diff --git a/Dockerfile b/Dockerfile index d7eb835..ca2a01a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM quay.io/almalinuxorg/8-init +#checkov:skip=CKV_DOCKER_2: no need for health check +#checkov:skip=CKV_DOCKER_3: no need for special user +FROM quay.io/almalinuxorg/8-init:latest ENV container docker RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); diff --git a/tasks/backups.yml b/tasks/backups.yml index e0f1712..fd23dfa 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags - name: Create backup directories ansible.builtin.file: path: "{{ item }}" diff --git a/tasks/convert_user_to_ldif.yml b/tasks/convert_user_to_ldif.yml index 4010100..34340a8 100644 --- a/tasks/convert_user_to_ldif.yml +++ b/tasks/convert_user_to_ldif.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only - name: Select passwd line ansible.builtin.command: 'grep "^{{ user_data_item.name }}:" /var/tmp/passwd.mig' register: passwd_mig_content diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 952daa7..2356138 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only - name: Open firewall tags: - dyndns diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 7de016a..5f2944c 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags - name: Sync old IMAP account to the current mailbox no_log: yes when: current_user.old_imap_mail is defined diff --git a/tasks/kolab.yml b/tasks/kolab.yml index c2bb8cf..62fe7be 100644 --- a/tasks/kolab.yml +++ b/tasks/kolab.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is used for the tag only - name: Setup kolab tags: users # noqa yaml[line-length] @@ -103,271 +104,269 @@ args: chdir: /usr/src/KolabScripts/kolab -- name: Initiate multi-domain - block: - - name: Configure IMAPD - ansible.builtin.lineinfile: - dest: /etc/imapd.conf - regexp: "^{{ item.key }}: " - line: "{{ item.key }}: {{ item.value }}" - owner: root - group: root - mode: u=rw,go=r - backup: yes - loop: - - key: "ldap_base" - value: "dc=%2,dc=%1" - - key: "ldap_group_base" - value: "dc=%2,dc=%1" - - key: "ldap_member_base" - value: "ou=People,dc=%2,dc=%1" - - key: "ldap_domain_base_dn" - value: "cn=kolab,cn=config" - - key: "ldap_domain_filter" - value: "(&(objectclass=domainrelatedobject)(associateddomain=%s))" - - key: "ldap_domain_name_attribute" - value: "associatedDomain" - - key: "ldap_domain_scope" - value: "sub" - - key: "ldap_domain_result_attribute" - value: "inetdomainbasedn" - - key: "tls_server_cert" - value: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.pem" - - key: "tls_server_key" - value: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.key" - register: kolab_imapd_config_patch - notify: Restart cyrus-imapd - - name: Restart cyrus-imapd - when: kolab_imapd_config_patch.changed - ansible.builtin.systemd_service: - name: cyrus-imapd - daemon_reload: yes - enabled: yes - state: restarted - - name: Configure unique UID across domains - community.general.ini_file: - path: /etc/kolab/kolab.conf - section: kolab - option: unique_uid_across_domains - value: "true" - owner: kolab-n - group: kolab - mode: u=rw,g=r,o= - backup: true - notify: Restart kolab - - name: Collect LDAP Postfix .cf files - ansible.builtin.find: - paths: /etc/postfix/ldap - patterns: '*.cf' - register: postfix_ldap_cf_files - - name: Create custom LDAP Postfix .cf files - when: item.path is not regex(".*_3\.cf$") - ansible.builtin.copy: - src: "{{ item.path }}" - dest: "{{ item.path | replace('.cf', '_3.cf') }}" - remote_src: yes - owner: root - group: root - mode: u=rw,go=r - backup: true - force: false - loop: "{{ postfix_ldap_cf_files.files }}" - notify: Restart postfix - - name: Set query filter in mydestination_3.cf - ansible.builtin.lineinfile: - dest: /etc/postfix/ldap/mydestination_3.cf - regexp: "^query_filter = .*$" - line: 'query_filter = (\&(associateddomain=%s)(associateddomain=*.*.*))' - owner: root - group: root - mode: u=rw,go=r - backup: yes - notify: Restart postfix - - name: "Set search base in {{ item.path }}" - when: item.path is not regex(".*_3\.cf$") - ansible.builtin.lineinfile: - dest: "{{ item.path }}" - regexp: "^search_base = .