"
+    owner: root
+    group: www-data
+    mode: "0o640"
+
+- name: Replace logo
+  ansible.builtin.lineinfile:
+    path: "{{ phpbb_app_home }}/styles/prosilver/theme/colours.css"
+    search_string: "background-image: url(\"./images/site_logo.svg\");"
+    line: "	background-image: url(\"./images/ndfr_casual.png\");"
+
+- name: Stretch logo (width)
+  ansible.builtin.lineinfile:
+    path: "{{ phpbb_app_home }}/styles/prosilver/theme/common.css"
+    search_string: "width: 149px;"
+    line: "	width: 200px;"
+
+- name: Stretch logo (height)
+  ansible.builtin.lineinfile:
+    path: "{{ phpbb_app_home }}/styles/prosilver/theme/common.css"
+    search_string: "height: 52px;"
+    line: "	height: 80px;"

roles/phpbb/tasks/phpbb_exts.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Create phpbb ext path
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ phpbb_app_home }}/ext/{{ ext.path }}"
+    owner: root
+    group: www-data
+    mode: "0o750"
+
+- name: Extract phpbb ext
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ ext.url | replace('%VERSION%', ext.version) }}"
+    dest: "{{ phpbb_app_home }}/ext/{{ ext.path }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+
+- name: Put extra files
+  ansible.builtin.copy:
+    src: "{{ item.src }}"
+    dest: "{{ phpbb_app_home }}/ext/{{ ext.path }}/{{ item.dest }}"
+    owner: root
+    group: www-data
+    mode: "0o640"
+  loop: "{{ ext.extra_files }}"
+  when: ext.extra_files is defined

roles/phpbb/tasks/phpbb_languages.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Extract phpbb language
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ item.url | replace('%VERSION%', item.version) }}"
+    dest: "{{ phpbb_app_home }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']

roles/phpbb/tasks/phpbb_styles.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Extract style
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ item.url | replace('%VERSION%', item.version) }}"
+    dest: "{{ phpbb_app_home }}/styles/"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']

roles/phpbb/templates/config.php.j2

@@ -0,0 +1,19 @@
+<?php
+// phpBB 3.0.x auto-generated configuration file
+// Do not change anything in this file!
+$dbms = 'mysqli';
+$dbhost = 'localhost';
+$dbport = '';
+$dbname = '{{ phpbb_maria_database }}';
+$dbuser = '{{ phpbb_maria_user }}';
+$dbpasswd = '{{ phpbb_maria_password }}';
+$table_prefix = 'phpbb_';
+$acm_type = 'file';
+$load_extensions = '';
+
+libxml_disable_entity_loader(false);
+
+@define('PHPBB_INSTALLED', true);
+// @define('DEBUG', true);
+// @define('DEBUG_EXTRA', true);
+?>

roles/phpbb/vars/main.yml

@@ -0,0 +1,45 @@
+---
+
+phpbb_version: "3.3.15"
+phpbb_minor_version: "{{ phpbb_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
+phpbb_major_version: "{{ phpbb_version | regex_replace('^([0-9])\\..*', '\\1') }}"
+
+phpbb_url: "https://download.phpbb.com/pub/release/{{ phpbb_minor_version }}/{{ phpbb_version }}/phpBB-{{ phpbb_version }}.tar.bz2"
+phpbb_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'phpbb') | map(attribute='host') | first }}"
+
+# Access path
+phpbb_app_home: "/var/www/{{ phpbb_access_url }}"
+phpbb_data_home: "/srv/www-data/{{ phpbb_access_url }}"
+
+phpbb_writable_app_dirs:
+  - cache
+  - store
+phpbb_userdata_app_dirs:
+  - files
+  - images
+
+phpbb_styles:
+  - name: black
+    version: 3.3.12
+    url: "https://github.com/cabot/black/archive/refs/tags/v%VERSION%.tar.gz"
+
+
+phpbb_languages:
+  - name: fr
+    version: 4.15.0
+    url: "https://github.com/qiaeru/phpbb-language-fr/archive/refs/tags/v%VERSION%.tar.gz"
+
+phpbb_exts:
+  - name: externallink
+    path: martin/externallinkinnewwindow
+    version: 1.2.0
+    url: "https://github.com/Mar-tin-G/ExternalLinkInNewWindow/archive/refs/tags/%VERSION%.tar.gz"
+  - name: mediaembed
+    path: phpbb/mediaembed
+    version: 2.0.2
+    url: "https://github.com/phpbb-extensions/mediaembed/archive/refs/tags/%VERSION%.tar.gz"
+    extra_files:
+      - src: files/mastodon.yml
+        dest: collection/sites/mastodon.yml
+      - src: files/dojopeertube.yml
+        dest: collection/sites/dojopeertube.yml

