Commit 1be5ff21 authored by Lars Beckers's avatar Lars Beckers

Merge branch 'ci-config' into 'master'

Add CI config

See merge request !8
parents 71d74583 e3168dfe
Pipeline #1340 passed with stage
in 1 minute and 17 seconds
parseable: true
quiet: true
use_default_rules: true
skip_list:
- '204' # line length is checked by yamllint
- '401' # git checkout must contain explicit version
- '701' # 7xx is about ansible galaxy guidelines
- '702'
- '703'
---
image: registry.git.fsmpi.rwth-aachen.de/infra/ci-containers/fsmpi-ansible:buster
variables:
GIT_SUBMODULE_STRATEGY: recursive
before_script:
- export LANG=en_US.UTF-8
- chmod o-w .
- apt-get -qq update && apt-get -qq install -y ansible-lint ripgrep
- ansible --version
- ansible-lint --version
- yamllint --version
stages:
- test
test:
stage: test
script:
- yamllint .
- ansible-lint ./*/
# yamllint disable-line rule:line-length
- "! rg --fixed-strings 'passwordstore' ./*/templates"
......@@ -14,6 +14,10 @@ rules:
forbid-in-block-mappings: true
line-length:
level: warning
allow-non-breakable-inline-mappings: true
octal-values:
forbid-implicit-octal: true
level: warning
level: error
# quoted-strings: enable
truthy:
level: error
......@@ -30,4 +30,4 @@ dovecot_dsync_host_attribute: ansible_host
dovecot_content_filter: false
dovecot_spam_folder: Spam
dovecot_spam_user: "${1}" # debian-spamd
dovecot_spam_user: "${1}" # debian-spamd
......@@ -89,6 +89,7 @@
- meta: flush_handlers
# yamllint disable-line rule:line-length
- name: ensure the global spam filter and learning sieve script have correct permissions
file:
state: file
......
......@@ -3,6 +3,6 @@
dovecot_tls_protocols: 'TLSv1.2 TLSv1.3'
dovecot_tls_min_protocol: 'TLSv1.2'
dovecot_tls_ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
dovecot_tls_dh_length: 4096 # 2048
dovecot_tls_dh_file: ffdhe4096.txt # ffdhe2048.txt
dovecot_tls_dh_length: 4096 # 2048
dovecot_tls_dh_file: ffdhe4096.txt # ffdhe2048.txt
dovecot_tls_prefer_server_ciphers: false
......@@ -3,6 +3,6 @@
dovecot_tls_protocols: 'TLSv1 TLSv1.1 TLSv1.2 !SSLv3'
dovecot_tls_min_protocol: 'TLSv1'
dovecot_tls_ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA'
dovecot_tls_dh_length: 2048 # 1024
dovecot_tls_dh_file: ffdhe2048.txt # openssl dhparam 1024 > ffdhe1024.txt
dovecot_tls_dh_length: 2048 # 1024
dovecot_tls_dh_file: ffdhe2048.txt # openssl dhparam 1024 > ffdhe1024.txt
dovecot_tls_prefer_server_ciphers: true
......@@ -4,5 +4,5 @@ dovecot_tls_protocols: 'TLSv1.1 TLSv1.2 !SSLv3'
dovecot_tls_min_protocol: 'TLSv1.1'
dovecot_tls_ciphers: "{{ tls_ciphers }}"
dovecot_tls_dh_length: 4096
dovecot_tls_dh_file: ffdhe4096.txt # ffdhe2048.txt
dovecot_tls_dh_file: ffdhe4096.txt # ffdhe2048.txt
dovecot_tls_prefer_server_ciphers: true
......@@ -5,5 +5,5 @@ postfix_tls_mandatory_ciphers: medium
postfix_tls_preempt_cipherlist: false
postfix_tls_eecdh_grade: null
postfix_tls_high_cipherlist: null
postfix_tls_dh_file: ffdhe2048.txt # ffdhe4096.txt
postfix_tls_dh_file: ffdhe2048.txt # ffdhe4096.txt
postfix_tls_medium_cipherlist: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
......@@ -5,5 +5,5 @@ postfix_tls_mandatory_ciphers: medium
postfix_tls_preempt_cipherlist: true
postfix_tls_eecdh_grade: null
postfix_tls_high_cipherlist: null
postfix_tls_dh_file: ffdhe2048.txt # ffdhe4096.txt
postfix_tls_dh_file: ffdhe2048.txt # ffdhe4096.txt
postfix_tls_medium_cipherlist: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA'
---
- import_tasks: postgres.yml db_user="{{prosody_user}}" db_name="{{prosody_db}}"
# yamllint disable-line rule:line-length
- import_tasks: postgres.yml db_user="{{ prosody_user }}" db_name="{{ prosody_db }}"
- name: ensure prosody is installed
apt:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment