Kinesin/sovereign
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding molecule unit tests

Browse Source
This commit is contained in:
Ian Roddis
2026-03-23 15:15:27 -03:00
parent 72f171e88f
commit 0bf5dd0024
75 changed files with 2092 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
roles/authentik/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ authentik_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/authentik/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: authentik
roles/authentik/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/authentik/molecule/default/verify.yml
+160
View File
@@ -0,0 +1,160 @@
---
- name: Verify authentik role
hosts: localhost
gather_facts: false
vars:
authentik_data_dir: /tmp/sovereign_test/authentik
tasks:
- name: Check authentik data directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik
register: data_dir_stat
- name: Assert authentik data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/authentik was not created"
- name: Check authentik media directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik/media
register: media_dir_stat
- name: Assert authentik media directory is present
ansible.builtin.assert:
that: media_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/authentik/media was not created"
- name: Check authentik media/branding directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik/media/branding
register: branding_dir_stat
- name: Assert authentik media/branding directory is present
ansible.builtin.assert:
that: branding_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/authentik/media/branding was not created"
- name: Check authentik custom-templates directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik/custom-templates
register: custom_templates_dir_stat
- name: Assert authentik custom-templates directory is present
ansible.builtin.assert:
that: custom_templates_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/authentik/custom-templates was not created"
- name: Check authentik blueprints directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik/blueprints
register: blueprints_dir_stat
- name: Assert authentik blueprints directory is present
ansible.builtin.assert:
that: blueprints_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/authentik/blueprints was not created"
- name: Check authentik certs directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik/certs
register: certs_dir_stat
- name: Assert authentik certs directory is present
ansible.builtin.assert:
that: certs_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/authentik/certs was not created"
- name: Check authentik postgres directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik/postgres
register: postgres_dir_stat
- name: Assert authentik postgres directory is present
ansible.builtin.assert:
that: postgres_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/authentik/postgres was not created"
- name: Check sovereign-branding.yaml blueprint exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml
register: blueprint_stat
- name: Assert sovereign-branding.yaml is present
ansible.builtin.assert:
that: blueprint_stat.stat.exists
fail_msg: "Blueprint /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml was not created"
- name: Read sovereign-branding.yaml
ansible.builtin.slurp:
src: /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml
register: blueprint_raw
- name: Set blueprint content fact
ansible.builtin.set_fact:
blueprint: "{{ blueprint_raw.content | b64decode }}"
- name: Assert branding_title in blueprint
ansible.builtin.assert:
that: "'branding_title: \"Test Corp\"' in blueprint"
fail_msg: "Expected branding_title 'Test Corp' not found in sovereign-branding.yaml"
- name: Assert primary color in blueprint
ansible.builtin.assert:
that: "'--ak-accent: #2563eb' in blueprint"
fail_msg: "Expected '--ak-accent: #2563eb' not found in sovereign-branding.yaml"
- name: Assert logo path is NOT in blueprint (tenant_logo_local_path is empty)
ansible.builtin.assert:
that: "'/media/branding/logo.png' not in blueprint"
fail_msg: "Logo path /media/branding/logo.png should not appear in blueprint when tenant_logo_local_path is empty"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: /tmp/sovereign_test/authentik/docker-compose.yml
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for authentik"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: /tmp/sovereign_test/authentik/docker-compose.yml
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert authentik server image reference in compose
ansible.builtin.assert:
that: "'ghcr.io/goauthentik/server:2024.10.5' in compose"
fail_msg: "Expected image 'ghcr.io/goauthentik/server:2024.10.5' not found in docker-compose.yml"
- name: Assert authentik host rule in compose
ansible.builtin.assert:
that: "'Host(`auth.test.example.com`)' in compose"
fail_msg: "Expected Host rule for auth.test.example.com not found in docker-compose.yml"
- name: Assert GELF logging address in compose
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external in compose
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "Expected 'external: true' not found in docker-compose.yml"
- name: Assert authentik db password in compose
ansible.builtin.assert:
that: "'test_authentik_db' in compose"
fail_msg: "Expected authentik_db_password 'test_authentik_db' not found in docker-compose.yml"
- name: Assert authentik secret key in compose
ansible.builtin.assert:
that: "'test-secret-key-exactly-50-chars-padded-here12345' in compose"
fail_msg: "Expected authentik_secret_key not found in docker-compose.yml"
roles/authentik/tasks/main.yml
+2
View File
@@ -37,6 +37,7 @@
community.docker.docker_compose_v2:
project_src: "{{ authentik_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
- name: Wait for Authentik to be ready
ansible.builtin.uri:
@@ -47,3 +48,4 @@
until: result.status == 200
retries: 30
delay: 10
when: not (molecule_test_mode | default(false))
roles/common/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ traefik_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/common/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: common
roles/common/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/common/molecule/default/verify.yml
+91