roles/retrodojo/tasks/main.yml

@@ -3,6 +3,14 @@
 - name: Init db
   ansible.builtin.include_tasks: db.yml
 
+- name: Create retrodojo directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ retrodojo_home }}"
+    owner: root
+    group: www-data
+    mode: "0o750"
+
 - name: Put program file in place
   ansible.builtin.template:
     src: "index.php.j2"

roles/retrodojo/vars/main.yml

@@ -1,4 +1,4 @@
 ---
 
 retrodojo_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'retrodojo') | map(attribute='host') | first }}"
-retrodojo_home: "/srv/http/{{ retrodojo_access_url }}"
+retrodojo_home: "/var/www/{{ retrodojo_access_url }}"

roles/roundcube/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-roundcube_version: "1.6.10"
+roundcube_version: "1.6.11"
 roundcube_url: "https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/roundcubemail-{{ roundcube_version }}-complete.tar.gz"
 
 # calculate the roundcube access URL given the `web_hostname` list

roles/sonarr/vars/main.yml

@@ -1,5 +1,5 @@
 ---
 
-sonarr_version: "4.0.14.2939"
+sonarr_version: "4.0.15.2941"
 sonarr_download_url: "https://github.com/Sonarr/Sonarr/releases/download/v{{ sonarr_version }}/Sonarr.main.{{ sonarr_version }}.linux-x64.tar.gz"
 sonarr_home: "/opt/Sonarr"

roles/spamassassin/files/local.cf

@@ -7,6 +7,9 @@ ok_locales      fr
 score   UNWANTED_LANGUAGE_BODY  5
 score	HTML_IMAGE_RATIO_02		3
 
+rawbody		LOCAL_ryoko				/ryoko/i
+score		LOCAL_ryoko				20.0
+
 rawbody		LOCAL_Enhancement_Gummies /Enhancement Gummies/i
 score		LOCAL_Enhancement_Gummies 20.0
 
@@ -240,6 +243,15 @@ whitelist_from *@reichelt.de
 whitelist_from *@amazon.de
 
 # Blacklist manuel
+blacklist_from *@startkomto.com
+blacklist_from *@todeliv.cloud
+blacklist_from *@*.science
+blacklist_from *@comaxe.cloud
+blacklist_from *@everlustinglife.com
+blacklist_from *@*.cash
+blacklist_from *@folowaunt.de
+blacklist_from *@instarte.online
+blacklist_from *@*.org.rs
 blacklist_from *@domainadmin.com
 blacklist_from *@werstalli.eu
 blacklist_from *@moneyempiregroup.com

roles/vaultwarden/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 
-vaultwarden_version: "1.33.2-0"
+vaultwarden_version: "1.34.1-1"
 vaultwarden_url: "https://github.com/dionysius/vaultwarden-deb/releases/download/debian/{{ vaultwarden_version }}/vaultwarden_{{ vaultwarden_version }}.{{ ansible_distribution_release }}_amd64.deb"
-vaultwarden_web_version: "2025.1.1-2"
+vaultwarden_web_version: "2025.5.0.0-3"
 vaultwarden_web_url: "https://github.com/dionysius/vaultwarden-web-vault-deb/releases/download/debian/{{ vaultwarden_web_version }}/vaultwarden-web-vault_{{ vaultwarden_web_version }}.bookworm_all.deb"

roles/wordpress/files/fastcgi_cache.conf

@@ -1,7 +0,0 @@
-fastcgi_cache_path
-	/dev/shm/nginx
-	levels=1:2
-	keys_zone=wpdojo:25m
-	inactive=1h
-	max_size=250m;
-

roles/wordpress/handlers/main.yml

@@ -1,6 +0,0 @@
----
-
-- name: Restart nginx
-  ansible.builtin.service:
-    name: nginx
-    state: restarted

roles/wordpress/tasks/main.yml

@@ -2,7 +2,5 @@
 
 - name: Init DB
   ansible.builtin.include_tasks: db.yml
-- name: WP for NintendojoFR
-  ansible.builtin.include_tasks: wp_dojo.yml
-- name: WP dev for NintendojoFR
-  ansible.builtin.include_tasks: wpdev_dojo.yml
+- name: Install wordpress
+  ansible.builtin.include_tasks: wordpress.yml

