From 3a873051e7efded27050ab033516a62b20a06d64 Mon Sep 17 00:00:00 2001 From: Ian Roddis <31021769+iroddis@users.noreply.github.com> Date: Mon, 30 Mar 2026 16:39:54 -0300 Subject: [PATCH] Just tests passing now --- .claude/settings.local.json | 5 +- roles/authentik/molecule/default/molecule.yml | 9 +- roles/common/molecule/default/molecule.yml | 9 +- roles/common/tasks/main.yml | 2 + roles/forgejo/molecule/default/molecule.yml | 9 +- roles/graylog/molecule/default/molecule.yml | 9 +- roles/graylog/molecule/default/verify.yml | 6 +- roles/headscale/molecule/default/molecule.yml | 9 +- roles/jitsi/molecule/default/molecule.yml | 9 +- roles/matrix/molecule/default/molecule.yml | 9 +- roles/matrix/molecule/default/verify.yml | 8 +- roles/minio/molecule/default/molecule.yml | 9 +- roles/molecule/shared/vars.yml | 122 ++++++++++++++++++ roles/nextcloud/molecule/default/molecule.yml | 9 +- roles/roundcube/molecule/default/molecule.yml | 9 +- roles/stalwart/molecule/default/molecule.yml | 9 +- .../vaultwarden/molecule/default/molecule.yml | 9 +- roles/wazuh/molecule/default/molecule.yml | 9 +- roles/website/molecule/default/molecule.yml | 9 +- 19 files changed, 191 insertions(+), 78 deletions(-) create mode 100644 roles/molecule/shared/vars.yml diff --git a/.claude/settings.local.json b/.claude/settings.local.json index 4c4621f..65ed90b 100644 --- a/.claude/settings.local.json +++ b/.claude/settings.local.json @@ -22,7 +22,10 @@ "Bash(helm template:*)", "Bash(brew list:*)", "Bash(export PATH=\"/opt/homebrew/bin:$PATH\")", - "Bash(ansible-playbook:*)" + "Bash(ansible-playbook:*)", + "Bash(just test:*)", + "Bash(pip show:*)", + "Bash(molecule test:*)" ] } } diff --git a/roles/authentik/molecule/default/molecule.yml b/roles/authentik/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/authentik/molecule/default/molecule.yml +++ b/roles/authentik/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/common/molecule/default/molecule.yml b/roles/common/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/common/molecule/default/molecule.yml +++ b/roles/common/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index c561371..c6d4c16 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -63,6 +63,8 @@ path: "{{ traefik_data_dir }}/acme.json" state: touch mode: '0600' + modification_time: preserve + access_time: preserve - name: Deploy Traefik docker-compose ansible.builtin.template: diff --git a/roles/forgejo/molecule/default/molecule.yml b/roles/forgejo/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/forgejo/molecule/default/molecule.yml +++ b/roles/forgejo/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/graylog/molecule/default/molecule.yml b/roles/graylog/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/graylog/molecule/default/molecule.yml +++ b/roles/graylog/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/graylog/molecule/default/verify.yml b/roles/graylog/molecule/default/verify.yml index a07cb92..19bb2f9 100644 --- a/roles/graylog/molecule/default/verify.yml +++ b/roles/graylog/molecule/default/verify.yml @@ -75,10 +75,10 @@ that: "'Host(`logs.test.example.com`)' in compose" fail_msg: "Expected Host rule for logs.test.example.com not found in docker-compose.yml" - - name: Assert GELF logging address in compose + - name: Assert GELF UDP port binding in compose ansible.builtin.assert: - that: "'udp://127.0.0.1:12201' in compose" - fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml" + that: "'12201/udp' in compose" + fail_msg: "Expected GELF UDP port binding 12201/udp not found in docker-compose.yml" - name: Assert sovereign network is external in compose ansible.builtin.assert: diff --git a/roles/headscale/molecule/default/molecule.yml b/roles/headscale/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/headscale/molecule/default/molecule.yml +++ b/roles/headscale/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/jitsi/molecule/default/molecule.yml b/roles/jitsi/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/jitsi/molecule/default/molecule.yml +++ b/roles/jitsi/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/matrix/molecule/default/molecule.yml b/roles/matrix/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/matrix/molecule/default/molecule.yml +++ b/roles/matrix/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/matrix/molecule/default/verify.yml b/roles/matrix/molecule/default/verify.yml index fcc42a5..7d1ae1d 100644 --- a/roles/matrix/molecule/default/verify.yml +++ b/roles/matrix/molecule/default/verify.yml @@ -73,22 +73,22 @@ - name: Assert element config contains tenant brand name ansible.builtin.assert: - that: '"brand": "Test Corp"' in element_config + that: element_config_parsed.brand == "Test Corp" fail_msg: "element/config.json does not contain brand: Test Corp" - name: Assert element config contains matrix homeserver URL ansible.builtin.assert: - that: '"https://matrix.test.example.com"' in element_config + that: element_config_parsed['default_server_config']['m.homeserver']['base_url'] == "https://matrix.test.example.com" fail_msg: "element/config.json does not contain https://matrix.test.example.com" - name: Assert element config contains jitsi domain ansible.builtin.assert: - that: '"meet.test.example.com"' in element_config + that: element_config_parsed.jitsi.preferred_domain == "meet.test.example.com" fail_msg: "element/config.json does not contain meet.test.example.com" - name: Assert element config contains default theme ansible.builtin.assert: - that: '"default_theme": "light"' in element_config + that: element_config_parsed.default_theme == "light" fail_msg: "element/config.json does not contain default_theme: light" - name: Check docker-compose.yml exists diff --git a/roles/minio/molecule/default/molecule.yml b/roles/minio/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/minio/molecule/default/molecule.yml +++ b/roles/minio/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/molecule/shared/vars.yml b/roles/molecule/shared/vars.yml new file mode 100644 index 0000000..4d05efa --- /dev/null +++ b/roles/molecule/shared/vars.yml @@ -0,0 +1,122 @@ +--- +# Shared test variables used by all molecule scenarios. +# These provide the minimum variable set so converge.yml playbooks can run +# without a full production inventory. + +molecule_test_mode: true + +base_domain: "test.example.com" +tenant_name: "Test Corp" +tenant_logo_local_path: "" +tenant_primary_color: "#2563eb" +tenant_accent_color: "#1e40af" +sovereign_base_dir: /tmp/sovereign_test +sovereign_network_name: sovereign + +# Traefik +traefik_acme_email: "admin@test.example.com" +traefik_domain: "traefik.test.example.com" +traefik_dashboard_password: "testpassword" + +# Authentik +authentik_domain: "auth.test.example.com" +authentik_version: "2024.10.5" +authentik_secret_key: "test-secret-key-exactly-50-chars-padded-here12345" +authentik_db_password: "test_authentik_db" +authentik_admin_email: "admin@test.example.com" +authentik_admin_password: "test_admin" + +# Graylog +graylog_domain: "logs.test.example.com" +graylog_version: "6.0" +graylog_password_secret: "test_graylog_secret_min_16_chars" +graylog_root_password_sha2: "test_sha256_placeholder" +graylog_host: "127.0.0.1" +graylog_gelf_port: 12201 + +# Stalwart Mail +stalwart_domain: "mail.test.example.com" +stalwart_admin_password: "test_mail_admin" +stalwart_version: "latest" + +# Roundcube +roundcube_domain: "webmail.test.example.com" +roundcube_version: "latest" +roundcube_db_password: "test_roundcube_db" +roundcube_des_key: "test_24_char_des_key____" + +# Wazuh +wazuh_domain: "wazuh.test.example.com" +wazuh_version: "4.9.0" +wazuh_admin_password: "test_wazuh_admin" +wazuh_api_password: "test_wazuh_api" + +# Headscale +wireguard_domain: "vpn.test.example.com" +headscale_domain: "headscale.test.example.com" +headscale_version: "0.23.0" +wireguard_port: 51820 +headscale_noise_private_key: "" + +# Matrix / Element +matrix_domain: "matrix.test.example.com" +element_domain: "chat.test.example.com" +matrix_version: "v1.118.0" +matrix_registration_secret: "test_registration_secret" +matrix_db_password: "test_matrix_db" + +# Jitsi +jitsi_domain: "meet.test.example.com" +jitsi_version: "stable-9753" +jitsi_jicofo_auth_password: "test_jicofo" +jitsi_jvb_auth_password: "test_jvb" +jitsi_jibri_recorder_password: "test_jibri_recorder" +jitsi_jibri_xmpp_password: "test_jibri_xmpp" +jitsi_turn_secret: "test_turn" + +# MinIO +minio_domain: "s3.test.example.com" +minio_console_domain: "minio.test.example.com" +minio_version: "latest" +minio_root_user: "minioadmin" +minio_root_password: "test_minio" +minio_nextcloud_bucket: "nextcloud" +minio_nextcloud_access_key: "nextcloud" +minio_nextcloud_secret_key: "test_nextcloud_s3" + +# Nextcloud +nextcloud_domain: "cloud.test.example.com" +nextcloud_version: "29" +nextcloud_admin_user: "admin" +nextcloud_admin_password: "test_nextcloud" +nextcloud_db_password: "test_nextcloud_db" +nextcloud_db_root_password: "test_nextcloud_db_root" + +# Vaultwarden +vaultwarden_domain: "vault.test.example.com" +vaultwarden_version: "latest" +vaultwarden_admin_token: "test_vaultwarden_admin_token" +vaultwarden_db_password: "test_vaultwarden_db" + +# Forgejo +forgejo_domain: "git.test.example.com" +forgejo_version: "latest" +forgejo_db_password: "test_forgejo_db" +forgejo_secret_key: "test_forgejo_secret" +forgejo_internal_token: "test_forgejo_internal_token" +forgejo_lfs_jwt_secret: "test_forgejo_lfs_jwt" +forgejo_admin_user: "admin" +forgejo_admin_password: "test_forgejo_admin" +forgejo_admin_email: "admin@test.example.com" +forgejo_ssh_port: 2222 + +# Website +website_nginx_version: "alpine" + +# SMTP +smtp_host: "stalwart" +smtp_port: 587 +smtp_from: "noreply@test.example.com" +smtp_user: "noreply@test.example.com" +smtp_password: "test_smtp" +smtp_tls: "starttls" diff --git a/roles/nextcloud/molecule/default/molecule.yml b/roles/nextcloud/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/nextcloud/molecule/default/molecule.yml +++ b/roles/nextcloud/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/roundcube/molecule/default/molecule.yml b/roles/roundcube/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/roundcube/molecule/default/molecule.yml +++ b/roles/roundcube/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/stalwart/molecule/default/molecule.yml b/roles/stalwart/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/stalwart/molecule/default/molecule.yml +++ b/roles/stalwart/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/vaultwarden/molecule/default/molecule.yml b/roles/vaultwarden/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/vaultwarden/molecule/default/molecule.yml +++ b/roles/vaultwarden/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/wazuh/molecule/default/molecule.yml b/roles/wazuh/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/wazuh/molecule/default/molecule.yml +++ b/roles/wazuh/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible + diff --git a/roles/website/molecule/default/molecule.yml b/roles/website/molecule/default/molecule.yml index a4a18ab..3a5906f 100644 --- a/roles/website/molecule/default/molecule.yml +++ b/roles/website/molecule/default/molecule.yml @@ -4,20 +4,19 @@ dependency: options: requirements-file: requirements.yml driver: - name: docker - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: default platforms: - name: localhost groups: - sovereign provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." inventory: host_vars: localhost: ansible_connection: local verifier: name: ansible +