Merge pull request 'chore(deps): update ansible/ansible-lint action to v25.12.2' (#25) from renovate/actions into master

.ansible-lint

@@ -1,3 +1,4 @@
 ---
 
-skip_list: []
+exclude_paths:
+- .gitea/

.drone.yml

@@ -1,94 +0,0 @@
----
-kind: pipeline
-type: kubernetes
-name: linter
-
-platform:
-  os: linux
-
-steps:
-- name: markdown lint
-  commands:
-  - markdownlint *.md
-  image: docker.io/volkerraschek/markdownlint:0.31.1
-  resources:
-    limits:
-      cpu: 50
-      memory: 50M
-
-- name: email-notification
-  environment:
-    PLUGIN_HOST:
-      from_secret: smtp_host
-    PLUGIN_USERNAME:
-      from_secret: smtp_username
-    PLUGIN_PASSWORD:
-      from_secret: smtp_password
-    PLUGIN_FROM:
-      from_secret: smtp_mail_address
-  image: docker.io/drillster/drone-email:latest
-  resources:
-    limits:
-      cpu: 50
-      memory: 25M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: sync
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: github
-  image: docker.io/appleboy/drone-git-push:latest
-  resources:
-    limits:
-      cpu: 50
-      memory: 25M
-  settings:
-    branch: master
-    remote: ssh://git@github.com/volker-raschek/networking-role.git
-    force: true
-    ssh_key:
-      from_secret: ssh_key
-
-- name: email-notification
-  environment:
-    PLUGIN_HOST:
-      from_secret: smtp_host
-    PLUGIN_USERNAME:
-      from_secret: smtp_username
-    PLUGIN_PASSWORD:
-      from_secret: smtp_password
-    PLUGIN_FROM:
-      from_secret: smtp_mail_address
-  image: docker.io/drillster/drone-email:latest
-  resources:
-    limits:
-      cpu: 50
-      memory: 25M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  branch:
-  - master
-  event:
-  - cron
-  - push
-  repo:
-  - volker.raschek/networking-role

.gitea/workflows/ansible-linters.yaml

@@ -0,0 +1,20 @@
+name: Ansible Linter
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+
+jobs:
+  ansible-lint:
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6.0.1
+    - name: Run ansible-lint
+      uses: ansible/ansible-lint@v25.12.2
+      with:
+        args: "--config-file .ansible-lint"
+        setup_python: "true"

.gitea/workflows/markdown-linters.yaml

@@ -0,0 +1,18 @@
+name: Lint Markdown files
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+
+jobs:
+  markdown-lint:
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6.0.1
+    - uses: DavidAnson/markdownlint-cli2-action@v21.0.0
+      with:
+        globs: '**/*.md'

.gitignore

@@ -0,0 +1 @@
+.ansible

.markdownlint.yaml

@@ -45,19 +45,17 @@ MD012:
 # MD013/line-length - Line length
 MD013:
   # Number of characters
-  line_length: 80
+  line_length: 120
   # Number of characters for headings
-  heading_line_length: 80
+  heading_line_length: 120
   # Number of characters for code blocks
-  code_block_line_length: 80
+  code_block_line_length: 120
   # Include code blocks
   code_blocks: false
   # Include tables
   tables: false
   # Include headings
   headings: true
-  # Include headings
-  headers: true
   # Strict length checking
   strict: false
   # Stern length checking
@@ -70,11 +68,6 @@ MD022:
   # Blank lines below heading
   lines_below: 1
 
-# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
-MD024:
-  # Only check sibling headings
-  allow_different_nesting: true
-
 # MD025/single-title/single-h1 - Multiple top-level headings in the same document
 MD025:
   # Heading level
@@ -141,4 +134,4 @@ MD046:
 # MD048/code-fence-style - Code fence style
 MD048:
   # Code fence syle
-  style: "backtick"
+  style: "backtick"

