diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..a615141 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,5 @@ +skip_list: + - "yaml" + - "risky-shell-pipe" + - "role-name" + - "command-instead-of-module" diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..e0971a6 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,3 @@ +# These are supported funding model platforms +--- +github: asyrafnorafandi diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..757819c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,43 @@ +--- +name: Bug report +about: Create a report to help us improve +title: "bug: " +labels: "kind/bug" +assignees: "" +--- + +> [!CAUTION] +> Remember to redact any sensitive information such as authentication credentials or license keys. + +### Describe the bug + +A clear and concise description of what the bug is: <...> + +### To reproduce + +Steps to reproduce the bug: + +1. I have deployed/run the Ansible NGINX role using the following `playbook.yml`: <...> +2. I have seen the following error(s) on my terminal output/logs: <...> + +### Expected behavior + +A clear and concise description of what you expected to happen: <...> + +### Your environment + +- Version of the Ansible NGINX role (or specific commit): <...> +- Version of Ansible: <...> +- Version of Jinja2 (if you are using any templating capability): <...> +- How is Ansible being managed (CLI/pipeline/Automation Hub/etc...): <...> +- Target deployment platform(s): <...> + +### Additional context (optional) + +Add any other context about the problem here. + +**Open Source Acknowledgment** + +- [ ] I understand that this is an open-source project maintained by volunteers. While the team will make efforts to + address this issue, I acknowledge that there may not be an immediate resolution, and the issue might not be addressed + if it doesn't align with the project's goals or resources. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..4f7f3ef --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,23 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: "feature: " +labels: "kind/enhancement" +assignees: "" +--- + +### Is your feature request related to a problem? Please describe + +A clear and concise description of what the problem is (e.g. I'm always frustrated when ...): <...> + +### Describe the solution you'd like + +A clear and concise description of what you would like to happen. + +### Describe alternatives you've considered + +A clear and concise description of any alternative solutions you've considered. + +### Additional context (optional) + +Add any other context or screenshots about the feature request here. diff --git a/.github/pr-labeler.yml b/.github/pr-labeler.yml new file mode 100644 index 0000000..072e086 --- /dev/null +++ b/.github/pr-labeler.yml @@ -0,0 +1,9 @@ +"kind/ci": ci/* +"kind/bug": ["fix/*", "bug/*"] +"kind/chore": chore/* +"kind/refactor": refactor/* +"kind/release": release/* +"kind/revert": revert/* +"kind/security": security/* +"kind/documentation": ["documentation/*", "doc/*"] +"kind/enhancement": ["feat/*", "feature/*"] diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..c370b08 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,12 @@ +### Proposed changes + +Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) in this PR's description or commit message. + +### Checklist + +Before creating a PR, run through this checklist and mark each as complete: + +- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md). +- [ ] If applicable, I have added Molecule tests that prove my fix is effective or that my feature works. +- [ ] If applicable, I have checked that any relevant Molecule tests pass after adding my changes. +- [ ] I have updated any relevant documentation ([`defaults/*.yml`](/defaults/), [`README.md`](/README.md) and [`CHANGELOG.md`](/CHANGELOG.md)). diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000..9018829 --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,19 @@ +name: Ansible Lint + +on: + pull_request: + branches: + - main + push: + branches: + - main + +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run ansible-lint + uses: ansible/ansible-lint@v24.7.0 diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml new file mode 100644 index 0000000..7a410cb --- /dev/null +++ b/.github/workflows/pr-labeler.yml @@ -0,0 +1,20 @@ +name: PR Labeler + +on: + pull_request: + types: [opened] + +permissions: + contents: read + +jobs: + pr-labeler: + permissions: + contents: read # for TimonVS/pr-labeler-action to read config file + pull-requests: write # for TimonVS/pr-labeler-action to add labels in PR + runs-on: ubuntu-latest + steps: + - uses: TimonVS/pr-labeler-action@v5 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..9f3dad3 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,20 @@ +name: Release Galaxy Role + +"on": + push: + tags: + - "*" + +jobs: + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + + - name: galaxy + uses: robertdebock/galaxy-action@1.2.0 + with: + galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} + git_branch: ${{ github.ref_name }} diff --git a/.github/workflows/semantic-title.yml b/.github/workflows/semantic-title.yml new file mode 100644 index 0000000..82bd585 --- /dev/null +++ b/.github/workflows/semantic-title.yml @@ -0,0 +1,38 @@ +name: "Semantic Title Check" + +on: + pull_request: + types: + - opened + - edited + - synchronize + - reopened + +permissions: + pull-requests: read + +jobs: + main: + name: Validate PR title + runs-on: ubuntu-latest + steps: + # https://github.com/commitizen/conventional-commit-types/blob/master/index.json + - uses: amannn/action-semantic-pull-request@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + types: | + bug + fix + hotfix + chore + ci + feat + doc + epic + perf + refactor + release + revert + test + security diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..38e047b --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,31 @@ +--- +name: Close inactive issues + +on: + schedule: + - cron: "0 0 * * 1" + +jobs: + close-issues: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: actions/stale@v8 + with: + days-before-stale: 120 + days-before-close: 60 + exempt-issue-labels: bug,pinned,security,planned + exempt-pr-labels: bug,pinned,security,planned + stale-issue-label: "stale" + stale-pr-label: "stale" + stale-issue-message: | + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + close-issue-message: | + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. + stale-pr-message: | + This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + close-pr-message: | + This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. + repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..7c98586 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,28 @@ +name: Molecule Tests + +on: + pull_request: + branches: + - main + push: + branches: + - main + +jobs: + molecule: + name: Run Tests + strategy: + matrix: + os: + - ubuntu-22.04 + runs-on: ${{ matrix.os }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Molecule + uses: gofrolist/molecule-action@v2 + with: + molecule_command: test + env: + ANSIBLE_FORCE_COLOR: "1" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b671d1b --- /dev/null +++ b/.gitignore @@ -0,0 +1,25 @@ +# Any private crt and keys # +############################ +*.crt +*.key +*~ +\#* + +# OS Specific # +############### +Thumbs.db +.DS_Store +.vscode + +# Ansible specific # +#################### +.cache +*.retry + +# Python specific # +################### +__pycache__ + +# Logs # +######## +*.log diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..08de67a --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,79 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our community include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and it also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at [INSERT CONTACT EMAIL]. All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of actions. + +**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html). + +Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). + +For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq). Translations are available at [https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations). + +[homepage]: https://www.contributor-covenant.org diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..d7884c0 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,58 @@ +# Contributing to [Ansible Role Name] + +First off, thank you for considering contributing to our Ansible role! Your contributions help make this project better for everyone. + +The following is a set of guidelines for contributing to this repository. These are mostly guidelines, not rules. Use your best judgment, and feel free to propose changes to this document in a pull request. + +## Table of Contents + +1. [How to Contribute](#how-to-contribute) +2. [Reporting Bugs](#reporting-bugs) +3. [Suggesting Enhancements](#suggesting-enhancements) +4. [Submitting a Pull Request](#submitting-a-pull-request) +5. [Code Style Guidelines](#code-style-guidelines) +6. [License](#license) + +## How to Contribute + +### Reporting Bugs + +If you find a bug, please report it by opening an issue on GitHub. Provide as much detail as possible, including steps to reproduce the bug, the environment in which the bug occurs, and any relevant error messages. + +### Suggesting Enhancements + +If you have an idea for an enhancement or a new feature, please open an issue on GitHub with the suggestion. Describe your proposed enhancement in detail, including any specific use cases or examples. + +### Submitting a Pull Request + +1. **Fork the repository** and create a new branch for your feature or bugfix. It's best to create a branch with a descriptive name (e.g., `feature/add-logging-support` or `bugfix/fix-issue-42`). + +2. **Write your code** with clear and descriptive commit messages. + +3. **Test your changes** to ensure they work as expected and do not break any existing functionality. If applicable, add tests to verify the behavior of your code. + +4. **Update the documentation** as needed, especially if your changes affect how users interact with the role. + +5. **Create a pull request** on GitHub. In the pull request description, explain the changes you made and why they are necessary. Reference any related issues if applicable. + +6. **Collaborate with reviewers** by addressing feedback and making any necessary revisions to your pull request. Be responsive and open to discussions to help improve the contribution. + +### Code Style Guidelines + +- **Ansible Best Practices**: Follow [Ansible Best Practices](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html) for structuring your playbooks, tasks, and roles. + +- **YAML Syntax**: Use consistent indentation (2 spaces) and avoid trailing whitespaces. Keep YAML syntax clear and concise. + +- **Documentation**: Ensure that any variables, defaults, or tasks are well-documented in the role's `README.md` or within the relevant files. + +- **Idempotency**: Ensure that tasks are idempotent, meaning that running the role multiple times should not change the system's state if it has already been applied. + +- **Testing**: If possible, add or update tests using a tool like [Molecule](https://molecule.readthedocs.io/) to verify the role's functionality. Tests help catch regressions and ensure that contributions work as expected. + +### License + +By contributing to this repository, you agree that your contributions will be licensed under the repository's [MIT License](./LICENSE). + +## Thank You! + +Thank you for your interest in contributing to our project! We value your time and effort, and we appreciate your help in making this Ansible role better for the community. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..18d15d4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 Asyraf Norafandi + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..23161f1 --- /dev/null +++ b/README.md @@ -0,0 +1,64 @@ +
