meta: bump collection version to 0.1.1

README.md

@@ -13,6 +13,9 @@ and configuring basic system utilities like gnupg, ssh etc
 
 - [`gnupg`](roles/gnupg/README.md): configures gnupg on the target system
 
+- [`lego`](roles/lego/README.md): runs [lego (LetsEncrypt Go]](https://github.com/go-acme/lego),
+  a ACME client written in go, using systemd (timers). Multi-instance capable.
+
 - [`mariadb`](roles/mariadb/README.md): runs [MariaDB Server](https://mariadb.org/), one of the world's most popular open source relational database
 
 - [`minio`](roles/minio/README.md): Deploy [min.io](https://min.io), an
@@ -24,6 +27,9 @@ and configuring basic system utilities like gnupg, ssh etc
 - [`restic`](roles/restic/README.md): Manage backups using restic
   and persist them to a configurable backend.
 
+- [`powerdns_tsig_key`](roles/powerdns_tsig_key/README.md): Simple ansible role
+  for generating TSIG keys in PowerDNS.
+
 ## License
 
 [CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License

galaxy.yml

@@ -1,10 +1,12 @@
 namespace: finallycoffee
 name: base
-version: 0.0.2
+version: 0.1.1
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
 description: Roles for base services which are common dependencies other services like databases
+dependencies:
+  "community.docker": "^1.10.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'

meta/runtime.yml

@@ -1,3 +1,3 @@
 ---
 
-requires_ansible: ">=2.12"
+requires_ansible: ">=2.15"

roles/dns/README.md

@@ -0,0 +1,33 @@
+# `finallycoffee.base.dns` ansible role
+
+Simple role for wrapping around the
+[`famedly.dns.update`](https://github.com/famedly/ansible-collection-dns/blob/main/plugins/modules/update.py)
+ansible module.
+
+## Usage
+
+### Example playbook
+```yaml
+- target: "{{ target_hosts }}"
+  roles:
+    - role: finallycoffee.base.dns
+      vars:
+        dns_server: "dns.example.org"
+        dns_zone: "zone.example.org"
+        dns_records: "{{ dns_records }}"
+        dns_record_state: exact
+        dns_tsig_name: "mykeyname"
+        dns_tsig_algo: "hmac-sha256"
+        dns_tsig_key: "mykeycontent"
+  vars:
+    dns_records:
+      - type: A
+        name: gitea
+        content: "127.0.0.1"
+      - type: AAAA
+        name: gitea
+        content: "fe80::1"
+      - type: CNAME
+        name: "_acme_challenge.gitea"
+        content: "delegated-cname.challenge.example.org"
+```

roles/lego/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 lego_user: "lego"
-lego_version: "4.17.4"
+lego_version: "4.18.0"
 lego_instance: default
 lego_base_path: "/opt/lego"
 lego_cert_user: "acme-{{ lego_instance }}"

roles/mariadb/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 
-mariadb_version: "10.11.6"
+mariadb_version: "10.11.9"
 mariadb_base_path: /var/lib/mariadb
 mariadb_data_path: "{{ mariadb_base_path }}/{{ mariadb_version }}"
 

roles/nginx/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 
-nginx_version: "1.25.3"
+nginx_version: "1.26.2"
 nginx_flavour: alpine
 nginx_base_path: /opt/nginx
 nginx_config_file: "{{ nginx_base_path }}/nginx.conf"

roles/powerdns_tsig_key/README.md

@@ -0,0 +1,25 @@
+# `finallycoffee.base.powerdns_tsig_key`
+
+Simple ansible role for ensuring a TSIG key is present in a given PowerDNS-
+instance.
+
+## Usage
+
+The usage example below assumes `powerdns` is running in a container named `powerdns` (as supplied to `powerdns_tsig_key_container_name`.
+
+```yaml
+- hosts: "{{ target_hosts }}"
+  become: true
+  roles:
+    - role: finallycoffee.base.powerdns_tsig_key
+      vars:
+        powerdns_tsig_key_name: "nameofmykey"
+        powerdns_tsig_key_path: "/var/lib/myapp/tsig.key"
+        powernds_tsig_key_algo: "hmac-sha512"
+        powerdns_tsig_key_path_owner: "myappuser"
+        powerdns_tsig_key_path_group: "myappgroup"
+        powerdns_tsig_key_container_name: 'powerdns'
+```
+
+> [!INFO]
+> Support for non-docker deployments is pending.