updating namespace and links of role

.github/workflows/integration_test_result.yml

@@ -13,7 +13,7 @@ jobs:
     timeout-minutes: 1
     env:
       CI_JOB: 'ansible-test-molecule-${{ github.event.repository.name }}'
-      CI_DOMAIN: 'ci.ansibleguy.net'
+      CI_DOMAIN: 'ci.oss.oxl.app'
 
     steps:
       - name: Checkout

.github/workflows/integration_test_run.yml

@@ -10,7 +10,7 @@ jobs:
     timeout-minutes: 1
     env:
       CI_JOB: 'ansible-test-molecule-${{ github.event.repository.name }}'
-      CI_DOMAIN: 'ci.ansibleguy.net'
+      CI_DOMAIN: 'ci.oss.oxl.app'
 
     steps:
       - name: Checkout

.github/workflows/lint.yml

@@ -63,7 +63,7 @@ jobs:
       - name: Preparing for AnsibleLint
         run: |
           mkdir -p '/tmp/ansible_lint/roles/'
-          ln -s "${{ github.workspace }}" "/tmp/ansible_lint/roles/ansibleguy.${{ github.event.repository.name }}"
+          ln -s "${{ github.workspace }}" "/tmp/ansible_lint/roles/oxlorg.certs"
         shell: bash
 
       - name: Running AnsibleLint

LICENSE.txt

@@ -7,5 +7,5 @@ The above copyright notice and this permission notice shall be included in all c
 
 THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-E-Mail: contact@ansibleguy.net
+E-Mail: contact@oxl.at
-Web: https://github.com/ansibleguy
+Web: https://github.com/O-X-L

README.md

@@ -2,16 +2,16 @@
 
 Ansible Role to create certificates to use on a linux server.
 
-[![Lint](https://github.com/ansibleguy/infra_certs/actions/workflows/lint.yml/badge.svg)](https://github.com/ansibleguy/infra_certs/actions/workflows/lint.yml)
+[![Lint](https://github.com/O-X-L/ansible-role-certs/actions/workflows/lint.yml/badge.svg)](https://github.com/O-X-L/ansible-role-certs/actions/workflows/lint.yml)
-[![Ansible Galaxy](https://badges.ansibleguy.net/galaxy.badge.svg)](https://galaxy.ansible.com/ui/standalone/roles/ansibleguy/infra_certs)
+[![Ansible Galaxy](https://badges.oss.oxl.app/galaxy.badge.svg)](https://galaxy.ansible.com/ui/standalone/roles/oxlorg/certs)
 
 **Molecule Integration-Tests**:
 
-* Status: [![Molecule Test Status](https://badges.ansibleguy.net/infra_certs.molecule.svg)](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/molecule.sh.j2) |
+* Status: [![Molecule Test Status](https://badges.oss.oxl.app/infra_certs.molecule.svg)](https://github.com/O-X-L/ansible-role-oxl-cicd/blob/latest/templates/usr/local/bin/cicd/molecule.sh.j2) |
-[![Functional-Tests](https://github.com/ansibleguy/infra_certs/actions/workflows/integration_test_result.yml/badge.svg)](https://github.com/ansibleguy/infra_certs/actions/workflows/integration_test_result.yml)
+[![Functional-Tests](https://github.com/O-X-L/ansible-role-certs/actions/workflows/integration_test_result.yml/badge.svg)](https://github.com/O-X-L/ansible-role-certs/actions/workflows/integration_test_result.yml)
-* Logs: [API](https://ci.ansibleguy.net/api/job/ansible-test-molecule-infra_certs/logs?token=2b7bba30-9a37-4b57-be8a-99e23016ce70&lines=1000) | [Short](https://badges.ansibleguy.net/log/molecule_infra_certs_test_short.log) | [Full](https://badges.ansibleguy.net/log/molecule_infra_certs_test.log)
+* Logs: [API](https://ci.oss.oxl.app/api/job/ansible-test-molecule-infra_certs/logs?token=2b7bba30-9a37-4b57-be8a-99e23016ce70&lines=1000) | [Short](https://badges.oss.oxl.app/log/molecule_infra_certs_test_short.log) | [Full](https://badges.oss.oxl.app/log/molecule_infra_certs_test.log)
 
-Internal CI: [Tester Role](https://github.com/ansibleguy/_meta_cicd) | [Jobs API](https://github.com/O-X-L/github-self-hosted-jobs-systemd)
+Internal CI: [Tester Role](https://github.com/O-X-L/ansible-role-oxl-cicd) | [Jobs API](https://github.com/O-X-L/github-self-hosted-jobs-systemd)
 
