Auto commit without commit message

.gitmodules

@@ -518,3 +518,6 @@
 [submodule "roles/dev-sec.apache-hardening"]
 	path = roles/dev-sec.apache-hardening
 	url = https://github.com/dev-sec/ansible-apache-hardening.git
+[submodule "roles_ypid/debops.apache"]
+	path = roles_ypid/debops.apache
+	url = https://github.com/debops/ansible-apache.git

bin/debops-optimize

@@ -18,7 +18,7 @@ set -o nounset -o pipefail -o errexit
 # Use:
 # * :file:`/etc/issue` Can also be a AppArmor wildcard pattern.
 #   Check: http://wiki.apparmor.net/index.php/QuickProfileLanguage#File_Globbing
-#	A regex dialect is undesired for readability reasons.
+#   A regex dialect is undesired for readability reasons.
 # * :command:`rm`: The name of an OS-level command, such as `rm`. Used when
 #   referring to a program primely used in the shell (CLI interface) by sysadmins
 #   and/or users.
@@ -39,6 +39,7 @@ cd "$(git rev-parse --show-toplevel)" || exit
 role_full_name="$(basename "$PWD")"
 role_name="${role_full_name#*.}"
 role_owner="${role_full_name%.*}"
+is_ansible_role=true
 if [ "${role_owner}" == "${role_full_name}" ]
 then
     echo "Using workaround to work with Ansible role names not following Ansible Galaxy convention."
@@ -50,47 +51,54 @@ then
 fi
 echo "Running debops-optimize for: '$role_name', full role name: '${role_full_name:-}', role owner is: '${role_owner:-}'"
 
+if [ ! -e 'meta/main.yml' ]
+then
+    echo "This repository is not a Ansible role. Disabling Ansible role optimizations."
+    is_ansible_role=false
+fi
+
 ## For testing:
 # git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?defaults/.*\.yml|.*\.rst)$' -print0 | \
 #     xargs --null sed --in-place --regexp-extended '
 #     '
 
 # echo '``apt-cache.{{ ansible_domain }}``. This subdomain should be configured in the' | \
-	# sed --regexp-extended '
+    # sed --regexp-extended '
 
