From e267e8fe58a7eacdc23e4f00f404d3a001881851 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Tue, 15 Apr 2025 18:41:43 +0200
Subject: [PATCH 01/16] Fixing-aws_vpc-role

---
 roles/aws/aws_vpc/tasks/security_group.yml | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/roles/aws/aws_vpc/tasks/security_group.yml b/roles/aws/aws_vpc/tasks/security_group.yml
index 0c63b1063..34e452bec 100644
--- a/roles/aws/aws_vpc/tasks/security_group.yml
+++ b/roles/aws/aws_vpc/tasks/security_group.yml
@@ -1,11 +1,21 @@
+- name: Pring aws_vpc var
+  ansible.builtin.debug:
+    msg: "{{ aws_vpc }}"
+
 - name: Create Security Group.
   amazon.aws.ec2_security_group:
-    name: "{{ security_group.name }}"
+    name: "{{ aws_vpc.name }}"
     profile: "{{ aws_vpc.aws_profile }}"
     region: "{{ aws_vpc.region }}"
-    tags: "{{ aws_vpc.tags | combine({'Name': security_group.name}) }}"
+    tags: "{{ aws_vpc.tags | combine({'Name': aws_vpc.name}) }}"
     state: "{{ aws_vpc.state }}"
-    vpc_id: "{{ _aws_vpc_vpc.vpc.id }}"
-    description: "{{ security_group.description }}"
-    rules: "{{ security_group.rules | default(omit) }}"
-    rules_egress: "{{ security_group.rules_egress | default(omit) }}"
+    vpc_id: "{{ aws_vpc.id }}"
+    description: "{{ aws_vpc.description }}"
+    rules: "{{ aws_vpc.rules | default(omit) }}"
+    rules_egress: "{{ aws_vpc.rules_egress | default(omit) }}"
+    purge_rules: "{{ aws_vpc.purge_rules | default(omit) }}"
+  register: _aws_vpc_result
+
+- name: Register aws_vpc SG results.
+  ansible.builtin.set_fact:
+    aws_vpc: "{{ aws_vpc | combine({'_result': {aws_vpc.name: _aws_vpc_result}}, recursive=True) }}"

From 361d6a433d19ce7cfddf11b6f6ca401393ab9b4c Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Tue, 15 Apr 2025 18:43:33 +0200
Subject: [PATCH 02/16] reverting-wazuh-tasks

---
 roles/debian/wazuh/tasks/main.yml | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml
index a3bf6056b..7224c1c1e 100644
--- a/roles/debian/wazuh/tasks/main.yml
+++ b/roles/debian/wazuh/tasks/main.yml
@@ -133,12 +133,6 @@
     state: restarted
   when: filebeat_exists
 
-- name: Check if wazuh-manager service exists
-  ansible.builtin.command: systemctl list-unit-files --type=service --no-pager
-  register: wazuh_service
-  ignore_errors: true
-  changed_when: false
-
 - name: Write the password to /var/ossec/etc/authd.pass
   ansible.builtin.copy:
     dest: /var/ossec/etc/authd.pass
@@ -152,10 +146,4 @@
   ansible.builtin.systemd:
     name: wazuh-manager
     state: restarted
-  when: "'wazuh-manager.service' in wazuh_service.stdout"
-
-- name: Restart wazuh-agent to apply changes
-  ansible.builtin.systemd:
-    name: wazuh-agent
-    state: restarted
-  when: "'wazuh-agent.service' in wazuh_service.stdout"
+  when: "'wazuh-manager.service' in wazuh_service.stdout or 'wazuh-agent.service' in wazuh_service.stdout"

From ebff88eead9ac7baf5185ccc78ae12067c5e7c48 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Tue, 15 Apr 2025 21:13:04 +0200
Subject: [PATCH 03/16] Updating-aws_vpc-tasks

---
 roles/aws/aws_vpc/tasks/main.yml | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/roles/aws/aws_vpc/tasks/main.yml b/roles/aws/aws_vpc/tasks/main.yml
index 9901abd85..31ec599a9 100644
--- a/roles/aws/aws_vpc/tasks/main.yml
+++ b/roles/aws/aws_vpc/tasks/main.yml
@@ -10,18 +10,23 @@
   register: _aws_vpc_vpc
 