 
 **Tested:**
@@ -24,13 +24,13 @@ Internal CI: [Tester Role](https://github.com/ansibleguy/_meta_cicd) | [Jobs API
 
 ```bash
 # latest
-ansible-galaxy role install git+https://github.com/ansibleguy/infra_certs
+ansible-galaxy role install git+https://github.com/O-X-L/ansible-role-certs
 
 # from galaxy
-ansible-galaxy install ansibleguy.infra_certs
+ansible-galaxy install oxlorg.certs
 
 # or to custom role-path
-ansible-galaxy install ansibleguy.infra_certs --roles-path ./roles
+ansible-galaxy install oxlorg.certs --roles-path ./roles
 
 # install dependencies
 ansible-galaxy install -r requirements.yml
@@ -60,8 +60,8 @@ certs:
   letsencrypt:
     certs:
       myNiceSite:
-        domains: ['myRandomSite.net', 'ansibleguy.net']
+        domains: ['myRandomSite.net', 'oxl.at']
-        email: 'certs@template.ansibleguy.net'
+        email: 'certs@template.oxl.at'
     service: 'apache'
 ```
 
@@ -79,8 +79,8 @@ certs:
     cn: 'My great certificate!'
     org: 'AnsibleGuy'
     country: 'AT'
-    email: 'certs@template.ansibleguy.net'
+    email: 'certs@template.oxl.at'
-    domains: ['mySoGreat.site', 'ansibleguy.net']
+    domains: ['mySoGreat.site', 'oxl.at']
     ips: ['192.168.44.2']
     pwd: !vault ...
 ```
@@ -97,14 +97,14 @@ certs:
     cn: 'My great certificate!'
     org: 'AnsibleGuy'
     country: 'AT'
-    email: 'certs@template.ansibleguy.net'
+    email: 'certs@template.oxl.at'
-    domains: ['mySoGreat.site', 'ansibleguy.net']
+    domains: ['mySoGreat.site', 'oxl.at']
   ca:
     path: '/etc/ca'
     cn: 'SUPER CertificateAuthority'
     org: 'AnsibleGuy'
     country: 'AT'
-    email: 'certs@template.ansibleguy.net'
+    email: 'certs@template.oxl.at'
     pwd: !vault ...
 ```
 
@@ -165,10 +165,10 @@ ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes
 
 * **Note:** Most of the role's functionality can be opted in or out.
 
-  For all available options - see the default-config located in [the main defaults-file](https://github.com/ansibleguy/infra_certs/blob/latest/defaults/main/1_main.yml)!
+  For all available options - see the default-config located in [the main defaults-file](https://github.com/O-X-L/ansible-role-certs/blob/latest/defaults/main/1_main.yml)!
 
 
-* **Note:** If you have the need to **mass manage certificates** - you might want to check out the [ansibleguy.infra_pki](https://github.com/ansibleguy/infra_pki) role that enables you to create and manage a full **P**ublic **K**ey **I**nfrastructure.
+* **Note:** If you have the need to **mass manage certificates** - you might want to check out the [oxlorg.pki](https://github.com/O-X-L/ansible-role-pki) role that enables you to create and manage a full **P**ublic **K**ey **I**nfrastructure.
 
 
 * **Note:** The certificate file-name (_name variable as defined or else CommonName_) will be updated:

defaults/main/1_main.yml

@@ -13,7 +13,7 @@ defaults_certs:
     name:
     key_size: 4096  # 1024, 2048, 4096
     key_type: 'ECC'
-    curve: 'secp256r1'
+    curve: 'prime256v1'
     cipher: 'auto'
     digest: 'sha256'
     regenerate: 'partial_idempotence'
@@ -72,7 +72,7 @@ defaults_certs:
     valid_days: 7300
     key_size: 8192  # 1024, 2048, 4096, 8192
     key_type: 'ECC'
-    curve: 'secp256r1'
+    curve: 'prime256v1'
     cipher: 'auto'
     digest: 'sha512'
     regenerate: 'partial_idempotence'
@@ -91,8 +91,8 @@ defaults_certs:
 # letsencrypt example:
 # certs:
 #   example1:
-#     domains: ['example1.ansibleguy.net']
+#     domains: ['example1.oxl.at']
-#     email: 'dummy@ansibleguy.net'
+#     email: 'dummy@oxl.at'
 #   example2:
-#     domains: ['example2.ansibleguy.net']
+#     domains: ['example2.oxl.at']
-#     email: 'dummy@ansibleguy.net'
+#     email: 'dummy@oxl.at'

filter_plugins/utils.py

@@ -111,6 +111,9 @@ class FilterModule(object):
     @staticmethod
     def ensure_list(data: (str, dict, list)) -> list:
         # if user supplied a string instead of a list => convert it to match our expectations
+        if data is None:
+            return []
+
         if isinstance(data, list):
             return data
 

