vhost: move variable definition from set_fact to vars

roles/apt_repository/meta/argument_specs.yaml

@@ -22,10 +22,9 @@ argument_specs:
         required: false
         default: ''
       repo_suite:
-        description: Suite of the repository. Usually distribution codename.
+        description: Suite of the repository. Usually distribution codename. Defaults to value of `ansible_distribution_release`.
         type: str
         required: false
-        default: "{{ ansible_distribution_release }}"
       repo_components:
         description: Components of the repository to use
         type: list

roles/apt_repository/tasks/main.yaml

@@ -1,4 +1,11 @@
 ---
+- name: Deprecation notification
+  ansible.builtin.debug:
+    msg: |
+      The role uumas.general.apt_repository is deprecated and will be removed soon!
+      Switch to ansible.builtin.deb822_repository.
+  changed_when: true
+
 - name: Install dependencies
   ansible.builtin.apt:
     name:

roles/automatic_updates/meta/argument_specs.yaml

@@ -0,0 +1,8 @@
+---
+argument_specs:
+  main:
+    short_description: Automatic updates
+    description:
+      - This role enables automatic package updates.
+      - It currently supports Debian and Ubuntu.
+    options: {}

roles/automatic_updates/tasks/main.yaml

@@ -0,0 +1,14 @@
+---
+- name: Ensure host distribution is supported
+  ansible.builtin.import_role:
+    name: compatcheck
+  vars:
+    compatcheck_supported_distributions:
+      - name: debian
+        version_min: 11
+      - name: ubuntu
+        version_min: 24
+
+- name: Install unatteded-upgrades
+  ansible.builtin.apt:
+    name: unattended-upgrades

roles/caddy/tasks/main.yaml

@@ -7,17 +7,20 @@
       - name: debian
         version_min: 11
       - name: ubuntu
-        version_min: 20
+        version_min: 22
+
+- name: Ensure legacy caddy apt repository not present
+  ansible.builtin.file:
+    path: /etc/apt/sources.list.d/caddy-stable.list
+    state: absent
 
 - name: Add caddy apt repository
-  ansible.builtin.include_role:
-    name: apt_repository
-  vars:
-    repo_name: caddy-stable
-    repo_url: https://dl.cloudsmith.io/public/caddy/stable/deb/debian
-    repo_key_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
-    repo_suite: any-version
-    repo_components:
+  ansible.builtin.deb822_repository:
+    name: caddy-stable
+    uris: https://dl.cloudsmith.io/public/caddy/stable/deb/debian
+    signed_by: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
+    suites: any-version
+    components:
       - main
   when: >
     (ansible_distribution == 'Debian' and ansible_distribution_major_version | int == 11) or

roles/locale/defaults/main.yaml

@@ -3,12 +3,10 @@ locale_package: []
 locale_gen: true
 locale_configure: true
 
-gen_locales:
+locale_gen_locales:
   - en_US.UTF-8
   - en_GB.UTF-8
 
-locale_gen_locales: "{{ gen_locales }}"
-
 locale_lang: "{{ lang | default('en_US.UTF-8') }}"
 locale_lc_messages: "{{ locale_lang }}"
 locale_formats: "{{ locale_lang }}"

roles/locale/tasks/main.yaml

@@ -1,4 +1,16 @@
 ---
+- name: Ensure host distribution is supported
+  ansible.builtin.import_role:
+    name: compatcheck
+  vars:
+    compatcheck_supported_distributions:
+      - name: debian
+        version_min: 10
+      - name: ubuntu
+        version_min: 24
+      - name: fedora
+        version_min: 39
+
 - name: Include variables for os family {{ ansible_os_family }}
   ansible.builtin.include_vars: "{{ ansible_os_family }}.yaml"
 
@@ -10,7 +22,7 @@
 - name: Generate locales
   community.general.locale_gen:
     name: "{{ item }}"
-  loop: "{{ gen_locales }}"
+  loop: "{{ locale_gen_locales }}"
   when: locale_gen
 
 - name: Put default locale config in place

roles/locale/vars/Archlinux.yaml

@@ -1,2 +0,0 @@
----
-locale_config: /etc/locale.conf

roles/packages/tasks/main.yaml

@@ -1,4 +1,11 @@
 ---
+- name: Deprecation notification
+  ansible.builtin.debug:
+    msg: |
+      The role uumas.general.packages is deprecated and will be removed soon!
+      Just use ansible.builtin.apt or .dnf directly, this does nothing special.
+  changed_when: true
+
 - name: Include tasks for apt as package manager
   ansible.builtin.include_tasks: apt.yaml
   when: ansible_pkg_mgr == 'apt'

roles/prometheus_node_exporter/tasks/main.yaml

@@ -1,4 +1,14 @@
 ---
+- name: Ensure host distribution is supported
+  ansible.builtin.import_role:
+    name: compatcheck
+  vars:
+    compatcheck_supported_distributions:
+      - name: debian
+        version_min: 11
+      - name: ubuntu
+        version_min: 24
+
 - name: Install prometheus node exporter
   ansible.builtin.apt:
     name: prometheus-node-exporter

roles/ssh/defaults/main.yaml

@@ -1,3 +1,2 @@
 ---
-sshd_x11_forwarding: false
-sshd_password_auth: false
+ssh_password_auth: false

