1.2.1 release

.github/workflows/clamav.yml

@@ -9,6 +9,7 @@ on:
       - tests/clamav/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/common.yml

@@ -9,6 +9,7 @@ on:
       - tests/common/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/kodi.yml

@@ -10,6 +10,7 @@ on:
       - tests/kodi/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/mail.yml

@@ -9,6 +9,7 @@ on:
       - tests/mail/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/mariadb.yml

@@ -9,6 +9,7 @@ on:
       - tests/mariadb/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/mpd.yml

@@ -10,6 +10,7 @@ on:
       - tests/mpd/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/musicplayer.yml

@@ -9,6 +9,7 @@ on:
       - tests/musicplayer/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/nextcloud.yml

@@ -15,6 +15,7 @@ on:
       - tests/nextcloud/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/nginx.yml

@@ -9,6 +9,7 @@ on:
       - tests/nginx/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/php_fpm.yml

@@ -9,6 +9,7 @@ on:
       - tests/php_fpm/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/postgresql.yml

@@ -9,6 +9,7 @@ on:
       - tests/postgresql/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/redis.yml

@@ -9,6 +9,7 @@ on:
       - tests/redis/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

.github/workflows/rpmfusion.yml

@@ -9,6 +9,7 @@ on:
       - tests/rpmfusion/**
       - tests/Dockerfile.j2
       - tests/molecule.yml
+      - "!**.md"
 
 jobs:
   Molecule:

README.md

@@ -0,0 +1,98 @@
+
+![Ansible Role: "jgoutin.home.clamav"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.clamav%22/badge.svg)
+![Ansible Role: "jgoutin.home.common"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.common%22/badge.svg)
+![Ansible Role: "jgoutin.home.kodi"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.kodi%22/badge.svg)
+![Ansible Role: "jgoutin.home.musicplayer"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.musicplayer%22/badge.svg)
+![Ansible Role: "jgoutin.home.mail"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.mail%22/badge.svg)
+![Ansible Role: "jgoutin.home.mariadb"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.mariadb%22/badge.svg)
+![Ansible Role: "jgoutin.home.mpd"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.mpd%22/badge.svg)
+![Ansible Role: "jgoutin.home.nextcloud"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.nextcloud%22/badge.svg)
+![Ansible Role: "jgoutin.home.nginx"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.nginx%22/badge.svg)
+![Ansible Role: "jgoutin.home.php_fpm"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.php_fpm%22/badge.svg)
+![Ansible Role: "jgoutin.home.postgresql"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.postgresql%22/badge.svg)
+![Ansible Role: "jgoutin.home.redis"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.redis%22/badge.svg)
+![Ansible Role: "jgoutin.home.rpmfusion"](https://github.com/JGoutin/ansible_home/workflows/Ansible%20Role:%20%22jgoutin.home.rpmfusion%22/badge.svg)
+
+This is a collection of Ansible roles for free software self-hosting.
+
+This collection mainly targets individuals or eventually small companies, but is
+done with professional quality standards.
+
+These roles are done with in mind:
+
+* Up to date and fully featured software.
+* Security.
+* Minimal maintenance.
+
+To achieve well the two first points, [Fedora](https://getfedora.org/) is used
+as the base OS because it always provides up to date versions of software and
+advanced security feature like SELinux by default.
+To again improve the security, hardening roles are applied in addition of some
+security configuration.
+To achieve the minimal maintenance, auto-updates (with auto-reboot, if required)
+are set for all packages every day.
+
+Of course, there are always drawbacks with all choices. In that case, it is the
+risk of an update that break something and makes the service unavailable.
+
+If you absolutely require a perfectly stable service with a 99.99% availability,
+use some other role based on stabler OS like CentOS or Debian and that install
+LTS software versions.
+No guarantee is provided with the use of these roles.
+
+## Roles
+
+For more information on roles, please refer to the 
+[documentation](https://jgoutin.github.io/ansible_home/).
+
+### Main roles
+
+* **common**: Perform common machine initialisation task like configuring:
+  auto-updates, firewall, NTP server, SSH and OS security hardening,...
+* **nextcloud**: Install a [Nextcloud](https://nextcloud.com) server.
+* **musicplayer**: Install a standalone music player, by default 
+  [Lollypop](https://gitlab.gnome.org/World/lollypop).
+* **kodi**: Install a [Kodi](https://kodi.tv) home theater personal computer.
+* **mail**: Install a mail server using [Postfix](http://www.postfix.org/) and
+  [Dovecot](https://www.dovecot.org/).
+* **mpd**: Install a [Music Player Daemon](https://www.musicpd.org/) server.
+
+The **common** role is intended to be used with all other roles and may be
+required by some of them.
+
+### Dependencies roles
+
+These roles are used as main roles dependencies:
+
+* **clamav**: Install [ClamAV](https://www.clamav.net) antivirus.
+* **mariadb**: Install a [MariaDB](https://mariadb.org) database.
+* **nginx**: Install a [Nginx](https://nginx.org) web server.
+* **postgresql**: Install a [PostgreSQL](https://www.postgresql.org) database.
+* **php_fpm**: Install a [PHP-FPM](https://php-fpm.org) server.
+* **redis**: Install [Redis](https://redis.io) in memory data store.
+* **rpmfusion**: Enable [RPMFusion](https://rpmfusion.org) repositories.
+
+## Installation
+
+This collection is available on
+[Ansible Galaxy](https://galaxy.ansible.com/jgoutin/home).
+
+```bash
+ansible-galaxy collection install jgoutin.home
+
+# Dependencies
+ansible-galaxy role install dev-sec.mysql-hardening dev-sec.nginx-hardening dev-sec.os-hardening dev-sec.ssh-hardening
+```
+
+## Example Playbook
+
+```yaml
+---
+- hosts: all
+  become: true
+  collections:
+    - jgoutin.home
+  roles:
+    - common
+    - kodi
+```

