OP#563 add confdroid_selinux and confdroid_ssh

Jenkinsfile

@@ -1,116 +0,0 @@
-pipeline {
-    agent {
-      label 'puppet'
-    }
-
-    post {
-        always {
-            deleteDir() /* clean up our workspace */
-        }
-        success {
-            updateGitlabCommitStatus state: 'success'
-        }
-        failure {
-            updateGitlabCommitStatus state: 'failed'
-            step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
-        }
-    }
-
-    options {
-          gitLabConnection('gitlab.confdroid.com')
-    }
-
-    stages {
-
-      stage('pull master') {
-        steps {
-          sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
-            sh '''
-                git config user.name "Jenkins Server"
-                git config user.email jenkins@confdroid.com
-                # Ensure we're on the development branch (triggered by push)
-                git checkout development
-                # Create jenkins branch from development
-                git checkout -b jenkins-build-$BUILD_NUMBER
-                # Optionally merge master into jenkins to ensure compatibility
-                git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
-            '''
-        }
-      }
-    }
-
-      stage('SonarScan') {
-         steps {
-            withCredentials([string(credentialsId: 'sonar-token-12ww1160', variable: 'SONAR_TOKEN')]) {
-              sh '''
-              /opt/sonar-scanner/bin/sonar-scanner \
-                -Dsonar.projectKey=puppet_collection \
-                -Dsonar.sources=. \
-                -Dsonar.host.url=https://sonarqube.confdroid.com \
-                -Dsonar.token=$SONAR_TOKEN
-                '''
-              }
-            }
-          }
-
-      stage('update repo') {
-        steps {
-          sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
-            sh '''
-                git config user.name "Jenkins Server"
-                git config user.email jenkins@confdroid.com
-                git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
-                git push origin HEAD:master
-            '''
-        }
-      }
-    }
-
-         stage('Mirror to Gitea') {
-             steps {
-                withCredentials([usernamePassword(
-                credentialsId: 'Jenkins-gitea',
-                usernameVariable: 'GITEA_USER',
-                passwordVariable: 'GITEA_TOKEN')]) {
-                script {
-                    // Checkout from GitLab (already done implicitly)
-                    sh '''
-                        git checkout master
-                        git pull origin master
-                        git branch -D development
-                        git branch -D jenkins-build-$BUILD_NUMBER
-                        git rm -f Jenkinsfile
-                        git rm -r --cached .vscode || echo "No .vscode to remove from git"
-                        git commit --amend --no-edit --allow-empty
-                        git remote add master https://sourcecode.confdroid.com/confdroid/puppet_collection.git
-                        git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
-                        push master --mirror
-                    '''
-					}
-				}
-			}
-		}
-
-         stage('Mirror to Github - Grizzlycoda') {
-             steps {
-              sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
-                sh '''
-                  git remote set-url --push master git@github.com:grizzlycoda/puppet_collection.git
-                  git push master --mirror
-                '''
-        }
-      }
-	  }
-
-         stage('Mirror to Github - 12ww1160') {
-             steps {
-              sshagent(['key-github-12ww160-not-grizzly']) {
-                sh '''
-                  git remote set-url --push master git@github.com:12ww1160/puppet_collection.git
-                  git push master --mirror
-                '''
-        }
-      }
-	  }
-  }
-}

README.md

@@ -18,6 +18,8 @@
     - [confdroid\_fail2ban](#confdroid_fail2ban)
     - [control repo template](#control-repo-template)
     - [confdroid\_automatic](#confdroid_automatic)
+    - [confdroid\_selinux](#confdroid_selinux)
+    - [confdroid\_ssh](#confdroid_ssh)
   - [FAQ](#faq)
 
 ## Summary
@@ -144,9 +146,27 @@ Install, configure and manage automatic OS system updates on RHEL-9 like operati
 - manage main configurations files via parameters
 - manage service
 
+### [confdroid_selinux](https://3for.me/z2tsi)
+
+- Install binaries required for selinux and related tools
+- manage /etc/sysconfig/selinux file (file system permissions, selinux context, content)
+- manage current selinux status (permissive,enforcing)
+
+### [confdroid_ssh](https://3for.me/jhjim)
+
+Install, configure and manage SSHD and ssh settings
+
+- install required binaries
+- manage local custom configuration based on parameters, overriding the defaults
+- manage selinux rules
+- manage service
+- (optional) manage firewall
+
 ---
 
 ## FAQ
 
 - Q: "Why are the names of the modules using underscore instead of hyphens?"
   A: The modules are best deployed through the [R10k](https://github.com/puppetlabs/r10k) service using a Puppetfile. The deployment process using Puppetfile would convert the name of say "confdroid-postgresql" into a module called "confdroid" locally on the puppet server, cutting off everything after the hyphen. It also would then not deploy more than one module, because they all would be called "confdroid"
+- Q: "why is always only Rocky 9 listed as supported OS"?
+  A: In fact **any** RHEL-9 based OS should work. But  all modules are thoroughly being tested under Rocky 9 as OS of choice.