*$" - line: 'search_base = dc=%2,dc=%1' - owner: root - group: root - mode: u=rw,go=r - backup: yes - loop: "{{ postfix_ldap_cf_files.files }}" - notify: Restart postfix - - name: "Set domain in {{ item.path | replace('.cf', '_3.cf') }}" - when: item.path is not regex(".*_3\.cf$") - ansible.builtin.lineinfile: - dest: "{{ item.path | replace('.cf', '_3.cf') }}" - regexp: "^domain = .*$" - line: 'domain = ldap:/etc/postfix/ldap/mydestination_3.cf' - owner: root - group: root - mode: u=rw,go=r - backup: yes - loop: "{{ postfix_ldap_cf_files.files }}" - notify: Restart postfix - - name: Patch Postfix main.cf - ansible.builtin.lineinfile: - dest: /etc/postfix/main.cf - regexp: "^{{ item.key }} = .*$" - line: '{{ item.key }} = {{ item.value }}' - owner: root - group: root - mode: u=rw,go=r - backup: yes - loop: - - key: "transport_maps" - value: "ldap:/etc/postfix/ldap/transport_maps.cf, \ - ldap:/etc/postfix/ldap/transport_maps_3.cf, hash:/etc/postfix/transport" - - key: "virtual_alias_maps" - value: "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, \ - hash:/etc/postfix/virtual_alias_maps_manual.cf, \ - ldap:/etc/postfix/ldap/virtual_alias_maps_3.cf, \ - ldap:/etc/postfix/ldap/mailenabled_distgroups_3.cf, \ - ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups_3.cf, \ - ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders_3.cf, \ - ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, \ - ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, \ - ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, \ - ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf, \ - ldap:/etc/postfix/ldap/virtual_alias_maps_catchall.cf, \ - ldap:/etc/postfix/ldap/virtual_alias_maps_catchall_3.cf" - - key: "local_recipient_maps" - value: "ldap:/etc/postfix/ldap/local_recipient_maps.cf, \ - ldap:/etc/postfix/ldap/local_recipient_maps_3.cf" - notify: Restart postfix - - name: Set up domain aliases - ansible.builtin.lineinfile: - dest: /etc/postfix/virtual_alias_maps_manual.cf - line: '@{{ item }} @{{ mailserver_domain }}' - owner: root - group: root - mode: u=rw,go=r - backup: yes - create: yes - loop: "{{ custom_domains }}" - notify: Restart postfix - - name: Set up default mail aliases - ansible.builtin.lineinfile: - dest: /etc/postfix/virtual_alias_maps_manual.cf - line: '{{ item }}@{{ mailserver_domain }} \ - {{ mailserver_admin_user }}@{{ mailserver_domain }}' - owner: root - group: root - mode: u=rw,go=r - backup: yes - create: yes - loop: - - abuse - - dmarc-reports - - spam-report - - ham-report - - hostmaster - - postmaster - - root - - ssl - - vpn - - webmaster - notify: Restart postfix - tags: - - users - - name: Set up user mail aliases - ansible.builtin.include_tasks: user_mail_alias.yml - loop: "{{ users }}" - loop_control: - loop_var: user - no_log: true - tags: - - users - - name: Configure Roundcube authentication - ansible.builtin.lineinfile: - dest: /etc/roundcubemail/kolab_auth.inc.php - insertafter: '=> 389,' - line: "{{ item }}" - owner: root - group: root - mode: u=rw,go=r - backup: yes - loop: - - "'domain_base_dn' => 'cn=kolab,cn=config'," - - "'domain_filter' => \ - '(\\&(objectclass=domainrelatedobject)(associateddomain=%s))'," - - "'domain_name_attr' => 'associateddomain'," - notify: Restart kolab - - name: Configure Roundcube organizational units - ansible.builtin.replace: - path: /etc/roundcubemail/kolab_auth.inc.php - regexp: "'ou={{ item }},.*'" - replace: "'ou={{ item }},%dc'" - owner: root - group: root - mode: u=rw,go=r - backup: yes - loop: - - People - - Groups - notify: Restart kolab - - name: Enable freebusy for the main domain - community.general.ini_file: - path: /usr/share/kolab-freebusy/config/config.ini - section: 'directory "kolab-people"' - option: domain_base_dn - value: "%dc" - owner: root - group: root - mode: u=rw,go=r - backup: true - create: yes - notify: Restart kolab - - name: Enable freebusy for all domains - community.general.ini_file: - path: /usr/share/kolab-freebusy/config/config.ini - section: "{{ item }}" - option: base_dn - value: "%dc" - owner: root - group: root - mode: u=rw,go=r - backup: true - create: yes - loop: - - 'directory "kolab-people"' - - 'directory "kolab-resources"' - - 'directory "kolab-resource-collections"' - - httpauth - notify: Restart kolab - - name: Fix global address book - ansible.builtin.replace: - path: /etc/roundcubemail/config.inc.php - regexp: "'ou={{ item }},.