meta/main.yml

@@ -1,16 +1,18 @@
 ---
 
 galaxy_info:
-  author: 'AnsibleGuy <guy@ansibleguy.net>'
+  author: 'Rath Pascal <contact@oxl.at>'
-  namespace: 'ansibleguy'
+  namespace: 'oxlorg'
   license: 'MIT'
-  issue_tracker_url: 'https://github.com/ansibleguy/infra_certs/issues'
+  issue_tracker_url: 'https://github.com/O-X-L/ansible-role-certs/issues'
   min_ansible_version: '2.14'
   description: 'Meat-role to generate/manage certificates for other roles'
   platforms:
     - name: Debian
       versions:
         - bullseye
+        - bookworm
+        - trixies
   galaxy_tags:
     - 'certificates'
     - 'certs'

molecule/default/Usage.md

@@ -5,6 +5,6 @@ Check out the [Molecule Tutorial](https://github.com/ansibleguy/ansible_tutorial
 # Running
 
 ```bash
-cd roles/ansibleguy.ROLE
+cd roles/oxlorg.certs
 molecule test
 ```

molecule/default/converge.yml

@@ -5,7 +5,7 @@
 - name: Converge Internal
   hosts: test-ag-certs-internal
   roles:
-    - role: ansibleguy.infra_certs
+    - role: oxlorg.certs
       vars:
         certs:
           mode: 'selfsigned'
@@ -13,11 +13,11 @@
 
           cert:
             name: 'self_srv'
-            domains: ['cert.test.ansibleguy.net']
+            domains: ['cert.test.oxl.at']
             ips: ['192.168.0.1']
             cn: 'SelfSigned Server Cert'
             org: 'AnsibleGuy Test'
-            email: 'testmaster@ansibleguy.net'
+            email: 'testmaster@oxl.at'
             ou: 'Test'
             country: 'AT'
             state: 'Styria'
@@ -25,11 +25,11 @@
             valid_days: 5
             key_usage: 'serverAuth'
             crl_distribution:
-              crl_issuer: 'URI:https://ca.template.ansibleguy.net/'
+              crl_issuer: 'URI:https://ca.template.oxl.at/'
-              full_name: 'URI:https://ca.template.ansibleguy.net/revocations.crl'
+              full_name: 'URI:https://ca.template.oxl.at/revocations.crl'
               reasons: ['key_compromise', 'ca_compromise']
 
-    - role: ansibleguy.infra_certs
+    - role: oxlorg.certs
       vars:
         certs:
           mode: 'selfsigned'
@@ -40,7 +40,7 @@
             cn: 'SelfSigned Client Cert'
             key_usage: 'clientAuth'
 
-    - role: ansibleguy.infra_certs
+    - role: oxlorg.certs
       vars:
         certs:
           mode: 'selfsigned'
@@ -48,10 +48,10 @@
 
           cert:
             name: 'self_other'
-            san_other: 'DNS:cert.templates.ansibleguy.net,email:other@cert.template.ansibleguy.net'
+            san_other: 'DNS:cert.templates.oxl.at,email:other@cert.template.oxl.at'
             cn: 'SelfSigned Other Cert'
 
-    - role: ansibleguy.infra_certs
+    - role: oxlorg.certs
       vars:
         certs:
           mode: 'ca'
@@ -59,11 +59,11 @@
 
           cert:
             name: 'self_minca_srv'
-            domains: ['cert.test.ansibleguy.net']
+            domains: ['cert.test.oxl.at']
             ips: ['192.168.0.1']
             cn: 'CA-Signed Server Cert'
             org: 'AnsibleGuy Test'
-            email: 'testmaster@ansibleguy.net'
+            email: 'testmaster@oxl.at'
             ou: 'Test'
             country: 'AT'
             state: 'Styria'
@@ -71,11 +71,11 @@
             valid_days: 5
             key_usage: 'serverAuth'
             crl_distribution:
-              crl_issuer: 'URI:https://ca.template.ansibleguy.net/'
+              crl_issuer: 'URI:https://ca.template.oxl.at/'
-              full_name: 'URI:https://ca.template.ansibleguy.net/revocations.crl'
+              full_name: 'URI:https://ca.template.oxl.at/revocations.crl'
               reasons: ['key_compromise', 'ca_compromise']
 
-    - role: ansibleguy.infra_certs
+    - role: oxlorg.certs
       vars:
         certs:
           mode: 'ca'
@@ -86,7 +86,7 @@
             cn: 'CA-Signed Client Cert'
             key_usage: 'clientAuth'
 