roles/wordpress/tasks/wordpress.yml

@@ -0,0 +1,104 @@
+---
+
+## Remove the previous app & install the new version
+- name: Remove wordpress previous version
+  ansible.builtin.file:
+    state: absent
+    dest: "{{ wordpress_app_home }}"
+
+- name: Create app home
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ wordpress_app_home }}"
+    owner: root
+    group: www-data
+    mode: "0o750"
+
+- name: Install wordpress application
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ wordpress_url }}"
+    dest: "{{ wordpress_app_home }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    exclude: "{{ wordpress_userdata_app_dirs | map('regex_replace', '^', 'wordpress/') }}"
+
+## Ensure the data dirs exist, populate them if not
+- name: Create data home
+  ansible.builtin.file:
+    state: directory
+    path: "{{ wordpress_data_home }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+
+# If the first data dir exists, other should exist too
+- name: Get data dir
+  ansible.builtin.stat:
+    path: "{{ wordpress_data_home }}/{{ wordpress_userdata_app_dirs[0] }}"
+  register: _wordpress_userdata_dir_stat
+
+- name: Install wordpress data dir
+  when: not _wordpress_userdata_dir_stat.stat.exists
+  block:
+    - name: Unarchive wp-content
+      ansible.builtin.unarchive:
+        remote_src: true
+        src: "{{ wordpress_url }}"
+        dest: "{{ wordpress_data_home }}"
+        owner: www-data
+        group: www-data
+        mode: "a-rwx,u+rwX,g+rX"
+        extra_opts: ['--strip-components=1']
+        include: "{{ wordpress_userdata_app_dirs | map('regex_replace', '^', 'wordpress/') | first }}"
+      ## no-wp doesn’t exist by default, creating it
+    - name: Create no-wp
+      ansible.builtin.file:
+        state: directory
+        dest: "{{ wordpress_data_home }}/no-wp"
+        owner: www-data
+        group: www-data
+        mode: "0o750"
+
+- name: Link wordpress userdata dirs
+  ansible.builtin.file:
+    state: link
+    src: "{{ wordpress_data_home }}/{{ item }}"
+    dest: "{{ wordpress_app_home }}/{{ item }}"
+  loop: "{{ wordpress_userdata_app_dirs }}"
+
+# Put config file
+- name: Get secret-key salt
+  ansible.builtin.uri:
+    url: "https://api.wordpress.org/secret-key/1.1/salt/"
+    return_content: true
+  register: _wordpress_secret_salt
+
+- name: Put wordpress configuration file
+  ansible.builtin.template:
+    src: wp-config.php.j2
+    dest: "{{ wordpress_config_path }}"
+    owner: root
+    group: www-data
+    mode: "0o640"
+  vars:
+    salt_block: "{{ _wordpress_secret_salt.content }}"
+
+# Handle languages
+- name: Find & delete default language files inside wp-content
+  ansible.builtin.command:
+    cmd: "find {{ wordpress_data_home }}/wp-content/languages/ -type f -maxdepth 1 -delete"
+  changed_when: true
+
+- name: Reextract language files
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ wordpress_url }}"
+    dest: "{{ wordpress_data_home }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    include: "wordpress/wp-content/languages/"

roles/wordpress/tasks/wp_dojo.yml

@@ -1,16 +0,0 @@
----
-
-- name: Put nginx cache configuration file
-  ansible.builtin.copy:
-    src: files/fastcgi_cache.conf
-    dest: /etc/nginx/conf.d/fastcgi_cache.conf
-    mode: "0o644"
-  notify:
-    - Restart nginx
-
-- name: Cron for wordpress
-  ansible.builtin.cron:
-    name: "WP Twitter refresh"
-    user: www-data
-    minute: "*/2"
-    job: "/usr/bin/wget -q -O - https://www.nintendojo.fr/wp-cron.php &> /dev/null"

roles/wordpress/tasks/wpdev_dojo.yml

@@ -1,9 +0,0 @@
----
-
-- name: Put htpasswd file
-  ansible.builtin.template:
-    src: wwwdev.htpasswd.j2
-    dest: /etc/nginx/wwwdev.htpasswd
-    owner: www-data
-    group: www-data
-    mode: "0o600"