.yamllint.yaml

@@ -0,0 +1,17 @@
+#
+# Documentation:
+# https://yamllint.readthedocs.io/en/stable/
+#
+
+rules:
+  brackets:
+    forbid: false
+    min-spaces-inside: 0
+    max-spaces-inside: 2
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+  indentation:
+    spaces: 2
+    indent-sequences: false
+  line-length:
+    max: 360

README.md

@@ -1,7 +1,6 @@
 # networking
 
-[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/networking-role/status.svg)](https://drone.cryptic.systems/volker.raschek/networking-role)
+[![Ansible Role](https://img.shields.io/ansible/role/d/58433)](https://galaxy.ansible.com/volker_raschek/networking)
-[![Ansible Role](https://img.shields.io/ansible/role/d/58433)](https://galaxy.ansible.com/volker_raschek/networking_role)
 
 With following role can the networking stack provided by systemd be configured.
 

defaults/main.yaml

@@ -16,6 +16,7 @@ systemd_networkd_netdev: []
 #   - key: LACPRransmitRate
 #     value: fast
 #   filename: 10-bo0.netdev
+#
 # - netdev_options:
 #   - key: Name
 #     value: br0
@@ -23,6 +24,31 @@ systemd_networkd_netdev: []
 #     value: Bridge
 #   bridge_options: {}
 #   filename: 10-br0.netdev
+#
+# - netdev_options:
+#   - key: Name
+#     value: wg0
+#   - key: Kind
+#     value: wireguard
+#   wireguard_options:
+#   - key: PrivateKey
+#     value: "my-priv-key"
+#   - key: ListenPort
+#     value: "51820"
+#   wireguard_peers:
+#   - name: "a description"
+#     options:
+#     - key: PublicKey
+#       value: "public-key-of-remote-peer"
+#     - key: PresharedKey
+#       value: "preshared-key"
+#     - key: AllowedIPs
+#       value: "allowd-ips"
+#     - key: PersistentKeepalive
+#       value: "25"
+#     - key: Endpoint
+#       value: my-endpoint
+#   filename: 10-wireguard.netdev
 
 systemd_networkd_network: []
 # - match_options:
@@ -42,6 +68,7 @@ systemd_networkd_network: []
 #   - key: RouteMetric
 #     value: 20
 #   filename: 20-wlp.network
+#
 # - match_options:
 #   - key: Name
 #     value: bo0
@@ -60,5 +87,26 @@ systemd_networkd_network: []
 #   dhcp_options:
 #   - key: RouteMetric
 #     value: 10
+#
+# - match_options:
+#   - key: Name
+#     value: wg0
+#   network_options:
+#   - key: DNS
+#     value: "1.2.3.4"
+#   - key: DNSDefaultRoute
+#     value: "false"
+#   addresses:
+#   - options:
+#     - key: Address
+#       value: "192.168.178.100/32"
+#   routes:
+#   - name: VPN-Network
+#     options:
+#     - key: Destination
+#       value: "192.168.178.0/24"
+#     - key: Gateway
+#       value: "192.168.178.100"
+#   filename: "50-wireguard.network"
 
-systemd_timesyncd_timezone: Europe/Berlin
+systemd_timesyncd_timezone: Europe/Berlin

handlers/main.yaml

@@ -1,7 +1,7 @@
 ---
 
-- name: restart networkd
+- name: Restart networkd
-  systemd:
+  ansible.builtin.systemd:
     name: "{{ item }}"
     state: restarted
     daemon_reload: true

meta/main.yaml

@@ -0,0 +1,22 @@
+dependencies: []
+galaxy_info:
+  author: Markus Pesch
+  company: Cryptic Systems
+  description: Role to configure network interfaces via systemd on different distributions
+  license: MIT
+  min_ansible_version: "2.9"
+  namespace: volker-raschek
+  platforms:
+  - name: ArchLinux
+    versions:
+    - all
+  - name: EL
+    versions:
+    - all
+  - name: Fedora
+    versions:
+    - all
+  - name: Ubuntu
+    versions:
+    - all
+  role_name: networking

meta/main.yml

@@ -1,52 +0,0 @@
-galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
-
-  min_ansible_version: 2.1
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.