 - name: Ensure default Security group is tagged.
-  amazon.aws.ec2_security_group:
-    name: "default"
-    profile: "{{ aws_vpc.aws_profile }}"
-    region: "{{ aws_vpc.region }}"
-    tags: "{{ aws_vpc.tags }}"
-    state: "{{ aws_vpc.state }}"
-    vpc_id: "{{ _aws_vpc_vpc.vpc.id }}"
-    description: "default VPC security group"
-    purge_rules: false
+  ansible.builtin.include_tasks: "security_group.yml"
+  vars:
+    aws_vpc:
+      name: "default"
+      id: "{{ _aws_vpc_vpc.vpc.id }}"
+      description: "default VPC security group"
+      purge_rules: false
 
 - name: Create VPC Security groups.
   ansible.builtin.include_tasks: "security_group.yml"
+  vars:
+    aws_vpc:
+      name: "{{ security_group.name }}"
+      id: "{{ _aws_vpc_vpc.vpc.id }}"
+      description: "default VPC security group"
+      rules: "{{ security_group.rules | default(omit) }}"
+      rules_egress: "{{ security_group.rules_egress | default(omit) }}"
   with_items: "{{ aws_vpc.security_groups }}"
   loop_control:
     loop_var: security_group

From 61a314bdfe886059eca8287496353a6c49d9b32c Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 16 Apr 2025 08:25:02 +0200
Subject: [PATCH 04/16] Updating-task-with-SG

---
 roles/aws/aws_vpc/tasks/main.yml           | 7 -------
 roles/aws/aws_vpc/tasks/security_group.yml | 4 ++--
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/roles/aws/aws_vpc/tasks/main.yml b/roles/aws/aws_vpc/tasks/main.yml
index 31ec599a9..22ef2638f 100644
--- a/roles/aws/aws_vpc/tasks/main.yml
+++ b/roles/aws/aws_vpc/tasks/main.yml
@@ -20,13 +20,6 @@
 
 - name: Create VPC Security groups.
   ansible.builtin.include_tasks: "security_group.yml"
-  vars:
-    aws_vpc:
-      name: "{{ security_group.name }}"
-      id: "{{ _aws_vpc_vpc.vpc.id }}"
-      description: "default VPC security group"
-      rules: "{{ security_group.rules | default(omit) }}"
-      rules_egress: "{{ security_group.rules_egress | default(omit) }}"
   with_items: "{{ aws_vpc.security_groups }}"
   loop_control:
     loop_var: security_group
diff --git a/roles/aws/aws_vpc/tasks/security_group.yml b/roles/aws/aws_vpc/tasks/security_group.yml
index 34e452bec..eb20a21bc 100644
--- a/roles/aws/aws_vpc/tasks/security_group.yml
+++ b/roles/aws/aws_vpc/tasks/security_group.yml
@@ -11,8 +11,8 @@
     state: "{{ aws_vpc.state }}"
     vpc_id: "{{ aws_vpc.id }}"
     description: "{{ aws_vpc.description }}"
-    rules: "{{ aws_vpc.rules | default(omit) }}"
-    rules_egress: "{{ aws_vpc.rules_egress | default(omit) }}"
+    rules: "{{ security_group.rules | default(omit) }}"
+    rules_egress: "{{ security_group.rules_egress | default(omit) }}"
     purge_rules: "{{ aws_vpc.purge_rules | default(omit) }}"
   register: _aws_vpc_result
 

From d49dfd3b9255bf6d2b104fbdfdf265a8434f85ca Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 16 Apr 2025 11:14:12 +0200
Subject: [PATCH 05/16] Updating-aws_iam-role

---
 roles/aws/aws_iam_role/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/aws/aws_iam_role/tasks/main.yml b/roles/aws/aws_iam_role/tasks/main.yml
index 8f67e33c8..f51b0aecd 100644
--- a/roles/aws/aws_iam_role/tasks/main.yml
+++ b/roles/aws/aws_iam_role/tasks/main.yml
@@ -1,6 +1,6 @@
 - name: Create an IAM Managed Policy if defined.
   amazon.aws.iam_managed_policy:
-    policy_name: "inline_{{ aws_iam_role.name }}_policy"
+    policy_name: "inline_{{ aws_iam_role.inline_policies.name }}_policy"
     policy:
       Version: "2012-10-17"
       Statement:
@@ -13,7 +13,7 @@
 
 - name: Join managed and inline policy.
   ansible.builtin.set_fact:
-    _combined_policies: "{{ aws_iam_role.managed_policies + [_inline_iam_policy.arn] }}"
+    _combined_policies: "{{ aws_iam_role.managed_policies + [_inline_iam_policy.policy.arn] }}"
   when: aws_iam_role.inline_policies.action is defined and aws_iam_role.inline_policies.action | length > 0
 
 - name: Create combined var if inline policy is not defined or empty.