View File
@@ -0,0 +1,91 @@
---
- name: Verify common role
hosts: localhost
gather_facts: false
vars:
traefik_data_dir: /tmp/sovereign_test/traefik
tasks:
- name: Check traefik data directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/traefik
register: data_dir_stat
- name: Assert traefik data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/traefik was not created"
- name: Check traefik config directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/traefik/config
register: config_dir_stat
- name: Assert traefik config directory is present
ansible.builtin.assert:
that: config_dir_stat.stat.isdir
fail_msg: "Config directory /tmp/sovereign_test/traefik/config was not created"
- name: Check acme.json exists
ansible.builtin.stat:
path: /tmp/sovereign_test/traefik/acme.json
register: acme_stat
- name: Assert acme.json is present
ansible.builtin.assert:
that: acme_stat.stat.exists
fail_msg: "acme.json was not created"
- name: Assert acme.json has mode 0600
ansible.builtin.assert:
that: acme_stat.stat.mode == '0600'
fail_msg: "acme.json does not have mode 0600 (got {{ acme_stat.stat.mode }})"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: /tmp/sovereign_test/traefik/docker-compose.yml
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for common/traefik"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: /tmp/sovereign_test/traefik/docker-compose.yml
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert traefik image reference in compose
ansible.builtin.assert:
that: "'traefik:v3.1' in compose"
fail_msg: "Expected image 'traefik:v3.1' not found in docker-compose.yml"
- name: Assert traefik dashboard host rule in compose
ansible.builtin.assert:
that: "'Host(`traefik.test.example.com`)' in compose"
fail_msg: "Expected Host rule for traefik.test.example.com not found in docker-compose.yml"
- name: Assert GELF logging address in compose
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external in compose
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "Expected 'external: true' not found in docker-compose.yml"
- name: Assert letsencrypt certificate resolver in compose
ansible.builtin.assert:
that: "'letsencrypt' in compose"
fail_msg: "Expected 'letsencrypt' certificate resolver not found in docker-compose.yml"
- name: Assert ACME email in compose
ansible.builtin.assert:
that: "'admin@test.example.com' in compose"
fail_msg: "Expected ACME email admin@test.example.com not found in docker-compose.yml"
roles/common/tasks/main.yml
+7
View File
@@ -11,16 +11,19 @@
- python3-docker
state: present
update_cache: true
when: not (molecule_test_mode | default(false))
- name: Add Docker GPG key
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
when: not (molecule_test_mode | default(false))
- name: Add Docker repository
ansible.builtin.apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
when: not (molecule_test_mode | default(false))
- name: Install Docker
ansible.builtin.apt:
@@ -31,17 +34,20 @@
- docker-compose-plugin
state: present
update_cache: true
when: not (molecule_test_mode | default(false))
- name: Enable and start Docker
ansible.builtin.systemd:
name: docker
enabled: true
state: started
when: not (molecule_test_mode | default(false))
- name: Create sovereign Docker network
community.docker.docker_network:
name: "{{ sovereign_network_name }}"
state: present
when: not (molecule_test_mode | default(false))
- name: Create Traefik data directory
ansible.builtin.file:
@@ -69,3 +75,4 @@
community.docker.docker_compose_v2:
project_src: "{{ traefik_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/forgejo/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ forgejo_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/forgejo/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: forgejo
roles/forgejo/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/forgejo/molecule/default/verify.yml
+106
View File
@@ -0,0 +1,106 @@
---
- name: Verify forgejo role
hosts: localhost
gather_facts: false
vars:
forgejo_data_dir: /tmp/sovereign_test/forgejo
forgejo_domain: git.test.example.com
forgejo_version: latest
forgejo_db_password: test_forgejo_db
tenant_name: Test Corp
forgejo_ssh_port: 2222
tasks:
- name: Check forgejo data directory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/forgejo"
register: data_dir_stat
- name: Assert forgejo data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/forgejo was not created"
- name: Check data subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/forgejo/data"
register: data_subdir_stat
- name: Assert data subdirectory is present
ansible.builtin.assert:
that: data_subdir_stat.stat.isdir
fail_msg: "Data subdirectory /tmp/sovereign_test/forgejo/data was not created"
- name: Check gitea public img subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/forgejo/data/gitea/public/img"
register: img_dir_stat
- name: Assert gitea public img subdirectory is present
ansible.builtin.assert:
that: img_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/forgejo/data/gitea/public/img was not created"
- name: Check config subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/forgejo/config"
register: config_dir_stat
- name: Assert config subdirectory is present
ansible.builtin.assert:
that: config_dir_stat.stat.isdir
fail_msg: "Config directory /tmp/sovereign_test/forgejo/config was not created"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/forgejo/docker-compose.yml"
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for forgejo"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/forgejo/docker-compose.yml"
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert forgejo image is present
ansible.builtin.assert:
that: "'codeberg.org/forgejo/forgejo' in compose"
fail_msg: "codeberg.org/forgejo/forgejo image not found in docker-compose.yml"
- name: Assert forgejo domain traefik rule is present
ansible.builtin.assert:
that: "'Host(`git.test.example.com`)' in compose"
fail_msg: "Traefik rule for git.test.example.com not found in docker-compose.yml"
- name: Assert app name env var is present
ansible.builtin.assert:
that: "'FORGEJO____APP_NAME: \"Test Corp\"' in compose"
fail_msg: "FORGEJO____APP_NAME: \"Test Corp\" not found in docker-compose.yml"
- name: Assert forgejo db password is present