renovate.json

@@ -1,17 +1,9 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "assignees": [ "volker.raschek" ],
+  "extends": [
-  "automergeStrategy": "merge-commit",
+    "local>volker.raschek/renovate-config:default#master",
-  "automergeType": "pr",
+    "local>volker.raschek/renovate-config:container#master",
-  "labels": [ "renovate" ],
+    "local>volker.raschek/renovate-config:actions#master",
-  "packageRules": [
+    "local>volker.raschek/renovate-config:regexp#master"
-    {
+  ]
-      "addLabels": [ "renovate/droneci", "renovate/automerge" ],
+}
-      "automerge": true,
-      "matchManagers": "droneci",
-      "matchUpdateTypes": [ "minor", "patch"]
-    }
-  ],
-  "rebaseLabel": "renovate/rebase",
-  "rebaseWhen": "behind-base-branch"
-}

tasks/main.yaml

@@ -1,89 +1,89 @@
 ---
 
-- name: Load variables
+- name: "Include OS-specific variables"
-  include_vars: "{{ ansible_os_family }}.yml"
+  ansible.builtin.include_vars: "{{ ansible_facts['os_family'] }}.yaml"
 
-- name: "remove existing systemd-networkd configuration"
+- name: "Remove existing systemd-networkd configuration"
-  file:
+  ansible.builtin.file:
     path: "/etc/systemd/network"
     state: absent
 
-- name: "create systemd-networkd directory"
+- name: "Create systemd-networkd directory"
-  file:
+  ansible.builtin.file:
     path: "/etc/systemd/network"
     owner: root
     group: root
-    mode: 0755
+    mode: "0755"
     state: directory
 
 - name: Create systemd.netdev files
   block:
   - name: Create systemd.netdev files
-    template:
+    ansible.builtin.template:
       src: systemd.netdev.j2
       dest: "/etc/systemd/network/{{ item.filename }}"
       owner: "{{ systemd_networkd_unix_user }}"
       group: "{{ systemd_networkd_unix_user }}"
-      mode: 0644
+      mode: "0644"
-    when: item.netdev_options is defined and
+    when:
-          item.netdev_options | selectattr("key", "==", "Kind") and
+      item.netdev_options is defined and
-          item.netdev_options | selectattr("value", "!=", "WireGuard")
+      (item.netdev_options | selectattr('key', 'equalto', 'Kind') | map(attribute='value') | first) != 'wireguard'
     with_items: "{{ systemd_networkd_netdev }}"
 
   - name: Create sensitive systemd.netdev files
-    template:
+    ansible.builtin.template:
       src: systemd.netdev.j2
       dest: "/etc/systemd/network/{{ item.filename }}"
       owner: "{{ systemd_networkd_unix_user }}"
       group: "{{ systemd_networkd_unix_user }}"
-      mode: 0600
+      mode: "0600"
     when: item.netdev_options is defined and
-          item.netdev_options | selectattr("key", "equalto", "Kind") and
+          (item.netdev_options | selectattr('key', 'equalto', 'Kind') | map(attribute='value') | first) == 'wireguard'
-          item.netdev_options | selectattr("value", "equalto", "WireGuard")
     with_items: "{{ systemd_networkd_netdev }}"
-    notify: restart networkd
+    no_log: true
+    notify: Restart networkd
 
 - name: Create systemd.networkd files
-  template:
+  ansible.builtin.template:
     src: systemd.network.j2
     dest: "/etc/systemd/network/{{ item.filename }}"
     owner: "{{ systemd_networkd_unix_user }}"
     group: "{{ systemd_networkd_unix_user }}"
-    mode: 0644
+    mode: "0644"
   with_items: "{{ systemd_networkd_network }}"
-  notify: restart networkd
+  notify: Restart networkd
 
 - name: Create symlink to use systemd-resolved's stub-listener
-  file:
+  ansible.builtin.file:
     src: /run/systemd/resolve/stub-resolv.conf
     dest: /etc/resolv.conf
     state: link
-    force: yes
+    force: true
-    follow: no
+    follow: false
     owner: root
     group: root
 