 # exit 0
 
-git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?defaults/.*\.yml|.*\.rst)$' -print0 | \
-	xargs --null sed --in-place --regexp-extended '
-		s/``(\/[^`]+[^`0-9])``/:file:`\1`/g;
-		s/``([^`]+\w+(:?\.(:?yml|yaml|rst|j2|ini|pem|crt|conf)|\/))``/:file:`\1`/g;
-		s/``((:?whereami|fail2ban|libvirtd|pki-realm|pki-authority|acme-tiny|apt-(:?cacher-ng|proxy)|nginx|etckeeper|irqbalance|rsnapshot|mysqld|collectd|ntpd|xinetd|opsi-product-updater|automysqlbackup|cron|dhclient|ferm|ferment)\b[^`{.]*?[^_]?)``/:program:`\1`/g;
-		s/``((:?hostname|sudo|sysctl|which|fsck|mysql|mkfs|openssl|chattr|lsattr|gnutls|brctl|smbclient|update-ca-certificates|debootstrap|lxc|ansible(:?-vault|-playbook)?|debops-padlock|vgcreate|firejail|xpra|yaml2rst|occ|check_mk|docker|setxkbmap|setxkbmap -query|xmllint|gpg2?|git|hg|bzr|darcs|apt|dpkg|rpm|pacman|pacman-g2|yum|dnf|zypper|rsync|ssh|ip|ip(6|\(6\))?tables|netstat|shellcheck)\b[^ /`.{]*?[^_]?)``/:command:`\1`/g;
-		s/``([[:lower:]_.-]+\([[:digit:]]\))``/:manpage:`\1`/g;
-		s/``([[:alnum:]_]+__[^*?` ]+?[^*?` _])``/:envvar:`\1`/g;
-		s/:any:/:envvar:/g;
-		s/`([[:alnum:]_-]+\.[[:alnum:]_-]+)`_/\1_/g;
-		s/``(debops\.[[:alnum:]_-]+)``/\1_/g;
-		s/``(ypid\.[[:alnum:]_-]+)``/\1_/g;
-		s/([^[:alnum:]`@_]\b(:?drybjed|ypid|ganto|htgoebel|nickjj|scibi|do3cc|AnBuKu|thiagotalma|jacksingleton|ser|yuvadm|pedroluislopez|patrickheeney|le9i0nx))([^[:alnum:]\/@_.>:-])/\1_\3/g;
-		s/\*\*(drybjed|ypid|ganto|htgoebel|nickjj|scibi|do3cc|AnBuKu|thiagotalma|jacksingleton|ser|yuvadm|pedroluislopez|patrickheeney|le9i0nx)\*\*/\1_/g;
-		s/([^`])(debops tools)([^`/ ])/\1`DebOps Tools`_\3/gi;
-		s/The current role maintainer is/The current role maintainer_ is/gi;
-		s/\<e\.g\./e. g./g;
-		s#debops project#DebOps project#gi;
-		s#(`Semantic Versioning <[^>]+>`_)\b#\1_#g;
-		s#`(human-readable changelog) <http://keepachangelog.com/>`_\b#`\1 <http://keepachangelog.com/en/0.3.0/>`__#;
-		s#`(human-readable changelog) <http://keepachangelog.com/>`__#`\1 <http://keepachangelog.com/en/0.3.0/>`__#;
-		s#Default variables: configuration#Default variable details#;
-		s#Configuration of other Ansible roles#Configuration for other Ansible roles#;
-		s#This variable is intended to be used in the inventory of the host#This variable is intended to be used in the inventory of hosts#;
-	'
+git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?defaults/.*\.yml|.*\.rst)$' -and -not -name 'README.rst' -print0 | \
+    xargs --null sed --in-place --regexp-extended '
+        s/``(\/[^`]+[^`0-9])``/:file:`\1`/g;
+        s/``([^`]+\w+(:?\.(:?yml|yaml|rst|j2|ini|pem|crt|conf)|\/))``/:file:`\1`/g;
+        s/``((:?whereami|fail2ban|libvirtd|pki-realm|pki-authority|acme-tiny|apt-(:?cacher-ng|proxy)|nginx|etckeeper|irqbalance|rsnapshot|mysqld|collectd|ntpd|xinetd|opsi-product-updater|automysqlbackup|cron|dhclient|ferm|ferment)\b[^`{.]*?[^_]?)``/:program:`\1`/g;
+        s/``((:?hostname|sudo|sysctl|which|fsck|mysql|mkfs|openssl|chattr|lsattr|gnutls|brctl|smbclient|update-ca-certificates|debootstrap|lxc|ansible(:?-vault|-playbook)?|debops-padlock|vgcreate|firejail|xpra|yaml2rst|occ|check_mk|docker|setxkbmap|setxkbmap -query|xmllint|gpg2?|git|hg|bzr|darcs|apt|dpkg|rpm|pacman|pacman-g2|yum|dnf|zypper|rsync|ssh|ip|ip(6|\(6\))?tables|netstat|shellcheck)\b[^ /`.{]*?[^_]?)``/:command:`\1`/g;
+        s/``([[:lower:]_.-]+\([[:digit:]]\))``/:manpage:`\1`/g;
+        s/``([[:alnum:]_]+__[^*?` ]+?[^*?` _])``/:envvar:`\1`/g;
+        s/:any:/:envvar:/g;
+        s/`([[:alnum:]_-]+\.[[:alnum:]_-]+)`_/\1_/g;
+        s/``(debops\.[[:alnum:]_-]+)``/\1_/g;
+        s/``(ypid\.[[:alnum:]_-]+)``/\1_/g;
+        s/([^[:alnum:]`@_]\b(:?drybjed|ypid|ganto|htgoebel|nickjj|scibi|do3cc|AnBuKu|thiagotalma|jacksingleton|ser|yuvadm|pedroluislopez|patrickheeney|le9i0nx))([^[:alnum:]\/@_.>:-])/\1_\3/g;
+        s/\*\*(drybjed|ypid|ganto|htgoebel|nickjj|scibi|do3cc|AnBuKu|thiagotalma|jacksingleton|ser|yuvadm|pedroluislopez|patrickheeney|le9i0nx)\*\*/\1_/g;
+        s/([^`])(debops tools)([^`/ ])/\1`DebOps Tools`_\3/gi;
+        s/The current role maintainer is/The current role maintainer_ is/gi;
+        s/\<e\.g\./e. g./g;
+        s#debops project#DebOps project#gi;
+        s#(`Semantic Versioning <[^>]+>`_)\b#\1_#g;
+        s#`(human-readable changelog) <http://keepachangelog.com/>`_\b#`\1 <http://keepachangelog.com/en/0.3.0/>`__#;
+        s#`(human-readable changelog) <http://keepachangelog.com/>`__#`\1 <http://keepachangelog.com/en/0.3.0/>`__#;
+        s#Default variables: configuration#Default variable details#;
+        s#Configuration of other Ansible roles#Configuration for other Ansible roles#;
+        s#This variable is intended to be used in the inventory of the host#This variable is intended to be used in the inventory of hosts#;
+        s#Ensure specified packages are in there desired state#Ensure specified packages are in their desired state#;
+    '
 
