ansible-collection-kit/tests/test.yml

---
- name: generic tests for all the roles
  hosts: all
  vars:
    ansible_python_interpreter: /usr/bin/python3
    hostname: example.org
    hostname_aliases:
      - example
    nftables_output_policy: accept
    nftables_input_rules:
      - tcp dport ssh ct state new limit rate 15/minute accept comment "Accept SSH on port 22 but avoid brute force"
      - tcp dport { http, https } accept comment "Accept HTTP (ports 80, 443)"
      - tcp dport { submission, imaps } accept comment "Accept SSMTP and IMAPS"
    iptables_output_policy: accept
    iptables_rules:
      - -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
      - -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
      - -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    admin_user: administrator
    admin_password: the_secret_password
    admin_key_file: ~/.ssh/test/id_rsa.pub
    snake_oil_cert_domains:
      - example.org
      - example2.org
      - mail.example.org
    nginx_vhosts:
      - servername: example.org
        serveralias:
          - www.example.org
          - www2.example.org
        acme_challenges: /tmp/acme
        ssl_certificate: /var/lib/snakeoil/certs/example.org/fullchain.pem
        ssl_certificate_key: /var/lib/snakeoil/certs/example.org/privkey.pem
        ssl_trusted_certificate: /var/lib/snakeoil/certs/example.org/fullchain.pem
      - servername: example2.org
        serveralias:
          - www.example2.org
          - www2.example2.org
        ssl_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
        ssl_certificate_key: /var/lib/snakeoil/certs/example2.org/privkey.pem
        ssl_trusted_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
    dehydrated_email: test@example.org
    dehydrated_domains:
      - example.org www.example.org
      - example2.org
    users_list:
      - username: eriol
        password: !
        key: ~/.ssh/test/id_rsa.pub
        key_options: 'command="/usr/bin/date"'
      - username: melchisedec
        state: absent
        remove: true
    influxdb_bind_hostname: 127.0.0.1
    homeassistant_add_to_ssl_cert_group: true
    homeassistant_ssl_certificate: /var/lib/snakeoil/certs/example.org/fullchain.pem
    homeassistant_ssl_key: /var/lib/snakeoil/certs/example.org/privkey.pem
    # homeassistant_influxdb_host: 127.0.0.1
  roles:
    # - ../roles/apt_dist_upgrade
    # - ../roles/common
    # - ../roles/hostname
    # - ../roles/nftables
    # - ../roles/iptables
    # - ../roles/sshd
    # - ../roles/fail2ban
    # - ../roles/snake_oil_cert
    # - ../roles/users
    # - ../roles/dehydrated
    # - ../roles/nginx
    # - ../roles/admin
    # - ../roles/docker
    # - {role: ../roles/mailserver}
    # - {role: ../roles/weechat}
    # Uncomment to test wikijs role: it's commented since the tarball that we
    # have to download is more than 60MB.
    # - {role: ../roles/wikijs, become: true, wikijs_db_type: sqlite}
    # - ../roles/adguardhome
    # - {role: ../roles/n8n, become: true}
    # - {role: ../roles/beehive,
    #    become: true,
    #    beehive_bind: 10.10.10.10:8181,
    #    beehive_canonical_url: http://10.10.10.10:8181}
    # - ../roles/mosquitto
    # - ../roles/influxdb
    # - ../roles/homeassistant
    # - {role: ../roles/generate_ca, become: true}
    # - {role: ../roles/generate_certificate, become: true}
    # - {role: ../roles/gitea, become: true}
    # - ../roles/dokku
    - ../roles/znc
    # The easy ports sequece is just for test. Also don't disable strict IP
    # filtering on production.
    # - {role: ../roles/knockd, ports: [3333, 4444, 5555], network_interface: eth1, filter_ip: ""}