*'" - replace: "'ou={{ item }},%dc'" - owner: root - group: root - mode: u=rw,go=r - backup: yes - loop: - - People - - Groups - notify: Restart kolab - - name: Configure kolab.conf - community.general.ini_file: - path: /etc/kolab/kolab.conf - section: kolab_wap - option: "{{ item.key }}" - value: "{{ item.value }}" - owner: kolab-n - group: kolab - mode: u=rw,g=r,o= - backup: true - loop: - - key: 'memcache_hosts' - value: '127.0.0.1:11211' - - key: 'memcache_pconnect' - value: 'true' - notify: - - Restart memcached - - Restart kolab +- name: Configure IMAPD + ansible.builtin.lineinfile: + dest: /etc/imapd.conf + regexp: "^{{ item.key }}: " + line: "{{ item.key }}: {{ item.value }}" + owner: root + group: root + mode: u=rw,go=r + backup: yes + loop: + - key: "ldap_base" + value: "dc=%2,dc=%1" + - key: "ldap_group_base" + value: "dc=%2,dc=%1" + - key: "ldap_member_base" + value: "ou=People,dc=%2,dc=%1" + - key: "ldap_domain_base_dn" + value: "cn=kolab,cn=config" + - key: "ldap_domain_filter" + value: "(&(objectclass=domainrelatedobject)(associateddomain=%s))" + - key: "ldap_domain_name_attribute" + value: "associatedDomain" + - key: "ldap_domain_scope" + value: "sub" + - key: "ldap_domain_result_attribute" + value: "inetdomainbasedn" + - key: "tls_server_cert" + value: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.pem" + - key: "tls_server_key" + value: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.key" + register: kolab_imapd_config_patch + notify: Restart cyrus-imapd +- name: Restart cyrus-imapd + when: kolab_imapd_config_patch.changed + ansible.builtin.systemd_service: + name: cyrus-imapd + daemon_reload: yes + enabled: yes + state: restarted +- name: Configure unique UID across domains + community.general.ini_file: + path: /etc/kolab/kolab.conf + section: kolab + option: unique_uid_across_domains + value: "true" + owner: kolab-n + group: kolab + mode: u=rw,g=r,o= + backup: true + notify: Restart kolab +- name: Collect LDAP Postfix .cf files + ansible.builtin.find: + paths: /etc/postfix/ldap + patterns: '*.cf' + register: postfix_ldap_cf_files +- name: Create custom LDAP Postfix .cf files + when: item.path is not regex(".*_3\.cf$") + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ item.path | replace('.cf', '_3.cf') }}" + remote_src: yes + owner: root + group: root + mode: u=rw,go=r + backup: true + force: false + loop: "{{ postfix_ldap_cf_files.files }}" + notify: Restart postfix +- name: Set query filter in mydestination_3.cf + ansible.builtin.lineinfile: + dest: /etc/postfix/ldap/mydestination_3.cf + regexp: "^query_filter = .*$" + line: 'query_filter = (\&(associateddomain=%s)(associateddomain=*.*.*))' + owner: root + group: root + mode: u=rw,go=r + backup: yes + notify: Restart postfix +- name: "Set search base in {{ item.path }}" + when: item.path is not regex(".*_3\.cf$") + ansible.builtin.lineinfile: + dest: "{{ item.path }}" + regexp: "^search_base = .*$" + line: 'search_base = dc=%2,dc=%1' + owner: root + group: root + mode: u=rw,go=r + backup: yes + loop: "{{ postfix_ldap_cf_files.files }}" + notify: Restart postfix +- name: "Set domain in {{ item.path | replace('.cf', '_3.cf') }}" + when: item.path is not regex(".*_3\.cf$") + ansible.builtin.lineinfile: + dest: "{{ item.path | replace('.cf', '_3.cf') }}" + regexp: "^domain = .*$" + line: 'domain = ldap:/etc/postfix/ldap/mydestination_3.cf' + owner: root + group: root + mode: u=rw,go=r + backup: yes + loop: "{{ postfix_ldap_cf_files.files }}" + notify: Restart postfix +- name: Patch Postfix main.cf + ansible.builtin.lineinfile: + dest: /etc/postfix/main.cf + regexp: "^{{ item.key }} = .