diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 06fc982..1869419 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,11 @@ jobs: strategy: max-parallel: 4 matrix: - python-version: [2.7, 3.6, 3.7] + python-version: [3.6, 3.7] + scenario: + - default + - with-config + - change-to-non-root-user steps: - uses: actions/checkout@v1 - name: Set up Python ${{ matrix.python-version }} @@ -17,9 +21,9 @@ jobs: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | - sudo apt install docker + sudo apt-get install -y docker python -m pip install --upgrade pip pip install -r requirements.txt - name: Test with molecule run: | - molecule test --all + molecule test -s ${{ matrix.scenario }} diff --git a/molecule/change-to-non-root-user/Dockerfile.j2 b/molecule/change-to-non-root-user/Dockerfile.j2 new file mode 100644 index 0000000..95e99c2 --- /dev/null +++ b/molecule/change-to-non-root-user/Dockerfile.j2 @@ -0,0 +1,41 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then \ + apt-get update && \ + apt-get install -y python3 python3-pip sudo bash ca-certificates \ + net-tools && \ + pip3 install --upgrade pip && \ + apt-get clean; \ + elif [ $(command -v dnf) ]; then \ + dnf makecache && \ + dnf --assumeyes install \ + sudo python3 python3-pip *python-devel python*-dnf bash \ + net-tools && \ + pip3 install --upgrade pip && \ + dnf clean all; \ + elif [ $(command -v yum) ]; then \ + yum makecache fast && \ + yum install -y epel-release && \ + yum update -y && \ + yum install -y python python-pip python-setuptools sudo \ + yum-plugin-ovl bash net-tools && \ + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && \ + yum clean all; \ + elif [ $(command -v zypper) ]; then \ + zypper refresh && \ + zypper install -y python sudo bash python-xml && \ + zypper clean -a; \ + elif [ $(command -v apk) ]; then \ + apk update && \ + apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then \ + xbps-install -Syu && \ + xbps-install -y python sudo bash ca-certificates && \ + xbps-remove -O; \ + fi diff --git a/molecule/change-to-non-root-user/INSTALL.rst b/molecule/change-to-non-root-user/INSTALL.rst new file mode 100644 index 0000000..6a44bde --- /dev/null +++ b/molecule/change-to-non-root-user/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/change-to-non-root-user/molecule.yml b/molecule/change-to-non-root-user/molecule.yml new file mode 100644 index 0000000..0d59f0b --- /dev/null +++ b/molecule/change-to-non-root-user/molecule.yml @@ -0,0 +1,50 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: centos-7 + image: centos:7 + command: /sbin/init + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: centos-8 + image: centos:8 + command: /sbin/init + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu-16.04 + image: jrei/systemd-ubuntu:16.04 + command: /sbin/init + privileged: true + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu-18.04 + image: jrei/systemd-ubuntu:18.04 + command: /sbin/init + privileged: true + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + lint: + name: ansible-lint +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/change-to-non-root-user/playbook.yml b/molecule/change-to-non-root-user/playbook.yml new file mode 100644 index 0000000..b11d543 --- /dev/null +++ b/molecule/change-to-non-root-user/playbook.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible-adguardhome + vars: + adguardhome_user: adguard diff --git a/molecule/change-to-non-root-user/prepare.yml b/molecule/change-to-non-root-user/prepare.yml new file mode 100644 index 0000000..a0e20ca --- /dev/null +++ b/molecule/change-to-non-root-user/prepare.yml @@ -0,0 +1,113 @@ +--- +- name: Prepare + hosts: all + tasks: + - name: Create config directory + file: + path: /opt/adguardhome/config + state: directory + mode: "0755" + owner: root + group: root + - name: Create default config file + copy: + dest: /opt/adguardhome/config/AdGuardHome.yml + mode: "0644" + owner: root + group: root + content: | + bind_host: 0.0.0.0 + bind_port: 80 + users: + - name: admin + password: $2a$10$jPInhu056/kjOPSURiPGiumIimDmLKj4d95z4serf97K.KdAthFI. + language: "" + rlimit_nofile: 0 + web_session_ttl: 720 + dns: + bind_host: 0.0.0.0 + port: 53 + statistics_interval: 1 + querylog_enabled: true + querylog_interval: 90 + querylog_memsize: 0 + protection_enabled: true + blocking_mode: null_ip + blocking_ipv4: "" + blocking_ipv6: "" + blocked_response_ttl: 10 + ratelimit: 20 + ratelimit_whitelist: [] + refuse_any: true + bootstrap_dns: + - 9.9.9.9 + - 149.112.112.112 + all_servers: false + edns_client_subnet: false + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: [] + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + cache_size: 4194304 + upstream_dns: + - https://dns.quad9.net/dns-query + filtering_enabled: true + filters_update_interval: 24 + parental_sensitivity: 