From a3a42fa1909f47c0e690004ee1a58342e17e1908 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 16 Apr 2025 12:06:44 +0200
Subject: [PATCH 06/16] Updating-aws_vpc-role

---
 roles/aws/aws_vpc/tasks/security_group.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/roles/aws/aws_vpc/tasks/security_group.yml b/roles/aws/aws_vpc/tasks/security_group.yml
index eb20a21bc..3de5cba78 100644
--- a/roles/aws/aws_vpc/tasks/security_group.yml
+++ b/roles/aws/aws_vpc/tasks/security_group.yml
@@ -1,7 +1,3 @@
-- name: Pring aws_vpc var
-  ansible.builtin.debug:
-    msg: "{{ aws_vpc }}"
-
 - name: Create Security Group.
   amazon.aws.ec2_security_group:
     name: "{{ aws_vpc.name }}"

From f6a7f76d82ec820cdf3d2015fecdda2fd4140724 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 16 Apr 2025 12:08:49 +0200
Subject: [PATCH 07/16] Reverting-wazuh-changes

---
 roles/debian/wazuh/tasks/main.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml
index 7224c1c1e..a3bf6056b 100644
--- a/roles/debian/wazuh/tasks/main.yml
+++ b/roles/debian/wazuh/tasks/main.yml
@@ -133,6 +133,12 @@
     state: restarted
   when: filebeat_exists
 
+- name: Check if wazuh-manager service exists
+  ansible.builtin.command: systemctl list-unit-files --type=service --no-pager
+  register: wazuh_service
+  ignore_errors: true
+  changed_when: false
+
 - name: Write the password to /var/ossec/etc/authd.pass
   ansible.builtin.copy:
     dest: /var/ossec/etc/authd.pass
@@ -146,4 +152,10 @@
   ansible.builtin.systemd:
     name: wazuh-manager
     state: restarted
-  when: "'wazuh-manager.service' in wazuh_service.stdout or 'wazuh-agent.service' in wazuh_service.stdout"
+  when: "'wazuh-manager.service' in wazuh_service.stdout"
+
+- name: Restart wazuh-agent to apply changes
+  ansible.builtin.systemd:
+    name: wazuh-agent
+    state: restarted
+  when: "'wazuh-agent.service' in wazuh_service.stdout"

From 4035be4c7dca4ba904da4a43b90ff2329b0545f9 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 16 Apr 2025 14:04:46 +0200
Subject: [PATCH 08/16] Updating-aws_security_groups-tasks

---
 roles/aws/aws_security_groups/tasks/main.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/aws/aws_security_groups/tasks/main.yml b/roles/aws/aws_security_groups/tasks/main.yml
index c356e05a6..75d88fd45 100644
--- a/roles/aws/aws_security_groups/tasks/main.yml
+++ b/roles/aws/aws_security_groups/tasks/main.yml
@@ -8,7 +8,6 @@
 
 - name: Fetch groups.
   amazon.aws.ec2_security_group_info:
-    profile: "{{ aws_security_groups.aws_profile }}"
     region: "{{ aws_security_groups.region }}"
     filters:
       group-name: "{{ _aws_security_group_names }}"

From d76017fa43e47e996c5ec1fee8d0a9cd2820b429 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 16 Apr 2025 14:15:56 +0200
Subject: [PATCH 09/16] Updating-aws_security_groups-tasks

---
 roles/aws/aws_backup_validation/tasks/main.yml | 2 +-
 roles/aws/aws_s3_bucket/tasks/main.yml         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/aws/aws_backup_validation/tasks/main.yml b/roles/aws/aws_backup_validation/tasks/main.yml
index d8e7b1ef4..703e4ccb5 100644
--- a/roles/aws/aws_backup_validation/tasks/main.yml
+++ b/roles/aws/aws_backup_validation/tasks/main.yml
@@ -25,7 +25,7 @@
       timeout: "{{ aws_backup_validation.timeout }}"
       role: "{{ aws_iam_role._result['LambdaBackupRestoreRole'] }}"
       runtime: "{{ aws_backup_validation.runtime }}"
-      function_file: "{{ lookup('template', item + '_validation.py.j2')  }}"
+      function_file: "{{ lookup('template', item + '_validation.py.j2') }}"
       s3_bucket: "ce-{{ _aws_profile }}-lambda-functions"
       tags:
         Name: "{{ item }}_backup_validation"
diff --git a/roles/aws/aws_s3_bucket/tasks/main.yml b/roles/aws/aws_s3_bucket/tasks/main.yml
index 915b9c09e..303c56519 100644
--- a/roles/aws/aws_s3_bucket/tasks/main.yml
+++ b/roles/aws/aws_s3_bucket/tasks/main.yml
@@ -24,4 +24,4 @@
 