*$" + line: '{{ item.key }} = {{ item.value }}' + owner: root + group: root + mode: u=rw,go=r + backup: yes + loop: + - key: "transport_maps" + value: "ldap:/etc/postfix/ldap/transport_maps.cf, \ + ldap:/etc/postfix/ldap/transport_maps_3.cf, hash:/etc/postfix/transport" + - key: "virtual_alias_maps" + value: "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, \ + hash:/etc/postfix/virtual_alias_maps_manual.cf, \ + ldap:/etc/postfix/ldap/virtual_alias_maps_3.cf, \ + ldap:/etc/postfix/ldap/mailenabled_distgroups_3.cf, \ + ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups_3.cf, \ + ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders_3.cf, \ + ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, \ + ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, \ + ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, \ + ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf, \ + ldap:/etc/postfix/ldap/virtual_alias_maps_catchall.cf, \ + ldap:/etc/postfix/ldap/virtual_alias_maps_catchall_3.cf" + - key: "local_recipient_maps" + value: "ldap:/etc/postfix/ldap/local_recipient_maps.cf, \ + ldap:/etc/postfix/ldap/local_recipient_maps_3.cf" + notify: Restart postfix +- name: Set up domain aliases + ansible.builtin.lineinfile: + dest: /etc/postfix/virtual_alias_maps_manual.cf + line: '@{{ item }} @{{ mailserver_domain }}' + owner: root + group: root + mode: u=rw,go=r + backup: yes + create: yes + loop: "{{ custom_domains }}" + notify: Restart postfix +- name: Set up default mail aliases + ansible.builtin.lineinfile: + dest: /etc/postfix/virtual_alias_maps_manual.cf + line: '{{ item }}@{{ mailserver_domain }} \ + {{ mailserver_admin_user }}@{{ mailserver_domain }}' + owner: root + group: root + mode: u=rw,go=r + backup: yes + create: yes + loop: + - abuse + - dmarc-reports + - spam-report + - ham-report + - hostmaster + - postmaster + - root + - ssl + - vpn + - webmaster + notify: Restart postfix + tags: + - users +- name: Set up user mail aliases + ansible.builtin.include_tasks: user_mail_alias.yml + loop: "{{ users }}" + loop_control: + loop_var: user + no_log: true + tags: + - users +- name: Configure Roundcube authentication + ansible.builtin.lineinfile: + dest: /etc/roundcubemail/kolab_auth.inc.php + insertafter: '=> 389,' + line: "{{ item }}" + owner: root + group: root + mode: u=rw,go=r + backup: yes + loop: + - "'domain_base_dn' => 'cn=kolab,cn=config'," + - "'domain_filter' => \ + '(\\&(objectclass=domainrelatedobject)(associateddomain=%s))'," + - "'domain_name_attr' => 'associateddomain'," + notify: Restart kolab +- name: Configure Roundcube organizational units + ansible.builtin.replace: + path: /etc/roundcubemail/kolab_auth.inc.php + regexp: "'ou={{ item }},.*'" + replace: "'ou={{ item }},%dc'" + owner: root + group: root + mode: u=rw,go=r + backup: yes + loop: + - People + - Groups + notify: Restart kolab +- name: Enable freebusy for the main domain + community.general.ini_file: + path: /usr/share/kolab-freebusy/config/config.ini + section: 'directory "kolab-people"' + option: domain_base_dn + value: "%dc" + owner: root + group: root + mode: u=rw,go=r + backup: true + create: yes + notify: Restart kolab +- name: Enable freebusy for all domains + community.general.ini_file: + path: /usr/share/kolab-freebusy/config/config.ini + section: "{{ item }}" + option: base_dn + value: "%dc" + owner: root + group: root + mode: u=rw,go=r + backup: true + create: yes + loop: + - 'directory "kolab-people"' + - 'directory "kolab-resources"' + - 'directory "kolab-resource-collections"' + - httpauth + notify: Restart kolab +- name: Fix global address book + ansible.builtin.replace: + path: /etc/roundcubemail/config.inc.php + regexp: "'ou={{ item }},.*'" + replace: "'ou={{ item }},%dc'" + owner: root + group: root + mode: u=rw,go=r + backup: yes + loop: + - People + - Groups + notify: Restart kolab +- name: Configure kolab.conf + community.general.ini_file: + path: /etc/kolab/kolab.conf + section: kolab_wap + option: "{{ item.key }}" + value: "{{ item.value }}" + owner: kolab-n + group: kolab + mode: u=rw,g=r,o= + backup: true + loop: + - key: 'memcache_hosts' + value: '127.0.0.1:11211' + - key: 'memcache_pconnect' + value: 'true' + notify: + - Restart memcached + - Restart kolab - name: Patch kolab ansible.builtin.command: "bash /usr/src/KolabScripts/kolab/{{ item }}" diff --git a/tasks/ldap.yml