ansible.builtin.assert:
that: "'test_forgejo_db' in compose"
fail_msg: "forgejo_db_password not found in docker-compose.yml"
- name: Assert GELF logging address is present
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "external: true not found in docker-compose.yml networks section"
- name: Assert SSH port is present
ansible.builtin.assert:
that: "'2222' in compose"
fail_msg: "forgejo_ssh_port 2222 not found in docker-compose.yml"
roles/forgejo/tasks/main.yml
+1
View File
@@ -28,3 +28,4 @@
community.docker.docker_compose_v2:
project_src: "{{ forgejo_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/graylog/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ graylog_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/graylog/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: graylog
roles/graylog/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/graylog/molecule/default/verify.yml
+96
View File
@@ -0,0 +1,96 @@
---
- name: Verify graylog role
hosts: localhost
gather_facts: false
vars:
graylog_data_dir: /tmp/sovereign_test/graylog
tasks:
- name: Check graylog data directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/graylog
register: data_dir_stat
- name: Assert graylog data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/graylog was not created"
- name: Check graylog data subdirectory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/graylog/data
register: data_subdir_stat
- name: Assert graylog data subdirectory is present
ansible.builtin.assert:
that: data_subdir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/graylog/data was not created"
- name: Check graylog config directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/graylog/config
register: config_dir_stat
- name: Assert graylog config directory is present
ansible.builtin.assert:
that: config_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/graylog/config was not created"
- name: Check graylog opensearch directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/graylog/opensearch
register: opensearch_dir_stat
- name: Assert graylog opensearch directory is present
ansible.builtin.assert:
that: opensearch_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/graylog/opensearch was not created"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: /tmp/sovereign_test/graylog/docker-compose.yml
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for graylog"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: /tmp/sovereign_test/graylog/docker-compose.yml
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert graylog image reference in compose
ansible.builtin.assert:
that: "'graylog/graylog:6.0' in compose"
fail_msg: "Expected image 'graylog/graylog:6.0' not found in docker-compose.yml"
- name: Assert graylog host rule in compose
ansible.builtin.assert:
that: "'Host(`logs.test.example.com`)' in compose"
fail_msg: "Expected Host rule for logs.test.example.com not found in docker-compose.yml"
- name: Assert GELF logging address in compose
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external in compose
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "Expected 'external: true' not found in docker-compose.yml"
- name: Assert graylog password secret in compose
ansible.builtin.assert:
that: "'test_graylog_secret_min_16_chars' in compose"
fail_msg: "Expected graylog_password_secret 'test_graylog_secret_min_16_chars' not found in docker-compose.yml"
- name: Assert graylog root password sha2 in compose
ansible.builtin.assert:
that: "'test_sha256_placeholder' in compose"
fail_msg: "Expected graylog_root_password_sha2 'test_sha256_placeholder' not found in docker-compose.yml"
roles/graylog/tasks/main.yml
+4
View File
@@ -16,6 +16,7 @@
owner: "1000"
group: "1000"
mode: '0775'
when: not (molecule_test_mode | default(false))
- name: Set vm.max_map_count for OpenSearch
ansible.posix.sysctl:
@@ -23,6 +24,7 @@
value: '262144'
state: present
sysctl_set: true
when: not (molecule_test_mode | default(false))
- name: Deploy Graylog docker-compose
ansible.builtin.template:
@@ -35,6 +37,7 @@
community.docker.docker_compose_v2:
project_src: "{{ graylog_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
- name: Wait for Graylog to be ready
ansible.builtin.uri:
@@ -48,3 +51,4 @@
until: result.status == 200
retries: 30
delay: 10
when: not (molecule_test_mode | default(false))
roles/headscale/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ headscale_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/headscale/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: headscale
roles/headscale/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/headscale/molecule/default/verify.yml
+113
View File
@@ -0,0 +1,113 @@
---
- name: Verify headscale role
hosts: localhost
gather_facts: false
vars:
headscale_data_dir: /tmp/sovereign_test/headscale
headscale_domain: headscale.test.example.com
base_domain: test.example.com
authentik_domain: auth.test.example.com
tasks:
- name: Check headscale data directory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/headscale"
register: data_dir_stat
- name: Assert headscale data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/headscale was not created"
- name: Check config subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/headscale/config"
register: config_dir_stat
- name: Assert config subdirectory is present
ansible.builtin.assert:
that: config_dir_stat.stat.isdir
fail_msg: "Config directory /tmp/sovereign_test/headscale/config was not created"
- name: Check data subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/headscale/data"
register: data_subdir_stat
- name: Assert data subdirectory is present
ansible.builtin.assert:
that: data_subdir_stat.stat.isdir
fail_msg: "Data subdirectory /tmp/sovereign_test/headscale/data was not created"
- name: Check config.yaml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/headscale/config/config.yaml"
register: config_yaml_stat
- name: Assert config.yaml was rendered
ansible.builtin.assert:
that: config_yaml_stat.stat.exists
fail_msg: "config/config.yaml was not rendered for headscale"
- name: Read config.yaml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/headscale/config/config.yaml"
register: config_yaml_raw
- name: Set config content fact
ansible.builtin.set_fact:
headscale_config: "{{ config_yaml_raw.content | b64decode }}"
- name: Assert config contains headscale server URL
ansible.builtin.assert:
that: "'https://headscale.test.example.com' in headscale_config"
fail_msg: "config.yaml does not contain https://headscale.test.example.com"
- name: Assert config contains base_domain
ansible.builtin.assert:
that: "'base_domain: \"test.example.com\"' in headscale_config"
fail_msg: "config.yaml does not contain base_domain: \"test.example.com\""
- name: Assert config contains authentik domain for OIDC
ansible.builtin.assert:
that: "'auth.test.example.com' in headscale_config"
fail_msg: "config.yaml does not contain auth.test.example.com for OIDC"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/headscale/docker-compose.yml"
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for headscale"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/headscale/docker-compose.yml"
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert headscale image is present
ansible.builtin.assert:
that: "'headscale/headscale' in compose"
fail_msg: "headscale/headscale image not found in docker-compose.yml"
- name: Assert headscale domain traefik rule is present
ansible.builtin.assert:
that: "'Host(`headscale.test.example.com`)' in compose"
fail_msg: "Traefik rule for headscale.test.example.com not found in docker-compose.yml"
- name: Assert GELF logging address is present
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "external: true not found in docker-compose.yml networks section"
roles/headscale/tasks/main.yml
+1
View File
@@ -27,3 +27,4 @@
community.docker.docker_compose_v2:
project_src: "{{ headscale_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/jitsi/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ jitsi_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/jitsi/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: jitsi
roles/jitsi/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/jitsi/molecule/default/verify.yml
+148
View File
@@ -0,0 +1,148 @@
---
- name: Verify jitsi role
hosts: localhost
gather_facts: false
vars:
jitsi_data_dir: /tmp/sovereign_test/jitsi
jitsi_domain: meet.test.example.com
tenant_name: Test Corp
base_domain: test.example.com
tasks:
- name: Check jitsi data directory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/jitsi"
register: data_dir_stat
- name: Assert jitsi data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/jitsi was not created"
- name: Check web subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/jitsi/web"
register: web_dir_stat
- name: Assert web subdirectory is present
ansible.builtin.assert:
that: web_dir_stat.stat.isdir
fail_msg: "Web directory /tmp/sovereign_test/jitsi/web was not created"
- name: Check prosody subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/jitsi/prosody"
register: prosody_dir_stat
- name: Assert prosody subdirectory is present
ansible.builtin.assert:
that: prosody_dir_stat.stat.isdir
fail_msg: "Prosody directory /tmp/sovereign_test/jitsi/prosody was not created"
- name: Check jicofo subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/jitsi/jicofo"
register: jicofo_dir_stat
- name: Assert jicofo subdirectory is present
ansible.builtin.assert:
that: jicofo_dir_stat.stat.isdir
fail_msg: "Jicofo directory /tmp/sovereign_test/jitsi/jicofo was not created"
- name: Check jvb subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/jitsi/jvb"
register: jvb_dir_stat
- name: Assert jvb subdirectory is present
ansible.builtin.assert:
that: jvb_dir_stat.stat.isdir
fail_msg: "JVB directory /tmp/sovereign_test/jitsi/jvb was not created"
- name: Check custom-interface-config.js exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/jitsi/web/custom-interface-config.js"
register: interface_config_stat
- name: Assert custom-interface-config.js was rendered
ansible.builtin.assert:
that: interface_config_stat.stat.exists
fail_msg: "web/custom-interface-config.js was not rendered for jitsi"
- name: Read custom-interface-config.js
ansible.builtin.slurp:
src: "/tmp/sovereign_test/jitsi/web/custom-interface-config.js"
register: interface_config_raw
- name: Set interface config content fact
ansible.builtin.set_fact:
interface_config: "{{ interface_config_raw.content | b64decode }}"
- name: Assert interface config contains tenant name
ansible.builtin.assert:
that: "'Test Corp' in interface_config"
fail_msg: "custom-interface-config.js does not contain tenant name 'Test Corp'"
- name: Assert interface config contains base domain
ansible.builtin.assert:
that: "'test.example.com' in interface_config"
fail_msg: "custom-interface-config.js does not contain base_domain test.example.com"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/jitsi/docker-compose.yml"
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for jitsi"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/jitsi/docker-compose.yml"
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert jitsi web image is present
ansible.builtin.assert:
that: "'jitsi/web' in compose"
fail_msg: "jitsi/web image not found in docker-compose.yml"
- name: Assert jitsi prosody image is present
ansible.builtin.assert:
that: "'jitsi/prosody' in compose"
fail_msg: "jitsi/prosody image not found in docker-compose.yml"
- name: Assert jitsi jicofo image is present
ansible.builtin.assert:
that: "'jitsi/jicofo' in compose"
fail_msg: "jitsi/jicofo image not found in docker-compose.yml"
- name: Assert jitsi jvb image is present
ansible.builtin.assert:
that: "'jitsi/jvb' in compose"
fail_msg: "jitsi/jvb image not found in docker-compose.yml"
- name: Assert jitsi domain traefik rule is present
ansible.builtin.assert:
that: "'Host(`meet.test.example.com`)' in compose"
fail_msg: "Traefik rule for meet.test.example.com not found in docker-compose.yml"
- name: Assert JITSI_WATERMARKLINK env var is present
ansible.builtin.assert:
that: "'JITSI_WATERMARKLINK' in compose"
fail_msg: "JITSI_WATERMARKLINK not found in docker-compose.yml"
- name: Assert GELF logging address is present
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "external: true not found in docker-compose.yml networks section"
roles/jitsi/tasks/main.yml
+1
View File
@@ -37,3 +37,4 @@
community.docker.docker_compose_v2:
project_src: "{{ jitsi_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/matrix/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ matrix_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/matrix/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: matrix
roles/matrix/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/matrix/molecule/default/verify.yml
+141
View File
@@ -0,0 +1,141 @@
---
- name: Verify matrix role
hosts: localhost
gather_facts: false
vars:
matrix_data_dir: /tmp/sovereign_test/matrix
matrix_domain: matrix.test.example.com
element_domain: chat.test.example.com
matrix_version: v1.118.0
matrix_db_password: test_matrix_db
jitsi_domain: meet.test.example.com
tenant_name: Test Corp
element_theme: light
tasks:
- name: Check matrix data directory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/matrix"
register: data_dir_stat
- name: Assert matrix data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/matrix was not created"
- name: Check synapse subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/matrix/synapse"
register: synapse_dir_stat
- name: Assert synapse subdirectory is present
ansible.builtin.assert:
that: synapse_dir_stat.stat.isdir
fail_msg: "Synapse directory /tmp/sovereign_test/matrix/synapse was not created"
- name: Check element subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/matrix/element"
register: element_dir_stat
- name: Assert element subdirectory is present
ansible.builtin.assert:
that: element_dir_stat.stat.isdir
fail_msg: "Element directory /tmp/sovereign_test/matrix/element was not created"
- name: Check element config.json exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/matrix/element/config.json"
register: element_config_stat
- name: Assert element config.json was rendered
ansible.builtin.assert:
that: element_config_stat.stat.exists
fail_msg: "element/config.json was not rendered for matrix"
- name: Read element config.json
ansible.builtin.slurp:
src: "/tmp/sovereign_test/matrix/element/config.json"
register: element_config_raw
- name: Parse element config.json as JSON
ansible.builtin.set_fact:
element_config_parsed: "{{ element_config_raw.content | b64decode | from_json }}"
- name: Assert element config.json is valid JSON
ansible.builtin.assert:
that: element_config_parsed is mapping
fail_msg: "element/config.json could not be parsed as valid JSON"
- name: Set element config content fact
ansible.builtin.set_fact:
element_config: "{{ element_config_raw.content | b64decode }}"
- name: Assert element config contains tenant brand name
ansible.builtin.assert:
that: '"brand": "Test Corp"' in element_config
fail_msg: "element/config.json does not contain brand: Test Corp"
- name: Assert element config contains matrix homeserver URL
ansible.builtin.assert:
that: '"https://matrix.test.example.com"' in element_config
fail_msg: "element/config.json does not contain https://matrix.test.example.com"
- name: Assert element config contains jitsi domain
ansible.builtin.assert:
that: '"meet.test.example.com"' in element_config
fail_msg: "element/config.json does not contain meet.test.example.com"
- name: Assert element config contains default theme
ansible.builtin.assert:
that: '"default_theme": "light"' in element_config
fail_msg: "element/config.json does not contain default_theme: light"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/matrix/docker-compose.yml"
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for matrix"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/matrix/docker-compose.yml"
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert synapse image with version is present
ansible.builtin.assert:
that: "'ghcr.io/element-hq/synapse:v1.118.0' in compose"
fail_msg: "Expected synapse image ghcr.io/element-hq/synapse:v1.118.0 not found in docker-compose.yml"
- name: Assert matrix domain traefik rule is present
ansible.builtin.assert:
that: "'Host(`matrix.test.example.com`)' in compose"
fail_msg: "Traefik rule for matrix.test.example.com not found in docker-compose.yml"
- name: Assert element domain traefik rule is present
ansible.builtin.assert:
that: "'Host(`chat.test.example.com`)' in compose"
fail_msg: "Traefik rule for chat.test.example.com not found in docker-compose.yml"
- name: Assert matrix db password is present
ansible.builtin.assert:
that: "'test_matrix_db' in compose"
fail_msg: "matrix_db_password not found in docker-compose.yml"
- name: Assert GELF logging address is present
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "external: true not found in docker-compose.yml networks section"
roles/matrix/tasks/main.yml
+2
View File
@@ -19,6 +19,7 @@
ghcr.io/element-hq/synapse:{{ matrix_version }}
generate
creates: "{{ matrix_data_dir }}/synapse/homeserver.yaml"
when: not (molecule_test_mode | default(false))
- name: Deploy Element config
ansible.builtin.template:
@@ -37,3 +38,4 @@
community.docker.docker_compose_v2:
project_src: "{{ matrix_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/minio/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ minio_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/minio/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: minio
roles/minio/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/minio/molecule/default/verify.yml
+81
View File
@@ -0,0 +1,81 @@
---
- name: Verify minio role
hosts: localhost
gather_facts: false
vars:
minio_data_dir: /tmp/sovereign_test/minio
tasks:
- name: Check minio data directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/minio
register: data_dir_stat
- name: Assert minio data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/minio was not created"
- name: Check minio data subdirectory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/minio/data
register: data_subdir_stat
- name: Assert minio data subdirectory is present
ansible.builtin.assert:
that: data_subdir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/minio/data was not created"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: /tmp/sovereign_test/minio/docker-compose.yml
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for minio"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: /tmp/sovereign_test/minio/docker-compose.yml
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert minio image reference in compose
ansible.builtin.assert:
that: "'quay.io/minio/minio' in compose"
fail_msg: "Expected image 'quay.io/minio/minio' not found in docker-compose.yml"
- name: Assert minio S3 API host rule in compose
ansible.builtin.assert:
that: "'Host(`s3.test.example.com`)' in compose"
fail_msg: "Expected Host rule for s3.test.example.com not found in docker-compose.yml"
- name: Assert minio console host rule in compose
ansible.builtin.assert:
that: "'Host(`minio.test.example.com`)' in compose"
fail_msg: "Expected Host rule for minio.test.example.com not found in docker-compose.yml"
- name: Assert GELF logging address in compose
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external in compose
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "Expected 'external: true' not found in docker-compose.yml"
- name: Assert minio root user in compose
ansible.builtin.assert:
that: "'minioadmin' in compose"
fail_msg: "Expected minio_root_user 'minioadmin' not found in docker-compose.yml"
- name: Assert minio root password in compose
ansible.builtin.assert:
that: "'test_minio' in compose"
fail_msg: "Expected minio_root_password 'test_minio' not found in docker-compose.yml"
roles/minio/tasks/main.yml
+3
View File
@@ -19,6 +19,7 @@
community.docker.docker_compose_v2:
project_src: "{{ minio_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
- name: Wait for MinIO to be ready
ansible.builtin.uri:
@@ -29,6 +30,7 @@
until: result.status == 200
retries: 15
delay: 5
when: not (molecule_test_mode | default(false))
- name: Create Nextcloud bucket in MinIO
community.general.minio:
@@ -38,3 +40,4 @@
name: "{{ minio_nextcloud_bucket }}"
state: present
ignore_errors: true
when: not (molecule_test_mode | default(false))
roles/nextcloud/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ nextcloud_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/nextcloud/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: nextcloud
roles/nextcloud/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/nextcloud/molecule/default/verify.yml
+76
View File
@@ -0,0 +1,76 @@
---
- name: Verify nextcloud role
hosts: localhost
gather_facts: false
vars:
nextcloud_data_dir: /tmp/sovereign_test/nextcloud
tasks:
- name: Check nextcloud data directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/nextcloud
register: data_dir_stat
- name: Assert nextcloud data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/nextcloud was not created"
- name: Check nextcloud data subdirectory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/nextcloud/data
register: data_subdir_stat
- name: Assert nextcloud data subdirectory is present
ansible.builtin.assert:
that: data_subdir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/nextcloud/data was not created"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: /tmp/sovereign_test/nextcloud/docker-compose.yml
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for nextcloud"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: /tmp/sovereign_test/nextcloud/docker-compose.yml
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert nextcloud image reference in compose
ansible.builtin.assert:
that: "'nextcloud:29' in compose"
fail_msg: "Expected image 'nextcloud:29' not found in docker-compose.yml"
- name: Assert nextcloud host rule in compose
ansible.builtin.assert:
that: "'Host(`cloud.test.example.com`)' in compose"
fail_msg: "Expected Host rule for cloud.test.example.com not found in docker-compose.yml"
- name: Assert GELF logging address in compose
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external in compose
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "Expected 'external: true' not found in docker-compose.yml"
- name: Assert nextcloud db password in compose
ansible.builtin.assert:
that: "'test_nextcloud_db' in compose"
fail_msg: "Expected nextcloud_db_password 'test_nextcloud_db' not found in docker-compose.yml"
- name: Assert nextcloud S3 secret key in compose
ansible.builtin.assert:
that: "'test_nextcloud_s3' in compose"
fail_msg: "Expected minio_nextcloud_secret_key 'test_nextcloud_s3' not found in docker-compose.yml"
roles/nextcloud/tasks/main.yml
+4 -1
View File
@@ -19,6 +19,7 @@
community.docker.docker_compose_v2:
project_src: "{{ nextcloud_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
- name: Wait for Nextcloud to be ready
ansible.builtin.command:
@@ -28,6 +29,7 @@
retries: 30
delay: 10
changed_when: false
when: not (molecule_test_mode | default(false))
- name: Copy tenant logo into Nextcloud container volume
ansible.builtin.copy:
@@ -43,9 +45,10 @@
- { key: name, value: "{{ tenant_name }}" }
- { key: color, value: "{{ tenant_primary_color | default('#2563eb') }}" }
changed_when: false
when: not (molecule_test_mode | default(false))
- name: Configure Nextcloud theming — logo
ansible.builtin.command:
cmd: docker exec -u www-data nextcloud php occ theming:config logo /var/www/html/sovereign-logo.png
when: tenant_logo_local_path | default('') != ''
when: tenant_logo_local_path | default('') != '' and not (molecule_test_mode | default(false))
changed_when: false
roles/roundcube/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ roundcube_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/roundcube/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: roundcube
roles/roundcube/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/roundcube/molecule/default/verify.yml
+95
View File
@@ -0,0 +1,95 @@
---
- name: Verify roundcube role
hosts: localhost
gather_facts: false
vars:
roundcube_data_dir: /tmp/sovereign_test/roundcube
tasks:
- name: Check roundcube data directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/roundcube
register: data_dir_stat
- name: Assert roundcube data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/roundcube was not created"
- name: Check roundcube config directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/roundcube/config
register: config_dir_stat
- name: Assert roundcube config directory is present
ansible.builtin.assert:
that: config_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/roundcube/config was not created"
- name: Check custom.inc.php exists
ansible.builtin.stat:
path: /tmp/sovereign_test/roundcube/config/custom.inc.php
register: custom_php_stat
- name: Assert custom.inc.php is present
ansible.builtin.assert:
that: custom_php_stat.stat.exists
fail_msg: "custom.inc.php was not rendered for roundcube"
- name: Read custom.inc.php
ansible.builtin.slurp:
src: /tmp/sovereign_test/roundcube/config/custom.inc.php
register: custom_php_raw
- name: Set custom.inc.php content fact
ansible.builtin.set_fact:
custom_php: "{{ custom_php_raw.content | b64decode }}"
- name: Assert tenant branding in custom.inc.php
ansible.builtin.assert:
that: "'Test Corp Webmail' in custom_php"
fail_msg: "Expected 'Test Corp Webmail' not found in custom.inc.php"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: /tmp/sovereign_test/roundcube/docker-compose.yml
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for roundcube"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: /tmp/sovereign_test/roundcube/docker-compose.yml
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert roundcube image reference in compose
ansible.builtin.assert:
that: "'roundcube/roundcubemail' in compose"
fail_msg: "Expected image 'roundcube/roundcubemail' not found in docker-compose.yml"
- name: Assert roundcube host rule in compose
ansible.builtin.assert:
that: "'Host(`webmail.test.example.com`)' in compose"
fail_msg: "Expected Host rule for webmail.test.example.com not found in docker-compose.yml"
- name: Assert GELF logging address in compose
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external in compose
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "Expected 'external: true' not found in docker-compose.yml"
- name: Assert roundcube skin (elastic) in compose
ansible.builtin.assert:
that: "'elastic' in compose"
fail_msg: "Expected roundcube skin 'elastic' not found in docker-compose.yml"
roles/roundcube/tasks/main.yml
+1
View File
@@ -26,3 +26,4 @@
community.docker.docker_compose_v2:
project_src: "{{ roundcube_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/stalwart/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ stalwart_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/stalwart/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: stalwart
roles/stalwart/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/stalwart/molecule/default/verify.yml
+56
View File
@@ -0,0 +1,56 @@
---
- name: Verify stalwart role
hosts: localhost
gather_facts: false
vars:
stalwart_data_dir: /tmp/sovereign_test/stalwart
tasks:
- name: Check stalwart data directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/stalwart
register: data_dir_stat
- name: Assert stalwart data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/stalwart was not created"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: /tmp/sovereign_test/stalwart/docker-compose.yml
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for stalwart"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: /tmp/sovereign_test/stalwart/docker-compose.yml
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert stalwart image reference in compose
ansible.builtin.assert:
that: "'stalwartlabs/mail-server' in compose"
fail_msg: "Expected image 'stalwartlabs/mail-server' not found in docker-compose.yml"
- name: Assert stalwart host rule in compose
ansible.builtin.assert:
that: "'mail.test.example.com' in compose"
fail_msg: "Expected hostname 'mail.test.example.com' not found in docker-compose.yml"
- name: Assert GELF logging address in compose
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external in compose
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "Expected 'external: true' not found in docker-compose.yml"
roles/stalwart/tasks/main.yml
+1
View File
@@ -19,3 +19,4 @@
community.docker.docker_compose_v2:
project_src: "{{ stalwart_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/vaultwarden/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ vaultwarden_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/vaultwarden/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: vaultwarden
roles/vaultwarden/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/vaultwarden/molecule/default/verify.yml
+64
View File
@@ -0,0 +1,64 @@
---
- name: Verify vaultwarden role
hosts: localhost
gather_facts: false
vars:
vaultwarden_data_dir: /tmp/sovereign_test/vaultwarden
vaultwarden_domain: vault.test.example.com
vaultwarden_admin_token: test_vaultwarden_admin_token
vaultwarden_version: latest
tasks:
- name: Check vaultwarden data directory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/vaultwarden"
register: data_dir_stat
- name: Assert vaultwarden data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/vaultwarden was not created"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/vaultwarden/docker-compose.yml"
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for vaultwarden"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/vaultwarden/docker-compose.yml"
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert vaultwarden server image is present
ansible.builtin.assert:
that: "'vaultwarden/server' in compose"
fail_msg: "vaultwarden/server image not found in docker-compose.yml"
- name: Assert vaultwarden domain traefik rule is present
ansible.builtin.assert:
that: "'Host(`vault.test.example.com`)' in compose"
fail_msg: "Traefik rule for vault.test.example.com not found in docker-compose.yml"
- name: Assert admin token is present in compose
ansible.builtin.assert:
that: "'test_vaultwarden_admin_token' in compose"
fail_msg: "vaultwarden_admin_token not found in docker-compose.yml"
- name: Assert GELF logging address is present
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "external: true not found in docker-compose.yml networks section"
roles/vaultwarden/tasks/main.yml
+1
View File
@@ -19,3 +19,4 @@
community.docker.docker_compose_v2:
project_src: "{{ vaultwarden_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/wazuh/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ wazuh_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/wazuh/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: wazuh
roles/wazuh/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/wazuh/molecule/default/verify.yml
+119
View File
@@ -0,0 +1,119 @@
---
- name: Verify wazuh role
hosts: localhost
gather_facts: false
vars:
wazuh_data_dir: /tmp/sovereign_test/wazuh
wazuh_domain: wazuh.test.example.com
wazuh_admin_password: test_wazuh_admin