-- name: start and enable networkd
+- name: Start and enable systemd-networkd
-  service:
+  ansible.builtin.systemd:
     name: systemd-networkd
     state: started
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true
 
-- name: start and enable resolved
+- name: Start and enable systemd-resolved
-  service:
+  ansible.builtin.systemd:
     name: systemd-resolved
     state: started
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true
 
-- name: set timezone
+- name: Set system timezone
-  timezone:
+  community.general.timezone:
     name: "{{ systemd_timesyncd_timezone }}"
 
-- name: start and enable timesyncd
+- name: Start and enable systemd-timesyncd
-  service:
+  ansible.builtin.systemd:
     name: systemd-timesyncd
     state: started
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true

templates/systemd.netdev.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: True
 #
 # {{ ansible_managed }}
 #
@@ -30,9 +31,17 @@
 {% endfor %}
 {% endif %}
 
-{% if item.wireguard_peer_options is defined and item.wireguard_peer_options | length > 0 %}
+{% if item.wireguard_peers is defined %}
+{% for wireguard_peer in item.wireguard_peers %}
+{% if wireguard_peer.options is defined and wireguard_peer.options | length > 0 %}
+{% if wireguard_peer.name is defined and wireguard_peer.name | length > 0 %}
+# {{ wireguard_peer.name }}
+{% endif %}
 [WireGuardPeer]
-{% for wireguard_peer_option in item.wireguard_peer_options %}
+{% for option in wireguard_peer.options %}
-{{ wireguard_peer_option.key }}={{ wireguard_peer_option.value }}
+{{ option.key }}={{ option.value }}
 {% endfor %}
 {% endif %}
+
+{% endfor %}
+{% endif %}

templates/systemd.network.j2

@@ -1,4 +1,4 @@
-#jinja2: lstrip_blocks: "True", trim_blocks: "True"
+#jinja2: lstrip_blocks: True
 #
 # {{ ansible_managed }}
 #
@@ -24,19 +24,32 @@
 {% endfor %}
 {% endif %}
 
-{% if item.addresses is defined and item.addresses | length > 0 %}
+{% if item.addresses is defined %}
 {% for address in item.addresses %}
+{% if address.options is defined and address.options | length > 0 %}
+{% if address.name is defined and address.name | length > 0 %}
+# {{ address.name }}
+{% endif %}
 [Address]
-{% for address_option in address.options %}
+{% for option in address.options %}
-{{ address_option.key }}={{ address_option.value }}
+{{ option.key }}={{ option.value }}
 {% endfor %}
+{% endif %}
 
 {% endfor %}
 {% endif %}
 
-{% if item.route_options is defined and item.route_options | length > 0 %}
+{% if item.routes is defined %}
+{% for route in item.routes %}
+{% if route.options is defined and route.options | length > 0 %}
+{% if route.name is defined and route.name | length > 0 %}
+# {{ route.name }}
+{% endif %}
 [Route]
-{% for route_option in item.route_options %}
+{% for option in route.options %}
-{{ route_option.key }}={{ route_option.value }}
+{{ option.key }}={{ option.value }}
+{% endfor %}
+{% endif %}
+
 {% endfor %}
 {% endif %}

vars/Archlinux.yaml

@@ -1,4 +1,4 @@
 ---
 
 systemd_networkd_unix_user: systemd-network
-systemd_networkd_unix_group: systemd-network
+systemd_networkd_unix_group: systemd-network

vars/Debian.yaml

@@ -1,4 +1,4 @@
 ---
 
 systemd_networkd_unix_user: systemd-network
-systemd_networkd_unix_group: systemd-network
+systemd_networkd_unix_group: systemd-network

vars/RedHat.yaml

@@ -3,4 +3,4 @@
 systemd_networkd_unix_user: systemd-network
 systemd_networkd_unix_group: systemd-network
 
-systemd_networkd_package_names: []
+systemd_networkd_package_names: []