Enhancement/versioned config templates (#7)

ngine-io · Jan 15, 2025 · dd92441 · dd92441
1 parent d16718c
commit dd92441
Show file tree

Hide file tree

Showing 7 changed files with 104 additions and 6 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,6 +2,7 @@
 name: CI
 "on":
   pull_request:
+  workflow_dispatch:
   push:
     branches:
       - main
@@ -38,12 +39,19 @@ jobs:
     name: Molecule
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
-        include:
-          - distro: debian12
-            playbook: converge.yml
-          - distro: rockylinux9
-            playbook: converge.yml
+        distro:
+          - debian12
+          # Temporarily disabled due to "sudo: A password is required" error, see https://github.com/geerlingguy/docker-rockylinux9-ansible/issues/6
+          #- rockylinux9
+        blocky_version:
+          - v0.24
+          - v0.23
+          - v0.22
+          - v0.21
+        playbook:
+          - converge.yml
     steps:
       - name: Check out the codebase.
         uses: actions/checkout@v4
@@ -65,3 +73,4 @@ jobs:
           ANSIBLE_FORCE_COLOR: "1"
           MOLECULE_DISTRO: ${{ matrix.distro }}
           MOLECULE_PLAYBOOK: ${{ matrix.playbook }}
+          MOLECULE_BLOCKY_VERSION: ${{ matrix.blocky_version }}
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 dev
+.vscode
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -18,5 +18,10 @@
         cache_valid_time: 600
       when: ansible_os_family == "Debian"
       changed_when: false
+
+    - name: Define blocky version
+      ansible.builtin.set_fact:
+        blocky__version: "{{ lookup('ansible.builtin.env', 'MOLECULE_BLOCKY_VERSION') }}"
+      when: lookup('ansible.builtin.env', 'MOLECULE_BLOCKY_VERSION') | length > 0
   roles:
     - role: ngine_io.blocky_dns
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -65,9 +65,29 @@
     state: link
   notify: Restart blocky
 
+- name: Determine config template to use
+  block:
+    - name: Clean up version
+      ansible.builtin.set_fact:
+        blocky__version_cleaned: "{{ blocky__version | regex_replace('^v(.*)$', '\\1') }}"
+
+    - name: Get correct template
+      ansible.builtin.set_fact:
+        blocky__config_template: "{{ item.template }}"
+      when: (item.min_version is defined and item.max_version is defined
+                and blocky__version_cleaned is version(item.min_version, '>=') and blocky__version_cleaned is version(item.max_version, '<='))
+            or (item.max_version is defined and item.min_version is not defined and blocky__version_cleaned is version(item.max_version, '<='))
+            or (item.min_version is defined and item.max_version is not defined and blocky__version_cleaned is version(item.min_version, '>='))
+      with_items: "{{ blocky__config_template_versions }}"
+
+    - name: Assert a config template was found
+      ansible.builtin.assert:
+        that: blocky__config_template is defined
+        fail_msg: "No config template found for requested blocky version {{ blocky__version }}! That version might not be supported by this role!"
+
 - name: Configure blocky
   ansible.builtin.template:
-    src: config.yaml.j2
+    src: "{{ blocky__config_template }}"
     dest: "{{ blocky__install_path }}/config.yaml"
     owner: root
     group: root
@@ -97,4 +117,5 @@
   ansible.builtin.wait_for:
     port: "{{ (blocky__ports_dns | string | ansible.builtin.split(':') | last) if ':' in blocky__ports_dns | string else blocky__ports_dns }}"
     delay: 5
+    timeout: 30
   when: blocky__readiness_check_enabled
diff --git a/templates/config.yaml.from_0.24.j2 b/templates/config.yaml.from_0.24.j2
@@ -0,0 +1,55 @@
+# {{ ansible_managed }}
+{% if blocky__hosts_dns_enabled -%}
+# Added to blocky__custom_dns from inventory due to blocky__hosts_dns_enabled=true
+{% for host in groups[blocky__hosts_dns_invenory_group] -%}
+{% set fqdn = host + blocky__hosts_dns_domain %}
+{% if (hostvars[host]["blocky__hosts_dns_ignore"] is undefined or not hostvars[host]["blocky__hosts_dns_ignore"])
+  and fqdn not in blocky__custom_dns
+  and hostvars[host][blocky__hosts_dns_host_ip_var] is defined
+  and host != "localhost" %}
+{% set _ = blocky__custom_dns.update({ fqdn: hostvars[host][blocky__hosts_dns_host_ip_var] }) -%}
+{% else -%}
+# Skipping {{ host }}
+{% endif -%}
+{% endfor -%}
+{% endif -%}
+
+upstreams:
+  groups:
+    {{ blocky__upstreams | to_nice_yaml(indent=2) | trim | indent(4) }}
+
+blocking:
+  blockTTL: 10s
+  denylists:
+    {{ blocky__blocking_blacklists | to_nice_yaml(indent=2) | trim | indent(4) }}
+  clientGroupsBlock:
+    {{ blocky__blocking_client_groups_block | to_nice_yaml(indent=2) | trim | indent(4) }}
+  allowlists:
+    {{ blocky__blocking_whitelists | to_nice_yaml(indent=2) | trim | indent(4) }}
+
+ports:
+  dns: {{ blocky__ports_dns | to_nice_yaml(indent=2) | trim | indent(2) }}
+  http: {{ blocky__ports_http | to_nice_yaml(indent=2) | trim | indent(2) }}
+
+logLevel: {{ blocky__log_level | to_yaml }}
+
+caching:
+  minTime: 5m
+  maxTime: 60m
+  prefetching: true
+
+customDNS:
+  customTTL: 60m
+  filterUnmappedTypes: true
+  rewrite:
+  mapping:
+    {{ blocky__custom_dns | to_nice_yaml(indent=2) | trim | indent(4) }}
+
+conditional:
+  fallbackUpstream: false
+  mapping:
+    {{ blocky__custom_domain | to_nice_yaml(indent=2) | trim | indent(4) }}
+
+prometheus:
+  enable: true
+  path: /metrics
diff --git a/templates/config.yaml.j2 → templates/config.yaml.up_to_0.23.j2 b/templates/config.yaml.j2 → templates/config.yaml.up_to_0.23.j2
diff --git a/vars/main.yml b/vars/main.yml
@@ -1,2 +1,9 @@
 ---
 blocky__base: "blocky-{{ blocky__version }}"
+
+# Mapping of block versions to config templates
+# Must be maintained as blocky evolves. min_version and max_version may be defined for the same template.
+blocky__config_template_versions: [
+  {'max_version': '0.23', 'template': 'config.yaml.up_to_0.23.j2'},
+  {'min_version': '0.24', 'template': 'config.yaml.from_0.24.j2'},
+]