wazuh_version: "4.9.0"
tenant_name: Test Corp
tasks:
- name: Check wazuh data directory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/wazuh"
register: data_dir_stat
- name: Assert wazuh data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/wazuh was not created"
- name: Check config subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/wazuh/config"
register: config_dir_stat
- name: Assert config subdirectory is present
ansible.builtin.assert:
that: config_dir_stat.stat.isdir
fail_msg: "Config directory /tmp/sovereign_test/wazuh/config was not created"
- name: Check dashboard-config subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/wazuh/dashboard-config"
register: dashboard_config_dir_stat
- name: Assert dashboard-config subdirectory is present
ansible.builtin.assert:
that: dashboard_config_dir_stat.stat.isdir
fail_msg: "Dashboard-config directory /tmp/sovereign_test/wazuh/dashboard-config was not created"
- name: Check opensearch_dashboards.yml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/wazuh/dashboard-config/opensearch_dashboards.yml"
register: dashboards_config_stat
- name: Assert opensearch_dashboards.yml was rendered
ansible.builtin.assert:
that: dashboards_config_stat.stat.exists
fail_msg: "dashboard-config/opensearch_dashboards.yml was not rendered for wazuh"
- name: Read opensearch_dashboards.yml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/wazuh/dashboard-config/opensearch_dashboards.yml"
register: dashboards_config_raw
- name: Set dashboards config content fact
ansible.builtin.set_fact:
dashboards_config: "{{ dashboards_config_raw.content | b64decode }}"
- name: Assert dashboards config contains tenant branding title
ansible.builtin.assert:
that: "'Test Corp Security' in dashboards_config"
fail_msg: "opensearch_dashboards.yml does not contain 'Test Corp Security'"
- name: Assert dashboards config contains admin password
ansible.builtin.assert:
that: "'test_wazuh_admin' in dashboards_config"
fail_msg: "opensearch_dashboards.yml does not contain test_wazuh_admin password"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/wazuh/docker-compose.yml"
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for wazuh"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/wazuh/docker-compose.yml"
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert wazuh-manager image with version is present
ansible.builtin.assert:
that: "'wazuh/wazuh-manager:4.9.0' in compose"
fail_msg: "wazuh/wazuh-manager:4.9.0 image not found in docker-compose.yml"
- name: Assert wazuh-dashboard image with version is present
ansible.builtin.assert:
that: "'wazuh/wazuh-dashboard:4.9.0' in compose"
fail_msg: "wazuh/wazuh-dashboard:4.9.0 image not found in docker-compose.yml"
- name: Assert wazuh domain traefik rule is present
ansible.builtin.assert:
that: "'Host(`wazuh.test.example.com`)' in compose"
fail_msg: "Traefik rule for wazuh.test.example.com not found in docker-compose.yml"
- name: Assert admin password is present in compose
ansible.builtin.assert:
that: "'test_wazuh_admin' in compose"
fail_msg: "wazuh_admin_password not found in docker-compose.yml"
- name: Assert GELF logging address is present
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "external: true not found in docker-compose.yml networks section"
roles/wazuh/tasks/main.yml
+2
View File
@@ -30,6 +30,7 @@
value: '262144'
state: present
sysctl_set: true
when: not (molecule_test_mode | default(false))
- name: Deploy Wazuh docker-compose
ansible.builtin.template:
@@ -42,3 +43,4 @@
community.docker.docker_compose_v2:
project_src: "{{ wazuh_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))
roles/website/handlers/main.yml
+1
View File
@@ -4,3 +4,4 @@
project_src: "{{ website_data_dir }}"
state: present
recreate: always
when: not (molecule_test_mode | default(false))
roles/website/molecule/default/converge.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Converge
hosts: localhost
gather_facts: false
vars_files:
- ../../../molecule/shared/vars.yml
roles:
- role: website
roles/website/molecule/default/molecule.yml
+23
View File
@@ -0,0 +1,23 @@
---
dependency:
name: galaxy
options:
requirements-file: requirements.yml
driver:
name: delegated
options:
managed: false
ansible_connection_options:
ansible_connection: local
platforms:
- name: localhost
groups:
- sovereign
provisioner:
name: ansible
inventory:
host_vars:
localhost:
ansible_connection: local
verifier:
name: ansible
roles/website/molecule/default/verify.yml
+68
View File
@@ -0,0 +1,68 @@
---
- name: Verify website role
hosts: localhost
gather_facts: false
vars:
website_data_dir: /tmp/sovereign_test/website
base_domain: test.example.com
website_nginx_version: alpine
tasks:
- name: Check website data directory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/website"
register: data_dir_stat
- name: Assert website data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/website was not created"
- name: Check html subdirectory exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/website/html"
register: html_dir_stat
- name: Assert html subdirectory is present
ansible.builtin.assert:
that: html_dir_stat.stat.isdir
fail_msg: "HTML directory /tmp/sovereign_test/website/html was not created"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: "/tmp/sovereign_test/website/docker-compose.yml"
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for website"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: "/tmp/sovereign_test/website/docker-compose.yml"
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert nginx alpine image is present
ansible.builtin.assert:
that: "'nginx:alpine' in compose"
fail_msg: "nginx:alpine image not found in docker-compose.yml"
- name: Assert bare domain traefik rule is present
ansible.builtin.assert:
that: "'Host(`test.example.com`)' in compose"
fail_msg: "Traefik rule for bare domain test.example.com not found in docker-compose.yml"
- name: Assert GELF logging address is present
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "external: true not found in docker-compose.yml networks section"
roles/website/tasks/main.yml
+1
View File
@@ -19,3 +19,4 @@
community.docker.docker_compose_v2:
project_src: "{{ website_data_dir }}"
state: present
when: not (molecule_test_mode | default(false))