0 + parental_enabled: false + safesearch_enabled: false + safebrowsing_enabled: false + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + rewrites: [] + blocked_services: [] + tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + allow_unencrypted_doh: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" + filters: + - enabled: true + url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt + name: AdGuard Simplified Domain Names filter + id: 1 + - enabled: false + url: https://adaway.org/hosts.txt + name: AdAway + id: 2 + - enabled: false + url: https://hosts-file.net/ad_servers.txt + name: hpHosts - Ad and Tracking servers only + id: 3 + - enabled: false + url: https://www.malwaredomainlist.com/hostslist/hosts.txt + name: MalwareDomainList.com Hosts List + id: 4 + user_rules: [] + dhcp: + enabled: false + interface_name: "" + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 + clients: [] + log_file: "" + verbose: false + schema_version: 6 + - name: Install and setup AdGuardHome for root user + include_role: + name: ansible-adguardhome + vars: + adguardhome_user: root diff --git a/molecule/change-to-non-root-user/tests/test_default.py b/molecule/change-to-non-root-user/tests/test_default.py new file mode 100644 index 0000000..a2603fa --- /dev/null +++ b/molecule/change-to-non-root-user/tests/test_default.py @@ -0,0 +1,65 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_adguardhome_config_dir(host): + d = host.file('/opt/adguardhome/config') + + assert d.exists + assert d.is_directory + assert d.mode == 0o755 + assert d.user == 'adguard' + assert d.group == 'adguard' + + +def test_adguardhome_config_file(host): + f = host.file('/opt/adguardhome/config/AdGuardHome.yml') + + assert f.exists + assert f.is_file + assert f.mode == 0o644 + assert f.user == 'adguard' + assert f.group == 'adguard' + + +def test_adguardhome_data_dir(host): + d = host.file('/opt/adguardhome') + + assert d.exists + assert d.is_directory + assert d.mode == 0o755 + assert d.user == 'adguard' + assert d.group == 'adguard' + + +def test_adguardhome_binary(host): + f = host.file("/opt/adguardhome/bin/AdGuardHome") + + assert f.exists + assert f.is_file + assert f.mode == 0o755 + assert f.user == 'adguard' + assert f.group == 'adguard' + + +def test_adguardhome_service(host): + s = host.service('adguardhome') + + assert s.is_enabled + assert s.is_running + + +def test_adguardhome_http_service(host): + socket = host.socket('tcp://127.0.0.1:80') + + assert socket.is_listening + + +def test_adguardhome_dns_service(host): + socket = host.socket('tcp://127.0.0.1:53') + + assert socket.is_listening diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 818a72d..95e99c2 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -8,14 +8,16 @@ FROM {{ item.image }} RUN if [ $(command -v apt-get) ]; then \ apt-get update && \ - apt-get install -y python python-pip sudo bash ca-certificates \ + apt-get install -y python3 python3-pip sudo bash ca-certificates \ net-tools && \ + pip3 install --upgrade pip && \ apt-get clean; \ elif [ $(command -v dnf) ]; then \ dnf makecache && \ dnf --assumeyes install \ sudo python3 python3-pip *python-devel python*-dnf bash \ net-tools && \ + pip3 install --upgrade pip && \ dnf clean all; \ elif [ $(command -v yum) ]; then \ yum makecache fast && \ diff --git a/molecule/with-config/Dockerfile.j2 b/molecule/with-config/Dockerfile.j2 new file mode 100644 index 0000000..95e99c2 --- /dev/null +++ b/molecule/with-config/Dockerfile.j2 @@ -0,0 +1,41 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then \ + apt-get update && \ + apt-get install -y python3 python3-pip sudo bash ca-certificates \ + net-tools && \ + pip3 install --upgrade pip && \ + apt-get clean; \ + elif [ $(command -v dnf) ]; then \ + dnf makecache && \ + dnf --assumeyes install \ + sudo python3 python3-pip *python-devel python*-dnf bash \ + net-tools && \ + pip3 install --upgrade pip && \ + dnf clean all; \ + elif [ $(command -v yum) ]; then \ + yum makecache fast && \ + yum install -y epel-release && \ + yum update -y && \ + yum install -y python python-pip python-setuptools sudo \ + yum-plugin-ovl bash net-tools && \ + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && \ + yum clean all; \ + elif [ $(command -v zypper) ]; then \ + zypper refresh && \ + zypper install -y python sudo bash python-xml && \ + zypper clean -a; \ + elif [ $(command -v apk) ]; then \ + apk update && \ + apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then \ + xbps-install -Syu && \ + xbps-install -y python sudo bash ca-certificates && \ + xbps-remove -O; \ + fi diff --git a/molecule/with-config/INSTALL.rst b/molecule/with-config/INSTALL.rst new file mode 100644 index 0000000..6a44bde --- /dev/null +++ b/molecule/with-config/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/with-config/molecule.yml b/molecule/with-config/molecule.yml new file mode 100644 index 0000000..0d59f0b --- /dev/null +++ b/molecule/with-config/molecule.yml @@ -0,0 +1,50 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: centos-7 + image: centos:7 + command: /sbin/init + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: centos-8 + image: centos:8 + command: /sbin/init + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu-16.04 + image: jrei/systemd-ubuntu:16.04 + command: /sbin/init + privileged: true + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu-18.04 + image: jrei/systemd-ubuntu:18.04 + command: /sbin/init + privileged: true + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + lint: + name: ansible-lint +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/with-config/playbook.yml b/molecule/with-config/playbook.yml new file mode 100644 index 0000000..2a711be --- /dev/null +++ b/molecule/with-config/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible-adguardhome diff --git a/molecule/with-config/prepare.yml b/molecule/with-config/prepare.yml new file mode 100644 index 0000000..c46d2c1 --- /dev/null +++ b/molecule/with-config/prepare.yml @@ -0,0 +1,108 @@ +--- +- name: Prepare + hosts: all + tasks: + - name: Create config directory + file: + path: /opt/adguardhome/config + state: directory + mode: "0755" + owner: root + group: root + - name: Create default config file + copy: + dest: /opt/adguardhome/config/AdGuardHome.yml + mode: "0644" + owner: root + group: root + content: | + bind_host: 0.0.0.0 + bind_port: 80 + users: + - name: admin + password: $2a$10$jPInhu056/kjOPSURiPGiumIimDmLKj4d95z4serf97K.KdAthFI. + language: "" + rlimit_nofile: 0 + web_session_ttl: 720 + dns: + bind_host: 0.0.0.0 + port: 53 + statistics_interval: 1 + querylog_enabled: true + querylog_interval: 90 + querylog_memsize: 0 + protection_enabled: true + blocking_mode: null_ip + blocking_ipv4: "" + blocking_ipv6: "" + blocked_response_ttl: 10 + ratelimit: 20 + ratelimit_whitelist: [] + refuse_any: true + bootstrap_dns: + - 9.9.9.9 + - 149.112.112.112 + all_servers: false + edns_client_subnet: false + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: [] + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + cache_size: 4194304 + upstream_dns: + - https://dns.quad9.net/dns-query + filtering_enabled: true + filters_update_interval: 24 + parental_sensitivity: 0 + parental_enabled: false + safesearch_enabled: false + safebrowsing_enabled: false + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + rewrites: [] + blocked_services: [] + tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + allow_unencrypted_doh: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" + filters: + - enabled: true + url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt + name: AdGuard Simplified Domain Names filter + id: 1 + - enabled: false + url: https://adaway.org/hosts.txt + name: AdAway + id: 2 + - enabled: false + url: https://hosts-file.net/ad_servers.txt + name: hpHosts - Ad and Tracking servers only + id: 3 + - enabled: false + url: https://www.malwaredomainlist.com/hostslist/hosts.txt + name: MalwareDomainList.com Hosts List + id: 4 + user_rules: [] + dhcp: + enabled: false + interface_name: "" + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 + clients: [] + log_file: "" + verbose: false + schema_version: 6 diff --git a/molecule/with-config/tests/test_default.py b/molecule/with-config/tests/test_default.py new file mode 100644 index 0000000..84cb3a9 --- /dev/null +++ b/molecule/with-config/tests/test_default.py @@ -0,0 +1,65 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_adguardhome_config_dir(host): + d = host.file('/opt/adguardhome/config') + + assert d.exists + assert d.is_directory + assert d.mode == 0o755 + assert d.user == 'root' + assert d.group == 'root' + + +def test_adguardhome_config_file(host): + f = host.file('/opt/adguardhome/config/AdGuardHome.yml') + + assert f.exists + assert f.is_file + assert f.mode == 0o644 + assert f.user == 'root' + assert f.group == 'root' + + +def test_adguardhome_data_dir(host): + d = host.file('/opt/adguardhome') + + assert d.exists + assert d.is_directory + assert d.mode == 0o755 + assert d.user == 'root' + assert d.group == 'root' + + +def test_adguardhome_binary(host): + f = host.file("/opt/adguardhome/bin/AdGuardHome") + + assert f.exists + assert f.is_file + assert f.mode == 0o755 + assert f.user == 'root' + assert f.group == 'root' + + +def test_adguardhome_service(host): + s = host.service('adguardhome') + + assert s.is_enabled + assert s.is_running + + +def test_adguardhome_http_service(host): + socket = host.socket('tcp://127.0.0.1:80') + + assert socket.is_listening + + +def test_adguardhome_dns_service(host): + socket = host.socket('tcp://127.0.0.1:53') + + assert socket.is_listening