roles/wordpress/templates/wp-config.php.j2

@@ -0,0 +1,98 @@
+<?php
+
+/**
+ * La configuration de base de votre installation WordPress.
+ *
+ * Ce fichier contient les réglages de configuration suivants : réglages MySQL,
+ * préfixe de table, clefs secrètes, langue utilisée, et ABSPATH.
+ * Vous pouvez en savoir plus à leur sujet en allant sur 
+ * {@link http://codex.wordpress.org/Editing_wp-config.php Modifier
+ * wp-config.php} (en anglais). C'est votre hébergeur qui doit vous donner vos
+ * codes MySQL.
+ *
+ * Ce fichier est utilisé par le script de création de wp-config.php pendant
+ * le processus d'installation. Vous n'avez pas à utiliser le site web, vous
+ * pouvez simplement renommer ce fichier en "wp-config.php" et remplir les
+ * valeurs.
+ *
+ * @package WordPress
+ */
+
+// ** Réglages MySQL - Votre hébergeur doit vous fournir ces informations. ** //
+/** Nom de la base de données de WordPress. */
+define('DB_NAME', '{{ wordpress_maria_database }}');
+
+/** Utilisateur de la base de données MySQL. */
+define('DB_USER', '{{ wordpress_maria_user }}');
+
+/** Mot de passe de la base de données MySQL. */
+define('DB_PASSWORD', '{{ wordpress_maria_password }}');
+
+/** Adresse de l'hébergement MySQL. */
+define('DB_HOST', 'localhost');
+
+/** Jeu de caractères à utiliser par la base de données lors de la création des tables. */
+define('DB_CHARSET', 'utf8');
+
+/** Type de collation de la base de données. 
+  * N'y touchez que si vous savez ce que vous faites. 
+  */
+define('DB_COLLATE', '');
+
+/**
+  * Allows direct update of extensions
+  */
+define('FS_METHOD', 'direct');
+
+/**#@+
+ * Clefs uniques d'authentification et salage.
+ *
+ * Remplacez les valeurs par défaut par des phrases uniques !
+ * Vous pouvez générer des phrases aléatoires en utilisant 
+ * {@link https://api.wordpress.org/secret-key/1.1/salt/ le service de clefs secrètes de WordPress.org}.
+ * Vous pouvez modifier ces phrases à n'importe quel moment, afin d'invalider tous les cookies existants.
+ * Cela forcera également tous les utilisateurs à se reconnecter.
+ *
+ * @since 2.6.0
+ */
+{{ salt_block }}
+/**#@-*/
+
+/**
+ * Préfixe de base de données pour les tables de WordPress.
+ *
+ * Vous pouvez installer plusieurs WordPress sur une seule base de données
+ * si vous leur donnez chacune un préfixe unique. 
+ * N'utilisez que des chiffres, des lettres non-accentuées, et des caractères soulignés!
+ */
+$table_prefix  = 'wp_';
+
+/**
+ * Langue de localisation de WordPress, par défaut en Anglais.
+ *
+ * Modifiez cette valeur pour localiser WordPress. Un fichier MO correspondant
+ * au langage choisi doit être installé dans le dossier wp-content/languages.
+ * Par exemple, pour mettre en place une traduction française, mettez le fichier
+ * fr_FR.mo dans wp-content/languages, et réglez l'option ci-dessous à "fr_FR".
+ */
+define('WPLANG', 'fr_FR');
+
+/** 
+ * Pour les développeurs : le mode deboguage de WordPress.
+ * 
+ * En passant la valeur suivante à "true", vous activez l'affichage des
+ * notifications d'erreurs pendant votre essais.
+ * Il est fortemment recommandé que les développeurs d'extensions et
+ * de thèmes se servent de WP_DEBUG dans leur environnement de 
+ * développement.
+ */ 
+define('WP_DEBUG', false); 
+
+/* C'est tout, ne touchez pas à ce qui suit ! Bon blogging ! */
+
+/** Chemin absolu vers le dossier de WordPress. */
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+/** Réglage des variables de WordPress et de ses fichiers inclus. */
+require_once(ABSPATH . 'wp-settings.php');

roles/wordpress/templates/wwwdev.htpasswd.j2

@@ -1 +0,0 @@
-editeurs:{{ webapps_htpasswd_editeurs }}

roles/wordpress/vars/main.yml

@@ -0,0 +1,17 @@
+---
+
+wordpress_version: "6.8.2"
+wordpress_url: "https://fr.wordpress.org/wordpress-{{ wordpress_version }}-fr_FR.tar.gz"
+
+wordpress_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'wordpress') | map(attribute='host') | first }}"
+
+# Access path
+wordpress_app_home: "/var/www/{{ wordpress_access_url }}"
+wordpress_data_home: "/srv/www-data/{{ wordpress_access_url }}"
+
+# App dirs
+wordpress_userdata_app_dirs:
+  - wp-content
+  - no-wp
+
+wordpress_config_path: "{{ wordpress_app_home }}/wp-config.php"

roles/x509/tasks/main.yml

@@ -10,5 +10,5 @@
 
 - name: Set default CA
   ansible.builtin.command: /etc/x509/acme.sh --set-default-ca  --server  letsencrypt
-  register: acme_output
-  changed_when: acme_output.rc != 0
+  register: x509_acme_output
+  changed_when: x509_acme_output.rc != 0