 git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?meta/.*\.yml)$' -print0 | \
-	xargs --null sed --in-place --regexp-extended '
-		s#GNU General Public License v3#GPL-3.0#;
-		s#categories:#galaxy_tags:#;
-	'
+    xargs --null --no-run-if-empty sed --in-place --regexp-extended '
+        s#GNU General Public License v3#GPL-3.0#;
+        s#categories:#galaxy_tags:#;
+    '
 
 # https://github.com/debops/docs/issues/139
 test -e docs/defaults-configuration.rst && mv docs/defaults-configuration.rst docs/defaults-detailed.rst
@@ -100,16 +108,16 @@ sed --in-place --regexp-extended 's#defaults-configuration#defaults-detailed#;'
 # HTTPS everywhere
 # LICENSE should be done in a global replace to decease commit review noise.
 git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -not -regex '(:?LICENSE|README.md)$' -print0 | \
-	xargs --null sed --in-place --regexp-extended '
-		s#http://(ansible\.com|debops\.org|docs\.debops\.org|www\.gnu\.org|stackoverflow\.com|nginx\.org)#https://\1#g;
-		s#Copyright \(C\) ([[:digit:],-]+) DebOps Project#Copyright (C) \1 DebOps#gi;
-		s#set -eu -o pipefail#set -o nounset -o pipefail -o errexit#gi;
-	'
+    xargs --null sed --in-place --regexp-extended '
+        s#http://(ansible\.com|debops\.org|docs\.debops\.org|www\.gnu\.org|stackoverflow\.com|nginx\.org)#https://\1#g;
+        s#Copyright \(C\) ([[:digit:],-]+) DebOps Project#Copyright (C) \1 DebOps#gi;
+        s#set -eu -o pipefail#set -o nounset -o pipefail -o errexit#gi;
+    '
 
 git ls-files -z | xargs --null -I '{}' find '{}' -type f -print0 | \
-	xargs --null sed --in-place --regexp-extended '
-		s/\(This file is managed remotely, all changes will be lost\|This file is managed remotely, some changes might be overwritten\|This file is managed by Ansible, all changes will be lost\)/{{ ansible_managed }}/g
-	'
+    xargs --null sed --in-place --regexp-extended '
+        s/\(This file is managed remotely, all changes will be lost\|This file is managed remotely, some changes might be overwritten\|This file is managed by Ansible, all changes will be lost\)/{{ ansible_managed }}/g
+    '
 