 - name: Register aws_s3_bucket results.
   ansible.builtin.set_fact:
-    aws_s3_bucket: "{{ aws_s3_bucket | combine({'_result': {aws_s3_bucket.name | replace('-','_'): {'bucket': _aws_s3_bucket, 'policy': _aws_s3_bucket_policy}}}, recursive=True) }}"
+    aws_s3_bucket: "{{ aws_s3_bucket | combine({'_result': {aws_s3_bucket.name | replace('-', '_'): {'bucket': _aws_s3_bucket, 'policy': _aws_s3_bucket_policy}}}, recursive=True) }}"

From fffcfbaf80cdb24774242b0a7d25cb1e1bedef59 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 16 Apr 2025 14:31:36 +0200
Subject: [PATCH 10/16] Updating-aws_vpc-security-group-task

---
 roles/aws/aws_vpc/tasks/security_group.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/aws/aws_vpc/tasks/security_group.yml b/roles/aws/aws_vpc/tasks/security_group.yml
index 3de5cba78..6c0bfe8b6 100644
--- a/roles/aws/aws_vpc/tasks/security_group.yml
+++ b/roles/aws/aws_vpc/tasks/security_group.yml
@@ -6,7 +6,7 @@
     tags: "{{ aws_vpc.tags | combine({'Name': aws_vpc.name}) }}"
     state: "{{ aws_vpc.state }}"
     vpc_id: "{{ aws_vpc.id }}"
-    description: "{{ aws_vpc.description }}"
+    description: "{{ security_group.description }}"
     rules: "{{ security_group.rules | default(omit) }}"
     rules_egress: "{{ security_group.rules_egress | default(omit) }}"
     purge_rules: "{{ aws_vpc.purge_rules | default(omit) }}"

From 2c1af0b824a3d1ae5a3018b09bb383e007de3407 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 16 Apr 2025 14:40:52 +0200
Subject: [PATCH 11/16] Removing-profile-variables

---
 roles/aws/aws_elasticache/tasks/main.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/roles/aws/aws_elasticache/tasks/main.yml b/roles/aws/aws_elasticache/tasks/main.yml
index 7c75d36eb..12568c83a 100644
--- a/roles/aws/aws_elasticache/tasks/main.yml
+++ b/roles/aws/aws_elasticache/tasks/main.yml
@@ -4,7 +4,6 @@
     name: aws/aws_security_groups
   vars:
     aws_security_groups:
-      profile: "{{ aws_elasticache.aws_profile }}"
       region: "{{ aws_elasticache.region }}"
       group_names: "{{ aws_elasticache.elasticache_security_groups }}"
       return_type: ids
@@ -24,7 +23,6 @@
 
 - name: Create ElastiCache cluster.
   community.aws.elasticache:
-    profile: "{{ aws_elasticache.aws_profile }}"
     name: "{{ aws_elasticache.name }}"
     region: "{{ aws_elasticache.region }}"
     state: "{{ aws_elasticache.state }}"
@@ -38,4 +36,4 @@
     security_group_ids: "{{ _aws_security_group_list }}" # variable populated by the aws_security_groups role
     zone: "{{ aws_elasticache.zone | default(omit) }}"
 
-# @TODO grab the endpoint data for the memcached client role
\ No newline at end of file
+# @TODO grab the endpoint data for the memcached client role

From b8a0b2110c0ea1186a75c91ec2fbf60b947d5884 Mon Sep 17 00:00:00 2001
From: Drazen <drazen.szep@codeenigma.com>
Date: Thu, 17 Apr 2025 10:58:32 +0200
Subject: [PATCH 12/16] Systemd-overrides-clamav-daemon

