feat(hostname): add playbook for hostname management

playbooks/docker_registry.yml

@@ -0,0 +1,16 @@
+---
+- name: Manage docker registry credentials
+  hosts: "{{ docker_hosts | default('docker', true) }}"
+  become: "{{ docker_become | default(false) }}"
+  gather_facts: "{{ docker_registry_gather_facts | default(true) }}"
+  tasks:
+    - name: Manage docker registry credentials
+      community.docker.docker_login:
+        registry_url: "{{ docker_registry.registry }}"
+        username: "{{ docker_registry.username | default(omit) }}"
+        password: "{{ docker_registry.password | default(omit) }}"
+        state: "{{ docker_registry.state | default('present') }}"
+      loop: "{{ docker_registries | default([], true) }}"
+      loop_control:
+        loop_var: "docker_registry"
+        label: "{{ docker_registry.username}}@{{ docker_registry.registry }}"

playbooks/hostname.yml

@@ -0,0 +1,10 @@
+---
+- name: Ensure hostname is managed
+  hosts: "{{ hostname_targets | default('hostname_managed') }}"
+  become: "{{ hostname_target_become | default(true) }}"
+  gather_facts: false
+  tasks:
+    - name: Ensure hostname is up to date
+      ansible.builtin.hostname:
+        name: "{{ hostname | default(inventory_hostname, true) }}"
+        use: "{{ hostname_strategy | default(omit, true) }}"

roles/docker/defaults/main/rhel.yml

@@ -1,34 +0,0 @@
----
-docker_rhel_repo_name: "docker-ce-stable"
-docker_rhel_repo_description: "Docker CE Stable - $basearch"
-docker_rhel_repo_url: "https://download.docker.com/linux/rhel/$releasever/$basearch/stable"
-docker_rhel_repo_validate_certs: true
-docker_rhel_repo_gpg_check: true
-docker_rhel_repo_gpg_key: "https://download.docker.com/linux/rhel/gpg"
-
-docker_rhel_cli_package: "docker-ce-cli"
-docker_rhel_plugin_buildx_package: "docker-buildx-plugin"
-docker_rhel_plugin_compose_package: "docker-compose-plugin"
-docker_rhel_base_packages:
-  - "docker-ce"
-  - "docker-ce-cli"
-  - "containerd.io"
-docker_rhel_packages: >-2
-  {{
-    docker_fedora_base_packages
-    + (docker_plugin_buildx_enable | default(false)
-      | ternary([ docker_rhel_plugin_buildx_package ], []))
-    + (docker_plugin_compose_enable | default(false)
-      | ternary([ docker_rhel_plugin_compose_package ], []))
-  }}
-docker_rhel_legacy_packages:
-  - "docker"
-  - "docker-client"
-  - "docker-client-latest"
-  - "docker-common"
-  - "docker-latest"
-  - "docker-latest-logrotate"
-  - "docker-logrotate"
-  - "docker-engine"
-  - "podman"
-  - "runc"

roles/docker/tasks/install-redhat.yml

@@ -1,21 +0,0 @@
----
-- name: Ensure legacy docker packages are removed
-  ansible.builtin.dnf:
-    name: "{{ docker_rhel_legacy_packages }}"
-    state: absent
-  when: docker_remove_legacy_packages
-
-- name: Add dnf repository for docker
-  ansible.builtin.yum_repository:
-    name: "{{ docker_rhel_repo_name }}"
-    description: "{{ docker_rhel_repo_description }}"
-    baseurl: "{{ docker_rhel_repo_url }}"
-    validate_certs: "{{ docker_rhel_repo_validate_certs }}"
-    gpgkey: "{{ docker_rhel_repo_gpg_key }}"
-    gpgcheck: "{{ docker_rhel_repo_gpg_check }}"
-    state: "{{ docker_state }}"
-
-- name: Install dnf packages for docker
-  ansible.builtin.dnf:
-    name: "{{ docker_rhel_packages }}"
-    state: "{{ docker_state }}"

roles/docker/vars/main.yml

@@ -2,5 +2,3 @@
 docker_supported_oses:
   - 'debian'
   - 'fedora'
-docker_supported_os_families:
-  - 'rhel'

roles/lego/tasks/main.yml

@@ -107,6 +107,7 @@
       {{ entry.key }}={{ entry.value }}
       {% endfor %}
     dest: "{{ lego_base_path }}/{{ lego_instance }}.conf"
+  register: lego_env_file_info
 
 - name: Ensure timer unit is templated
   ansible.builtin.template:
@@ -120,6 +121,7 @@
     src: "lego_run.sh"
     dest: "{{ lego_base_path }}/run.sh"
     mode: "0755"
+  register: lego_handler_script_info
 
 - name: Ensure per-instance base path is created
   ansible.builtin.file:
@@ -159,7 +161,18 @@
     name: "{{ lego_systemd_timer_name }}"
     state: "started"
 
+- name: Check if certificates are present
+  ansible.builtin.find:
+    path: "{{ lego_instance_path }}/certificates"
+    recurse: false
+    file_type: "file"
+  register: lego_certificate_info
+
 - name: Ensure systemd service is started once to obtain the certificate
   ansible.builtin.systemd_service:
     name: "{{ lego_systemd_service_name }}"
     state: "started"
+  when: >-2
+    lego_handler_script_info.changed
+    or lego_env_file_info.changed
+    or lego_certificate_info.files | default([]) | length == 0

roles/minio/defaults/main/container.yml

@@ -1,7 +1,7 @@
 ---
 minio_container_name: minio
 minio_container_image_name: "docker.io/minio/minio"
-minio_container_image_tag: "RELEASE.2025-04-08T15-41-24Z"
+minio_container_image_tag: "RELEASE.2025-04-22T22-12-26Z"
 minio_container_image: "{{ minio_container_image_name }}:{{ minio_container_image_tag }}"
 minio_container_networks: []
 minio_container_ports: []

roles/nginx/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-nginx_version: "1.27.5"
+nginx_version: "1.28.0"
 nginx_flavour: alpine
 nginx_base_path: /opt/nginx
 nginx_config_file: "{{ nginx_base_path }}/nginx.conf"