-    - role: ansibleguy.infra_certs
+    - role: oxlorg.certs
       vars:
         certs:
           mode: 'ca'
@@ -94,14 +94,14 @@
 
           cert:
             name: 'self_minca_pwd'
-            domains: ['cert.test.ansibleguy.net']
+            domains: ['cert.test.oxl.at']
             ips: ['192.168.0.1']
             cn: 'CA-Signed Server Cert'
             pwd: 'Nope.'
             key_usage: 'serverAuth'
             crl_distribution:
-              crl_issuer: 'URI:https://ca.template.ansibleguy.net/'
+              crl_issuer: 'URI:https://ca.template.oxl.at/'
-              full_name: 'URI:https://ca.template.ansibleguy.net/revocations.crl'
+              full_name: 'URI:https://ca.template.oxl.at/revocations.crl'
               reasons: ['key_compromise', 'ca_compromise']
 
           ca:
@@ -109,7 +109,7 @@
             pwd: 'YouWantMyTreasure?YouCanHaveIt!SearchForIt-SomewhereOutThere-Hidden-IsTheBiggestTreasureOfTheWorld.'
             cn: 'SelfSigned CA Cert'
             org: 'AnsibleGuy Test'
-            email: 'testmaster@ansibleguy.net'
+            email: 'testmaster@oxl.at'
             ou: 'Test'
             country: 'AT'
             state: 'Styria'
@@ -125,12 +125,12 @@
       letsencrypt:
         certs:
           test:
-            domains: ['infra-certs.test.ansibleguy.net']
+            domains: ['infra-certs.test.oxl.at']
-            email: 'testmaster@ansibleguy.net'
+            email: 'testmaster@oxl.at'
 
         path: '/etc/ssl/le_test'
         renew_timer: 'Mon *-*-* 03:00:00'
         service: 'nginx'
 
   roles:
-    - ansibleguy.infra_certs
+    - oxlorg.certs

playbook.yml

@@ -7,4 +7,4 @@
   become: true
   gather_facts: yes
   roles:
-    - ansibleguy.infra_certs
+    - oxlorg.certs

tasks/debian/letsencrypt/main.yml

@@ -93,16 +93,38 @@
     group: 'root'
     mode: 0644
   loop:
-    - 'ansibleguy.infra_certs.LetsEncryptCertbot.service'
+    - 'letsencrypt-certbot.service'
-    - 'ansibleguy.infra_certs.LetsEncryptCertbot.timer'
+    - 'letsencrypt-certbot.timer'
 
 - name: Certificates | LetsEncrypt Certbot | Enabling cert-renewal timer
   ansible.builtin.systemd:
     daemon_reload: yes
-    name: 'ansibleguy.infra_certs.LetsEncryptCertbot.timer'
+    name: 'letsencrypt-certbot.timer'
     enabled: yes
     state: started
 
+- name: Certificates | LetsEncrypt Certbot | Removing legacy services (1/2)
+  ansible.builtin.systemd:
+    name: 'ansibleguy.infra_certs.LetsEncryptCertbot.timer'
+    enabled: false
+    state: stopped
+  register: legacy_svc_removal
+  failed_when:
+    - legacy_svc_removal.failed
+    - "'does not exist' not in legacy_svc_removal.msg"
+    - "'Could not find' not in legacy_svc_removal.msg"
+
+- name: Certificates | LetsEncrypt Certbot | Removing legacy services (1/2)
+  ansible.builtin.template:
+    src: "templates/etc/systemd/system/{{ item }}.j2"
+    dest: "/etc/systemd/system/{{ item }}"
+    owner: 'root'
+    group: 'root'
+    mode: 0644
+  loop:
+    - 'ansibleguy.infra_certs.LetsEncryptCertbot.service'
+    - 'ansibleguy.infra_certs.LetsEncryptCertbot.timer'
+
 # Renew all previously obtained certificates that are near expiry
 - name: Certificates | LetsEncrypt Certbot | Running renewal
   ansible.builtin.command: "certbot renew --force-renewal{% if debug or testing %} --staging{% endif %}"

templates/etc/apache2/sites-enabled/le_dummy.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# ansibleguy.infra_certs - dummy site used for letsencrypt certbot
+# oxlorg.certs - dummy site used for letsencrypt certbot
 
 <VirtualHost *:80>
   ServerName dummy.letsencrypt.localhost

templates/etc/nginx/sites-enabled/le_dummy.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# ansibleguy.infra_certs - dummy site used for letsencrypt certbot
+# oxlorg.certs - dummy site used for letsencrypt certbot
 
 server {
   listen 80;

templates/etc/systemd/system/letsencrypt-certbot.service.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# ansibleguy.infra_certs
+# oxlorg.certs
 
 [Unit]
 Description=Service to renew LetsEncrypt Certificates using certbot

templates/etc/systemd/system/letsencrypt-certbot.timer.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# ansibleguy.infra_certs
+# oxlorg.certs
 
 [Unit]
 Description=Timer to renew LetsEncrypt Certificates using certbot