---
 roles/debian/clamav/handlers/main.yml            |  9 +++++++++
 roles/debian/clamav/tasks/main.yml               | 10 ++++++++++
 .../clamav/templates/clamav-daemon.socket.j2     | 16 ++++++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 roles/debian/clamav/handlers/main.yml
 create mode 100644 roles/debian/clamav/templates/clamav-daemon.socket.j2

diff --git a/roles/debian/clamav/handlers/main.yml b/roles/debian/clamav/handlers/main.yml
new file mode 100644
index 000000000..869d011fd
--- /dev/null
+++ b/roles/debian/clamav/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: Restart clamav-daemon.socket
+  ansible.builtin.service:
+    name: clamav-daemon.socket
+    state: restarted
+    enabled: true
+
+- name: Reload systemd
+  ansible.builtin.command: systemctl daemon-reload
+  become: true
diff --git a/roles/debian/clamav/tasks/main.yml b/roles/debian/clamav/tasks/main.yml
index eeaf31013..7989190da 100644
--- a/roles/debian/clamav/tasks/main.yml
+++ b/roles/debian/clamav/tasks/main.yml
@@ -41,3 +41,13 @@
     pkg: clamdscan
     state: present
   when: clamav.install_clamdscan
+
+- name: Clamav daemon socket overrides
+  ansible.builtin.template:
+    src: clamav-daemon.socket.j2
+    dest: /etc/systemd/system/clamav-daemon.socket
+    mode: '0644'
+  when: clamav_daemon_enabled
+  notify:
+    - reload systemd
+    - restart clamav-daemon.socket
diff --git a/roles/debian/clamav/templates/clamav-daemon.socket.j2 b/roles/debian/clamav/templates/clamav-daemon.socket.j2
new file mode 100644
index 000000000..7d188ff85
--- /dev/null
+++ b/roles/debian/clamav/templates/clamav-daemon.socket.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Socket for Clam AntiVirus userspace daemon
+Documentation=man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/
+# Check for database existence
+ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
+ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
+
+[Socket]
+ListenStream=/run/clamav/clamd.ctl
+ListenStream=3310
+SocketUser=clamav
+SocketGroup=clamav
+RemoveOnStop=True
+
+[Install]
+WantedBy=sockets.target

From ecbcfdc9f6063ae3221f78bf5359e709a2b8d8fe Mon Sep 17 00:00:00 2001
From: Drazen <drazen.szep@codeenigma.com>
Date: Fri, 18 Apr 2025 13:56:29 +0200
Subject: [PATCH 13/16] Systemd-overrides-clamav-daemon-PR-2.x

---
 roles/debian/clamav/handlers/main.yml | 4 ----
 roles/debian/clamav/tasks/main.yml    | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/roles/debian/clamav/handlers/main.yml b/roles/debian/clamav/handlers/main.yml
index 869d011fd..7ad64b32b 100644
--- a/roles/debian/clamav/handlers/main.yml
+++ b/roles/debian/clamav/handlers/main.yml
@@ -3,7 +3,3 @@
     name: clamav-daemon.socket
     state: restarted
     enabled: true
-
-- name: Reload systemd
-  ansible.builtin.command: systemctl daemon-reload
-  become: true
diff --git a/roles/debian/clamav/tasks/main.yml b/roles/debian/clamav/tasks/main.yml
index 7989190da..39c8e4987 100644
--- a/roles/debian/clamav/tasks/main.yml
+++ b/roles/debian/clamav/tasks/main.yml
@@ -50,4 +50,4 @@
   when: clamav_daemon_enabled
   notify:
     - reload systemd
-    - restart clamav-daemon.socket
+    - Restart clamav-daemon.socket

From 215e66074cb86568aff83260ed976f7bbe39ce9d Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Mon, 28 Apr 2025 15:18:51 +0200
Subject: [PATCH 14/16] Updating-jenkins-role

---
 roles/debian/jenkins/defaults/main.yml        |   2 +-
 roles/debian/jenkins/tasks/main.yml           |  31 ++--
 .../jenkins/templates/jenkins.service.j2      | 151 ++++++++++++++++++
 3 files changed, 169 insertions(+), 15 deletions(-)
 create mode 100644 roles/debian/jenkins/templates/jenkins.service.j2

diff --git a/roles/debian/jenkins/defaults/main.yml b/roles/debian/jenkins/defaults/main.yml
index 39c1a1c64..1af47f075 100644
--- a/roles/debian/jenkins/defaults/main.yml
+++ b/roles/debian/jenkins/defaults/main.yml
@@ -7,7 +7,7 @@ ldap_client:
   bindpw: ""
 
