Added checkcsp to health-csp

2025-11-04 04:08:15 +00:00 · 2025-05-13 15:43:17 +02:00
parent 894e31bc3f
commit 3cb4cbf0d2
6 changed files with 22 additions and 46 deletions
--- a/roles/health-csp/README.md
+++ b/roles/health-csp/README.md
@@ -2,7 +2,7 @@

 ## Description

-This Ansible role automates the validation of [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP) enforcement for all configured domains by crawling them using a Puppeteer-based Node.js script.
+This Ansible role automates the validation of [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP) enforcement for all configured domains by crawling them using a [CSP Checker](https://github.com/kevinveenbirkenbach/csp-checker).

 ## Overview

@@ -15,24 +15,6 @@ Designed for Archlinux systems, this role periodically checks whether web resour
 - **Automated Execution:** Registers a systemd service and timer for recurring health checks.
 - **Error Notification:** Integrates with `systemd-notifier` for alerting on failure.

-## Dependencies
-
-This role depends on the following:
-
- [`nodejs`](../nodejs/)
- [`npm`](../npm/)
- [`systemd-notifier`](../systemd-notifier/)
- [`systemd-timer`](../systemd-timer/)
-
-## Configuration
-
-Set the following variables to customize behavior:
-
-```yaml
-health_csp_crawler_folder: "{{ path_administrator_scripts }}health-csp/"
-on_calendar_health_csp_crawler: "daily"
-```
-
 ## License

 CyMaIS NonCommercial License (CNCL)
--- a/roles/health-csp/meta/main.yml
+++ b/roles/health-csp/meta/main.yml
@@ -24,6 +24,4 @@ galaxy_info:
  issue_tracker_url: "https://s.veen.world/cymaisissues"
  documentation: "https://s.veen.world/cymais"
 dependencies:
-  - systemd-notifier
-  - nodejs
-  - npm
+  - systemd-notifier
--- a/roles/health-csp/tasks/main.yml
+++ b/roles/health-csp/tasks/main.yml
@@ -1,46 +1,44 @@
+- name: "pkgmgr install"
+  include_role:
+    name: pkgmgr-install
+  vars:
+    package_name: checkcsp
+  when: run_once_backup_docker_to_local is not defined
+
 - name: "create {{ health_csp_crawler_folder }}"
  file:
    path: "{{ health_csp_crawler_folder }}"
    state: directory
    mode: 0755
-
- name: "Install puppeteer if node_modules not yet present"
-  ansible.builtin.command:
-    cmd: npm install puppeteer
-    chdir: "{{ health_csp_crawler_folder }}"
-    creates: "{{ health_csp_crawler_folder }}/node_modules"
-
- name: Check if puppeteer is usable
-  command: node -e "require('puppeteer')"
-  args:
-    chdir: "{{ health_csp_crawler_folder }}"
-  register: puppeteer_check
-  failed_when: puppeteer_check.rc != 0
+  when: run_once_backup_docker_to_local is not defined

 - name: copy health-csp.py
  copy:
    src: health-csp.py
    dest: "{{ health_csp_crawler_script }}"
    mode: 0755
-
- name: copy health-csp.js
-  copy:
-    src: health-csp.js
-    dest: "{{ health_csp_crawler_node }}"
-    mode: 0755
+  when: run_once_backup_docker_to_local is not defined

 - name: create health-csp.cymais.service
  template:
    src: health-csp.service.j2
    dest: /etc/systemd/system/health-csp.cymais.service
  notify: reload health-csp.cymais.service
+  when: run_once_backup_docker_to_local is not defined

 - name: set service_name to role_name
  set_fact:
    service_name: "{{ role_name }}"
+  when: run_once_backup_docker_to_local is not defined

 - name: include systemd timer role
  include_role:
    name: systemd-timer
  vars:
    on_calendar: "{{ on_calendar_health_csp_crawler }}"
+  when: run_once_backup_docker_to_local is not defined
+
+- name: run the backup_docker_to_local tasks once
+  set_fact:
+    run_once_backup_docker_to_local: true
+  when: run_once_backup_docker_to_local is not defined
--- a/roles/health-csp/templates/health-csp.service.j2
+++ b/roles/health-csp/templates/health-csp.service.j2
@@ -5,5 +5,4 @@ OnFailure=systemd-notifier.cymais@%n.service
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/python3 {{ health_csp_crawler_script }} \
-  --nginx-config-dir={{ nginx.directories.http.servers }} \
-  --script={{ health_csp_crawler_node }}
+  --nginx-config-dir={{ nginx.directories.http.servers }}
--- a/roles/health-csp/vars/main.yml
+++ b/roles/health-csp/vars/main.yml
@@ -1,3 +1,2 @@
 health_csp_crawler_folder: "{{ path_administrator_scripts }}health-csp/"
-health_csp_crawler_script: "{{ health_csp_crawler_folder }}health-csp.py"
-health_csp_crawler_node: "{{ health_csp_crawler_folder }}health-csp.js"
+health_csp_crawler_script: "{{ health_csp_crawler_folder }}health-csp.py"
--- a/roles/nginx/meta/main.yml
+++ b/roles/nginx/meta/main.yml
@@ -1,3 +1,3 @@
 dependencies:
  - health-nginx
-#  - health-csp
+  - health-csp