+
+ + +
+ +
+ ansible + jinja +
+ +

Ansible Role: (Name of Role)

+ +
+ An Ansible Role that installs an (Name of Role) on Linux +
+
+ +## πŸ“‹ Table of Contents + + + +1. βš™οΈ [Requirements](#requirements) +2. βœ… [Role Variables](#variables) +3. πŸ”— [Dependencies](#dependencies) +4. πŸš€ [Quick Start](#quick-start) +5. πŸ“œ [License](#license) +6. 🧐 [Author Information](#author) + +## βš™οΈ Hardware requirements + +| Component | Requirement | +| --------- | --------------------------------- | +| System | Ubuntu 22.04 | +| CPU | 12 cores - minimum 4 Ghz per core | +| Memory | 32 GB | +| Hard | Disk 1 TB SSD NVMe | + +## βœ… Role Variables + +| Key | Description | Requirement | Default | +| -------------- | --------------- | ----------- | ------- | +| | | optional | true | + +## πŸ•ΈοΈ Dependencies + +```bash +# Install dependencies locally +$ ansible-galaxy install -r requirements.yml +``` + +## πŸ”— Quick Start + +Steps to get started: + +## πŸ“œ License + +MIT / BSD + +## 🧐 Author Information + +This role was created in 2024 by [Asyraf Norafandi](https://www.github.com/asyrafnorafandi) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..b761944 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,39 @@ +# Security Policy + +## Supported Versions + +We actively support the following versions of the Ansible role. If you are using an older version, please consider upgrading to receive the latest security updates and improvements. + +| Version | Supported | +| ------- | ------------------ | +| x.y.z | :white_check_mark: | +| a.b.c | :white_check_mark: | +| < a.b.c | :x: | + +## Reporting a Vulnerability + +If you discover a security vulnerability in this Ansible role, we appreciate your help in disclosing it to us in a responsible manner. Please follow the steps below: + +1. **Do not report vulnerabilities in public GitHub issues.** Instead, send an email to [SECURITY_CONTACT_EMAIL]. Use a descriptive subject line such as "Security Vulnerability in [Ansible Role Name]". + +2. **Provide as much detail as possible** about the vulnerability. Include details on how to reproduce the issue, the potential impact, and any suggestions you may have for fixing the issue. + +3. We will acknowledge receipt of your report within 2 business days and begin an investigation. We will work with you to understand the issue and address it as quickly as possible. + +4. **Security patches** will be released as part of the regular update process. We will inform you of the outcome of our investigation and the timeline for a fix. + +5. To protect users, we will keep details of the vulnerability private until a fix is released. Once the vulnerability is fixed, we will publicly acknowledge your contribution unless you prefer to remain anonymous. + +## Security Best Practices + +To help ensure the security of your deployments, we recommend the following best practices when using this Ansible role: + +- **Keep your dependencies up-to-date**: Regularly update Ansible and other dependencies to their latest versions to ensure you have the latest security patches. + +- **Review the role's configuration**: Ensure that the variables and configurations you use with the role are secure and do not expose sensitive information. + +- **Test changes in a safe environment**: Before deploying changes to production, test them in a staging environment to ensure they do not introduce security vulnerabilities. + +## Thank You + +We appreciate your efforts to help keep this project secure and to protect the community's systems. Your contributions are vital to the success of this project and its users. diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..67dacc1 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# Default variables diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..4eb7970 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# Handler / Action hooks diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..b0e40c9 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,31 @@ +--- +# Dependencies (Optional) +# dependencies: +# - role: geerlingguy.swap +# become: true +# when: swap_enabled == true + +# Collections (Optional) +# collections: +# - community.general + +# Galaxy Info Metadata +galaxy_info: + role_name: template + author: "Asyraf Norafandi" + description: Ansible role template + license: "license (BSD, MIT)" + min_ansible_version: "2.10" + platforms: + - name: Debian + versions: + - buster + - bullseye + - bookworm + - name: Ubuntu + versions: + - jammy + - noble + galaxy_tags: + - system + - server diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..ea1bcea --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,9 @@ +--- +- name: Converge + hosts: localhost + + tasks: + - name: Testing role + ansible.builtin.include_role: + name: template + tasks_from: main.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..38e89d1 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,11 @@ +--- +role_name_check: 1 +dependency: + name: galaxy + options: + ignore-errors: true +platforms: + - name: instance + image: ubuntu:22.04 + privileged: true + pre_build_image: true diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..2b984cd --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: Run ping test + ansible.builtin.ping: diff --git a/templates/sample.service.j2 b/templates/sample.service.j2 new file mode 100644 index 0000000..15694d7 --- /dev/null +++ b/templates/sample.service.j2 @@ -0,0 +1,14 @@ +[Unit] +Description=Sample + +[Service] +User=sample +Group=sample + +ExecStart=/usr/local/bin/sample + +Restart=always +RestartSec=120 + +[Install] +WantedBy=multi-user.target diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..fae244c --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# Sample vars file