 jenkins:
-  apt_signed_by: https://pkg.jenkins.io/debian/jenkins.io.key
+  apt_signed_by: https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
   server_name: "jenkins.{{ _domain_name }}"
   ssl_handling: "ssl_selfsigned"
   listen_http_port: -1
diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml
index 3c8413203..b14e236fe 100644
--- a/roles/debian/jenkins/tasks/main.yml
+++ b/roles/debian/jenkins/tasks/main.yml
@@ -1,17 +1,17 @@
 ---
-- name: Add Jenkins repository and key.
+- name: Add Jenkins repository.
   ansible.builtin.include_role:
     name: debian/apt_repository
   vars:
     apt_repository:
-      legacy_repo: "deb http://pkg.jenkins.io/debian binary/"
+      legacy_repo: "deb http://pkg.jenkins.io/debian-stable binary/"
       format: list # Jenkins repo does not support deb822
-      list_repo_string: "http://pkg.jenkins.io/debian binary/" # override automated repo string generation
+      list_repo_string: "http://pkg.jenkins.io/debian-stable binary/" # override automated repo string generation
       name: jenkins
       types:
         - deb
       uris:
-        - http://pkg.jenkins.io/debian
+        - http://pkg.jenkins.io/debian-stable
       signed_by: "{{ jenkins.apt_signed_by }}"
       state: present
       key_refresh_timer_OnCalendar: "Mon *-*-* 00:00:00"
@@ -100,20 +100,23 @@
     group: "{{ jenkins.user }}"
     mode: 0775
 
-- name: Restart Jenkins.
+- name: Copy jenkins service file with jenkins port number.
+  ansible.builtin.template:
+    src: "jenkins.service.j2"
+    dest: "/usr/lib/systemd/system/jenkins.service"
+    owner: "root"
+    group: "root"
+    mode: 0644
+
+- name: Restart Jenkins and reload daemon.
   ansible.builtin.service:
     name: jenkins
+    daemon_reload: true
     state: restarted
-  when: aptoutput.changed
-
-- name: Paise for 2 minutes.
-  ansible.builtin.pause:
-    minutes: 2
-  when: aptoutput.changed
 
 - name: Download Jenkins CLI.
   ansible.builtin.get_url:
-    url: "https://localhost:{{ jenkins.listen_https_port }}/jnlpJars/jenkins-cli.jar"
+    url: "http://localhost:{{ jenkins.listen_https_port }}/jnlpJars/jenkins-cli.jar"
     validate_certs: false
     dest: /opt/jenkins-cli.jar
 
@@ -135,13 +138,13 @@
         timer_OnCalendar: "{{ jenkins.on_calendar }}"
 
 - name: Install Jenkins Plugins.
-  ansible.builtin.command: "java -jar /opt/jenkins-cli.jar -auth {{ jenkins.adminuser }}:{{ jenkins.adminpass }}  -noCertificateCheck -s https://localhost:{{ jenkins.listen_https_port }}/ install-plugin {{ jenkins.plugins | join(' ') }}"
+  ansible.builtin.command: "java -jar /opt/jenkins-cli.jar -auth {{ jenkins.adminuser }}:{{ jenkins.adminpass }}  -noCertificateCheck -s http://localhost:{{ jenkins.listen_https_port }}/ install-plugin {{ jenkins.plugins | join(' ') }}"
   become: true
   become_user: "{{ jenkins.user }}"
   register: pluginoutput
 