galaxy.yml

@@ -2,7 +2,7 @@
 namespace: jgoutin
 name: home
 description: Home free software self-hosting.
-version: 1.1.0
+version: 1.2.1
 readme: readme.md
 authors:
   - jgoutin

index.md

@@ -29,18 +29,18 @@ No guarantee is provided with the use of these roles.
 
 ### Main roles
 
-* [**common**](docs/common.md): Perform common machine initialisation task like
+* [**common**](roles/common/README.md): Perform common machine initialisation task like
   configuring: auto-updates, firewall, NTP server, SSH and OS security
   hardening,...
-* [**nextcloud**](docs/nextcloud.md): Install a
+* [**nextcloud**](roles/nextcloud/README.md): Install a
   [Nextcloud](https://nextcloud.com) server.
-* [**kodi**](docs/kodi.md): Install a [Kodi](https://kodi.tv) home theater
+* [**kodi**](roles/kodi/README.md): Install a [Kodi](https://kodi.tv) home theater
   personal computer.
-* [**musicplayer**](docs/musicplayer.md): Install a standalone music player, by default 
-  [Lollypop](https://gitlab.gnome.org/World/lollypop).
-* [**mail**](docs/mail.md): Install a mail server using
+* [**musicplayer**](roles/musicplayer/README.md): Install a standalone music player, by 
+  default [Lollypop](https://gitlab.gnome.org/World/lollypop).
+* [**mail**](roles/mail/README.md): Install a mail server using
   [Postfix](http://www.postfix.org/) and [Dovecot](https://www.dovecot.org/).
-* [**mpd**](docs/mpd.md): Install a
+* [**mpd**](roles/mpd/README.md): Install a
   [Music Player Daemon](https://www.musicpd.org/) server.
 
 The **common** role is intended to be used with all other roles and may be
@@ -50,18 +50,18 @@ required by some of them.
 
 These roles are used as main roles dependencies:
 
-* [**clamav**](docs/clamav.md): Install [ClamAV](https://www.clamav.net)
+* [**clamav**](roles/clamav/README.md): Install [ClamAV](https://www.clamav.net)
   antivirus.
-* [**mariadb**](docs/mariadb.md): Install a [MariaDB](https://mariadb.org)
+* [**mariadb**](roles/mariadb/README.md): Install a [MariaDB](https://mariadb.org)
   database.
-* [**nginx**](docs/nginx.md): Install a [Nginx](https://nginx.org) web server.
-* [**postgresql**](docs/postgresql.md): Install a
+* [**nginx**](roles/nginx/README.md): Install a [Nginx](https://nginx.org) web server.
+* [**postgresql**](roles/postgresql/README.md): Install a
   [PostgreSQL](https://www.postgresql.org) database.
-* [**php_fpm**](docs/php_fpm.md): Install a [PHP-FPM](https://php-fpm.org)
+* [**php_fpm**](roles/php_fpm/README.md): Install a [PHP-FPM](https://php-fpm.org)
   server.
-* [**redis**](docs/redis.md): Install [Redis](https://redis.io) in memory data
+* [**redis**](roles/redis/README.md): Install [Redis](https://redis.io) in memory data
   store.
-* [**rpmfusion**](docs/rpmfusion.md): Enable [RPMFusion](https://rpmfusion.org)
+* [**rpmfusion**](roles/rpmfusion/README.md): Enable [RPMFusion](https://rpmfusion.org)
   repositories.
 
 ## Installation

readme.md

@@ -0,0 +1 @@
+README.md

roles/common/tasks/main.yml

@@ -361,6 +361,7 @@
     name: fail2ban
     state: started
     enabled: true
+  tags: molecule-idempotence-notest
 
 - name: Ensure admin firewalld zone is present
   firewalld:

roles/mail/tasks/main.yml

@@ -197,6 +197,11 @@
     replace: ""
     regexp: "^\\s*unix_listener lmtp {\\s*#mode = 0666\\s*}$"
 
+- name: Ensure Fail2ban directory is present
+  file:
+    path: /etc/fail2ban/jail.d/
+    state: directory
+
 - name: Ensure Fail2ban is configured
   copy:
     src: mail.local

roles/postgresql/tasks/main.yml

@@ -25,6 +25,7 @@
     mode: 0700
     setype: postgresql_db_t
     recurse: True
+  tags: molecule-idempotence-notest
 
 - name: Ensure PostgreSQL data directory is inititialized
   command: "/usr/bin/initdb -D {{ postgresql_data }}"