roles/ssh/tasks/main.yaml

@@ -8,6 +8,6 @@
     validate: '/usr/sbin/sshd -t -f %s'
   notify: Restart sshd
   with_dict:
-    PermitRootLogin: 'prohibit-password'
-    PasswordAuthentication: "{{ 'yes' if sshd_password_auth else 'no' }}"
-    X11Forwarding: "{{ 'yes' if sshd_x11_forwarding else 'no' }}"
+    PermitRootLogin: "prohibit-password"
+    PasswordAuthentication: "{{ 'yes' if ssh_password_auth else 'no' }}"
+    X11Forwarding: "no"

roles/users/tasks/main.yaml

@@ -1,4 +1,16 @@
 ---
+- name: Ensure host distribution is supported
+  ansible.builtin.import_role:
+    name: compatcheck
+  vars:
+    compatcheck_supported_distributions:
+      - name: debian
+        version_min: 11
+      - name: ubuntu
+        version_min: 24
+      - name: fedora
+        version_min: 39
+
 - name: Ensure sudo is installed
   ansible.builtin.package:
     name: sudo

roles/vhost/tasks/caddy.yaml

@@ -6,7 +6,7 @@
     # yamllint disable rule:line-length
     block: |
       {{ vhost_domains | join(' ') }} {
-        {% for location in vhost_locations_all %}
+        {% for location in _vhost_locations_complete %}
         handle {{ location.path }} {
           {% for header in location.delete_headers %}
           header -{{ header }}

roles/vhost/tasks/main.yaml

@@ -14,40 +14,6 @@
     - vhost_redirect_preserve_path
     - vhost_redirect_target.endswith('/')
 
-- name: Reset vhost_locations_all
-  ansible.builtin.set_fact:
-    vhost_locations_all: []
-- name: Set vhost_locations_all reverse proxies
-  ansible.builtin.set_fact:
-    vhost_locations_all: >
-      {{ vhost_locations_all + [{
-      'path': item.path,
-      'type': item.type | default(vhost_type),
-      'headers': item.headers | default(vhost_headers),
-      'delete_headers': item.delete_headers | default(vhost_delete_headers),
-
-      'basicauth': item.basicauth | default(vhost_basicauth),
-      'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),
-
-      'proxy_target_netproto': item.proxy_target_netproto | default(vhost_proxy_target_netproto),
-      'proxy_target_protocol': item.proxy_target_protocol | default(vhost_proxy_target_protocol),
-      'proxy_target_host': item.proxy_target_host | default(vhost_proxy_target_host),
-      'proxy_target_port': item.proxy_target_port | default(vhost_proxy_target_port if
-        vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'tcp' else ''),
-      'proxy_target_socket': item.proxy_target_socket | default(vhost_proxy_target_socket if
-        vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'unix' else ''),
-      'proxy_delete_headers': item.proxy_delete_headers | default(vhost_proxy_delete_headers),
-
-      'redirect_target': item.redirect_target | default(vhost_redirect_target if vhost_type == 'redirect' else ''),
-      'redirect_preserve_path': item.redirect_preserve_path | default(vhost_redirect_preserve_path),
-      'redirect_preserve_query': item.redirect_preserve_query | default(vhost_redirect_preserve_query),
-      'redirect_type': item.redirect_type | default(vhost_redirect_type),
-
-      'respond_content': item.respond_content | default(vhost_respond_content if vhost_type == 'respond' else ''),
-      'respond_content_type': item.respond_content_type | default(vhost_respond_content_type)
-      }] }}
-  loop: "{{ vhost_locations + [{'path': ''}] }}"
-
 - name: "Setup {{ vhost_id + ' vhost on ' + vhost_web_server }}"
   ansible.builtin.include_tasks: "{{ vhost_web_server }}.yaml"
   when: vhost_web_server != 'none'

roles/vhost/vars/main.yaml

@@ -0,0 +1,34 @@
+---
+_vhost_location_defaults:
+  type: "{{ vhost_type }}"
+  headers: "{{ vhost_headers }}"
+  delete_headers: "{{ vhost_delete_headers }}"
+
+  basicauth: "{{ vhost_basicauth }}"
+  basicauth_users: "{{ vhost_basicauth_users }}"
+
+  proxy_target_netproto: "{{ vhost_proxy_target_netproto }}"
+  proxy_target_protocol: "{{ vhost_proxy_target_protocol }}"
+  proxy_target_host: "{{ vhost_proxy_target_host }}"
+  proxy_target_port: "{{ vhost_proxy_target_port if
+    vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'tcp' else '' }}"
+  proxy_target_socket: "{{ vhost_proxy_target_socket if
+    vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'unix' else '' }}"
+  proxy_delete_headers: "{{ vhost_proxy_delete_headers }}"
+
+  redirect_target: "{{ vhost_redirect_target if vhost_type == 'redirect' else '' }}"
+  redirect_preserve_path: "{{ vhost_redirect_preserve_path }}"
+  redirect_preserve_query: "{{ vhost_redirect_preserve_query }}"
+  redirect_type: "{{ vhost_redirect_type }}"
+
+  respond_content: "{{ vhost_respond_content if vhost_type == 'respond' else '' }}"
+  respond_content_type: "{{ vhost_respond_content_type }}"
+
+_vhost_locations: "{{ vhost_locations + [{'path': ''}] }}"
+
+_vhost_locations_complete: "{{
+  _vhost_locations
+  | map('combine', _vhost_location_defaults)
+  | zip(_vhost_locations)
+  | map('combine') 
+}}"