 - name: Safe restart Jenkins.
-  ansible.builtin.command: "java -jar /opt/jenkins-cli.jar -auth {{ jenkins.adminuser }}:{{ jenkins.adminpass }}  -noCertificateCheck -s https://localhost:{{ jenkins.listen_https_port }}/ safe-restart"
+  ansible.builtin.command: "java -jar /opt/jenkins-cli.jar -auth {{ jenkins.adminuser }}:{{ jenkins.adminpass }}  -noCertificateCheck -s http://localhost:{{ jenkins.listen_https_port }}/ safe-restart"
   become: true
   become_user: "{{ jenkins.user }}"
   when: pluginoutput.changed
diff --git a/roles/debian/jenkins/templates/jenkins.service.j2 b/roles/debian/jenkins/templates/jenkins.service.j2
new file mode 100644
index 000000000..3c94e482e
--- /dev/null
+++ b/roles/debian/jenkins/templates/jenkins.service.j2
@@ -0,0 +1,151 @@
+
+# This file is managed by systemd(1). Do NOT edit this file manually!
+# To override these settings, run:
+#
+#     systemctl edit jenkins
+#
+# For more information about drop-in files, see:
+#
+#     https://www.freedesktop.org/software/systemd/man/systemd.unit.html
+#
+
+[Unit]
+Description=Jenkins Continuous Integration Server
+Requires=network.target
+After=network.target
+StartLimitBurst=5
+StartLimitIntervalSec=5m
+
+[Service]
+Type=notify
+NotifyAccess=main
+ExecStart=/usr/bin/jenkins
+Restart=on-failure
+SuccessExitStatus=143
+
+# Configures the time to wait for start-up. If Jenkins does not signal start-up
+# completion within the configured time, the service will be considered failed
+# and will be shut down again. Takes a unit-less value in seconds, or a time span
+# value such as "5min 20s". Pass "infinity" to disable the timeout logic.
+#TimeoutStartSec=90
+
+# Unix account that runs the Jenkins daemon
+# Be careful when you change this, as you need to update the permissions of
+# $JENKINS_HOME, $JENKINS_LOG, and (if you have already run Jenkins)
+# $JENKINS_WEBROOT.
+User=jenkins
+Group=jenkins
+
+# Directory where Jenkins stores its configuration and workspaces
+Environment="JENKINS_HOME=/var/lib/jenkins"
+WorkingDirectory=/var/lib/jenkins
+
+# Location of the Jenkins WAR
+#Environment="JENKINS_WAR=/usr/share/java/jenkins.war"
+
+# Location of the exploded WAR
+Environment="JENKINS_WEBROOT=%C/jenkins/war"
+
+# Location of the Jenkins log. By default, systemd-journald(8) is used.
+#Environment="JENKINS_LOG=%L/jenkins/jenkins.log"
+
+# The Java home directory. When left empty, JENKINS_JAVA_CMD and PATH are consulted.
+#Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64"
+
+# The Java executable. When left empty, JAVA_HOME and PATH are consulted.
+#Environment="JENKINS_JAVA_CMD=/etc/alternatives/java"
+
+# Arguments for the Jenkins JVM
+Environment="JAVA_OPTS=-Djava.awt.headless=true"
+
+# Unix Domain Socket to listen on for local HTTP requests. Default is disabled.
+#Environment="JENKINS_UNIX_DOMAIN_PATH=/run/jenkins/jenkins.socket"
+
+# IP address to listen on for HTTP requests.
+# The default is to listen on all interfaces (0.0.0.0).
+#Environment="JENKINS_LISTEN_ADDRESS="
+
+# Port to listen on for HTTP requests. Set to -1 to disable.
+# To be able to listen on privileged ports (port numbers less than 1024),
+# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
+# directive below.
+Environment="JENKINS_PORT={{ jenkins.listen_https_port }}"
+
+# IP address to listen on for HTTPS requests. Default is disabled.
+#Environment="JENKINS_HTTPS_LISTEN_ADDRESS="
+
+# Port to listen on for HTTPS requests. Default is disabled.
+# To be able to listen on privileged ports (port numbers less than 1024),
+# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
+# directive below.
+#Environment="JENKINS_HTTPS_PORT=443"
+
+# Path to the keystore in JKS format (as created by the JDK's keytool).
+# Default is disabled.
+#Environment="JENKINS_HTTPS_KEYSTORE=/path/to/keystore.jks"
+
+# Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE.
+# Default is disabled.
+#Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=s3cR3tPa55w0rD"
+
+# IP address to listen on for HTTP2 requests. Default is disabled.
+#Environment="JENKINS_HTTP2_LISTEN_ADDRESS="
+
+# HTTP2 port to listen on. Default is disabled.
+# To be able to listen on privileged ports (port numbers less than 1024),
+# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
+# directive below.
+#Environment="JENKINS_HTTP2_PORT="
+
+# Controls which capabilities to include in the ambient capability set for the
+# executed process. Takes a whitespace-separated list of capability names, e.g.
+# CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SYS_PTRACE. Ambient capability sets are
+# useful if you want to execute a process as a non-privileged user but still
+# want to give it some capabilities. For example, add the CAP_NET_BIND_SERVICE
+# capability to be able to listen on privileged ports (port numbers less than
+# 1024).
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+# Debug level for logs. The higher the value, the more verbose. 5 is INFO.
+#Environment="JENKINS_DEBUG_LEVEL=5"
+
+# Set to true to enable logging to /var/log/jenkins/access_log.
+#Environment="JENKINS_ENABLE_ACCESS_LOG=false"
+
+# Servlet context (important if you want to use reverse proxying)
+#Environment="JENKINS_PREFIX=/jenkins"
+
+# Arbitrary additional arguments to pass to Jenkins.
+# Full option list: java -jar jenkins.war --help
+#Environment="JENKINS_OPTS="
+
+# Maximum core file size. If unset, the value from the OS is inherited.
+#LimitCORE=infinity
+
+# Maximum file size. If unset, the value from the OS is inherited.
+#LimitFSIZE=infinity
+
+# File descriptor limit. If unset, the value from the OS is inherited.
+#LimitNOFILE=8192
+
+# Maximum number of processes. If unset, the value from the OS is inherited.
+#LimitNPROC=32768
+
+# Set the umask to control the permission bits of files that Jenkins creates.
+#
+# 0027 makes files read-only for group and inaccessible for others, which some
+# security sensitive users might consider beneficial, especially if Jenkins
+# is running on a server that is used for multiple purposes. Beware that 0027
+# permissions would interfere with sudo scripts that run on the controller
+# (see JENKINS-25065).
+#
+# Note also that the particularly sensitive parts of $JENKINS_HOME (such as
+# credentials) are always written without 'other' access. So the umask values
+# only affect job configuration, build records, etc.
+#
+# If unset, the value from the OS is inherited, which is normally 0022.
+# The default umask comes from pam_umask(8) and /etc/login.defs.
+#UMask=0022
+
+[Install]
+WantedBy=multi-user.target