b/tasks/ldap.yml index 593437f..ea28001 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -169,8 +169,6 @@ # failed_when: enable_contentsync.rc != 0 and 'There is nothing to set in the cn=Content Synchronization,cn=plugins,cn=config plugin entry' not in enable_contentsync.stderr # notify: "Restart dirsrv@{{ mailserver_hostname }}" -- name: Migrate OS data to LDAP - block: # ansible.builtin.command: /usr/share/migrationtools/migrate_all_online.sh # environment: # DEFAULT_MAIL_DOMAIN: "{{ mailserver_domain }}" @@ -181,39 +179,39 @@ # LDAP_BINDCRED: "{{ ldap_admin_password }}" # LDAP_PROFILE: "yes" # no_log: true - - name: Clean up former migration attempts - ansible.builtin.file: - path: "/var/tmp/{{ migration_file }}" - state: absent - loop: - - passwd.mig - - group.mig - - shadow.mig - - gshadow.mig - - group.ldif - - passwd.ldif - loop_control: - loop_var: migration_file - - name: Set variable for ldapadd command parameters - ansible.builtin.set_fact: - ldapadd_command: 'ldapadd -c -x -h {{ mailserver_domain }} -D "cn=Directory Manager" -w "{{ ldap_admin_password }}" -f ' - no_log: true - - name: Deploy user data extraction script - ansible.builtin.copy: - src: files/ldap/extract_user_data_to_migrate.sh - dest: /var/tmp/ - mode: u=rwx,og=rx - backup: yes - force: yes - owner: root - group: root - - name: Extract user data from the OS - ansible.builtin.command: /var/tmp/extract_user_data_to_migrate.sh - - name: "Update LDAP entries: {{ user_data_item }}" - ansible.builtin.include_tasks: convert_user_to_ldif.yml - loop: "{{ users }}" - loop_control: - loop_var: user_data_item +- name: Clean up former migration attempts + ansible.builtin.file: + path: "/var/tmp/{{ migration_file }}" + state: absent + loop: + - passwd.mig + - group.mig + - shadow.mig + - gshadow.mig + - group.ldif + - passwd.ldif + loop_control: + loop_var: migration_file +- name: Set variable for ldapadd command parameters + ansible.builtin.set_fact: + ldapadd_command: 'ldapadd -c -x -h {{ mailserver_domain }} -D "cn=Directory Manager" -w "{{ ldap_admin_password }}" -f ' + no_log: true +- name: Deploy user data extraction script + ansible.builtin.copy: + src: files/ldap/extract_user_data_to_migrate.sh + dest: /var/tmp/ + mode: u=rwx,og=rx + backup: yes + force: yes + owner: root + group: root +- name: Extract user data from the OS + ansible.builtin.command: /var/tmp/extract_user_data_to_migrate.sh +- name: "Update LDAP entries: {{ user_data_item }}" + ansible.builtin.include_tasks: convert_user_to_ldif.yml + loop: "{{ users }}" + loop_control: + loop_var: user_data_item - name: Add Kolab users no_log: true diff --git a/tasks/os.yml b/tasks/os.yml index 8c7be8a..40ee308 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition - name: Check SELinux status ansible.builtin.command: getenforce changed_when: getenforce.rc == 0 diff --git a/tasks/packages.yml b/tasks/packages.yml index da87551..5b9a4b6 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,4 +1,6 @@ --- +#checkov:skip=CKV2_ANSIBLE_2: HTTPS comes from a loop variable +#checkov:skip=CKV2_ANSIBLE_4: The Remi repo doesn't provide GPG keys - name: Install EL repositories tags: - always diff --git a/tasks/postfix.yml b/tasks/postfix.yml index 5e472e8..ec54477 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only - name: Add vmail group ansible.builtin.group: name: vmail diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 2061937..4ca6587 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only - name: Get latest PowerAdmin version tags: - dyndns diff --git a/tasks/read_wireguard_config.yml b/tasks/read_wireguard_config.yml index 9c13d96..1223b59 100644 --- a/tasks/read_wireguard_config.yml +++ b/tasks/read_wireguard_config.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition - name: Check if WireGuard config exists ansible.builtin.stat: path: "{{ wg_config_file }}" diff --git a/tasks/webdav.yml b/tasks/webdav.yml index 69c76bb..522ebb1 100644 --- a/tasks/webdav.yml +++ b/tasks/webdav.yml @@ -1,4 +1,5 @@ --- +#checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags - name: Render WebDav web config templates tags: - dyndns