 # Disabled due to false positives:
 # s/([[:lower:]_-]+\([[:digit:]]\))(\s)/:manpage:`\1`\2/g;  ## Would also match: d(1)
@@ -120,35 +128,41 @@ git ls-files -z | xargs --null -I '{}' find '{}' -type f -print0 | \
 
 ## Revert a change for the role itself because a self reference (currently points to GitHub) might be confusing.
 git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?defaults/.*\.yml|.*\.rst)$' -print0 | \
-	xargs --null sed --in-place --regexp-extended "
-			s/\b${role_full_name}_\b/\`\`${role_full_name}\`\`/g;
-		"
+    xargs --null sed --in-place --regexp-extended "
+            s/\b${role_full_name}_\b/\`\`${role_full_name}\`\`/g;
+        "
 
 ## Revert a change for deprecated roles (might be removed from the documentation at some point) or falsely detected roles.
 git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?defaults/.*\.yml|.*\.rst)$' -print0 | \
-	xargs --null sed --in-place --regexp-extended "
-			s/\b(debops\.(:?php5|sshkeys|cfg))_\b/\`\`\1\`\`/g;
-		"
+    xargs --null sed --in-place --regexp-extended "
+            s/\b(debops\.(:?php5|sshkeys|cfg))_\b/\`\`\1\`\`/g;
+        "
 
 ## Revert other changes.
 git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?defaults/.*\.yml|.*\.rst)$' -print0 | \
-	xargs --null sed --in-place --regexp-extended '
-			s/:envvar:`((:?bootstrap__admin_system_home|bootstrap__admin_name|bootstrap__admin_manage_existing|owncloud__enable_occ_shortcut|php__pool_default|php__version|inventory__host_environment|inventory__group_environment|inventory__environment|tinc__compression|tinc__connect_to_mesh0|owncloud__subdomain))`/``\1``/g;
-		'
+    xargs --null sed --in-place --regexp-extended '
+            s/:envvar:`((:?bootstrap__admin_system_home|bootstrap__admin_name|bootstrap__admin_manage_existing|owncloud__enable_occ_shortcut|php__pool_default|php__version|inventory__host_environment|inventory__group_environment|inventory__environment|tinc__compression|tinc__connect_to_mesh0|owncloud__subdomain|apt__conditional_whitelist))`/``\1``/g;
+        '
 
 ## Revert changes only for debops-playbooks
-git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?defaults/.*\.yml|.*\.rst)$' -print0 | \
-	xargs --null sed --in-place --regexp-extended '
-			s/:envvar:`((:?apt_preferences__preset_list))`/``\1``/g;
-		'
+if [ "$role_name" == 'playbooks' ]
+then
+    git ls-files -z | xargs --null -I '{}' find '{}' -type f -regextype posix-extended -regex '(:?defaults/.*\.yml|.*\.rst)$' -print0 | \
+        xargs --null sed --in-place --regexp-extended '
+                s/:envvar:`((:?[^`]+__[^`]+))`/``\1``/g;
+            '
+fi
 
-if ! grep -qF 'https://galaxy.ansible.com/api/v1/notifications/' .travis.yml
+if [ "$is_ansible_role" == true ]
 then
-	cat << EOF >> .travis.yml
+    if ! grep -qF 'https://galaxy.ansible.com/api/v1/notifications/' .travis.yml
+    then
+        cat << EOF >> .travis.yml
 notifications:
   webhooks:
     - 'https://galaxy.ansible.com/api/v1/notifications/'
 EOF
+    fi
 fi
 
 echo "Done. Be sure to review the changes."

playbooks/ypid-playbooks/show_host_groups.yml

@@ -1,13 +1,12 @@
 ---
 
-- name: Show host groups
+- name: Show Ansible inventory groups
   hosts: [ 'all' ]
-  ## Don’t require network access.
   gather_facts: False
   become: False
 
   tasks:
 
     - name: Show host groups
       debug:
-        msg: '{{ hostvars[inventory_hostname]["group_names"] | sort }}'
+        var: 'group_names'