From 3d3419a823b10e8fa0443363c9c48b8804c70db7 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Mon, 28 Apr 2025 15:23:49 +0200
Subject: [PATCH 15/16] Updating-jenkins-role-2

---
 roles/aws/aws_elasticache/tasks/main.yml     | 2 ++
 roles/aws/aws_security_groups/tasks/main.yml | 1 +
 2 files changed, 3 insertions(+)

diff --git a/roles/aws/aws_elasticache/tasks/main.yml b/roles/aws/aws_elasticache/tasks/main.yml
index 12568c83a..a393d6528 100644
--- a/roles/aws/aws_elasticache/tasks/main.yml
+++ b/roles/aws/aws_elasticache/tasks/main.yml
@@ -4,6 +4,7 @@
     name: aws/aws_security_groups
   vars:
     aws_security_groups:
+      profile: "{{ aws_elasticache.aws_profile }}"
       region: "{{ aws_elasticache.region }}"
       group_names: "{{ aws_elasticache.elasticache_security_groups }}"
       return_type: ids
@@ -23,6 +24,7 @@
 
 - name: Create ElastiCache cluster.
   community.aws.elasticache:
+    profile: "{{ aws_elasticache.aws_profile }}"
     name: "{{ aws_elasticache.name }}"
     region: "{{ aws_elasticache.region }}"
     state: "{{ aws_elasticache.state }}"
diff --git a/roles/aws/aws_security_groups/tasks/main.yml b/roles/aws/aws_security_groups/tasks/main.yml
index 75d88fd45..c356e05a6 100644
--- a/roles/aws/aws_security_groups/tasks/main.yml
+++ b/roles/aws/aws_security_groups/tasks/main.yml
@@ -8,6 +8,7 @@
 
 - name: Fetch groups.
   amazon.aws.ec2_security_group_info:
+    profile: "{{ aws_security_groups.aws_profile }}"
     region: "{{ aws_security_groups.region }}"
     filters:
       group-name: "{{ _aws_security_group_names }}"

From 7020689a8de4354016740a4a5a013f5c44fc20dd Mon Sep 17 00:00:00 2001
From: Drazen <drazen.szep@codeenigma.com>
Date: Tue, 29 Apr 2025 16:57:45 +0200
Subject: [PATCH 16/16] Fixing-vpc-role-security-groups

---
 roles/aws/aws_vpc/tasks/security_group.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/aws/aws_vpc/tasks/security_group.yml b/roles/aws/aws_vpc/tasks/security_group.yml
index 6c0bfe8b6..5f06dea2b 100644
--- a/roles/aws/aws_vpc/tasks/security_group.yml
+++ b/roles/aws/aws_vpc/tasks/security_group.yml
@@ -6,7 +6,7 @@
     tags: "{{ aws_vpc.tags | combine({'Name': aws_vpc.name}) }}"
     state: "{{ aws_vpc.state }}"
     vpc_id: "{{ aws_vpc.id }}"
-    description: "{{ security_group.description }}"
+    description: "{{ security_group.description | default('') }}"
     rules: "{{ security_group.rules | default(omit) }}"
     rules_egress: "{{ security_group.rules_egress | default(omit) }}"
     purge_rules: "{{ aws_vpc.purge_rules | default(omit) }}"