From e712bbe2121a1ba28c4272f72c1fe4ffdd323527 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 22 Mar 2023 19:31:21 +0100 Subject: [PATCH] Linting --- .ansible-lint | 6 +++--- roles/docker_services/tasks/main.yml | 12 ++++++------ roles/docker_services/tasks/services.yml | 12 ++++++------ roles/docker_services/tasks/services/caddy.yml | 6 +++--- roles/docker_services/tasks/services/emby.yml | 4 ++-- roles/docker_services/tasks/services/monerod.yml | 4 ++-- roles/docker_services/tasks/services/nextcloud.yml | 10 +++++----- roles/docker_services/tasks/services/postfix.yml | 6 +++--- roles/docker_services/tasks/services/restic.yml | 2 +- roles/docker_services/tasks/services/snowflake.yml | 2 +- roles/docker_services/tasks/services/watchtower.yml | 4 ++-- roles/docker_services/tasks/services/wireguard.yml | 6 +++--- roles/os_config/handlers/main.yml | 12 ++++++------ roles/os_config/tasks/base.yml | 12 ++++++------ roles/os_config/tasks/disks.yml | 8 ++++---- roles/os_config/tasks/firewall.yml | 4 ++-- roles/os_config/tasks/main.yml | 10 +++++----- roles/os_config/tasks/reboot.yml | 6 +++--- roles/os_config/tasks/ssh.yml | 8 ++++---- 19 files changed, 67 insertions(+), 67 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 2482719..732762b 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -66,9 +66,9 @@ warn_list: # - role-name # - yaml[document-start] # you can also use sub-rule matches -skip_list: - - fqcn[action-core] - - fqcn[action] +# skip_list: + # - fqcn[action-core] + # - fqcn[action] # Some rules can transform files to fix (or make it easier to fix) identified # errors. `ansible-lint --write` will reformat YAML files and run these transforms. diff --git a/roles/docker_services/tasks/main.yml b/roles/docker_services/tasks/main.yml index 37cfd6a..6d6e51f 100644 --- a/roles/docker_services/tasks/main.yml +++ b/roles/docker_services/tasks/main.yml @@ -1,19 +1,19 @@ # vim: ft=yaml.ansible --- - name: Add Docker PGP key - apt_key: + ansible.builtin.apt_key: keyserver: keyserver.ubuntu.com id: '0x8D81803C0EBFCD88' state: present - name: Add Docker apt repository - apt_repository: + ansible.builtin.apt_repository: repo: 'deb [arch=arm64] https://download.docker.com/linux/ubuntu focal stable' state: present update_cache: true - name: Install Docker - apt: + ansible.builtin.apt: name: "{{ pkgs }}" state: present vars: @@ -22,13 +22,13 @@ - docker-compose-plugin - name: Create docker-compose symlink - file: + ansible.builtin.file: name: /usr/local/bin/docker-compose src: /usr/libexec/docker/cli-plugins/docker-compose state: link - name: Install Python bindings for Docker - pip: + ansible.builtin.pip: name: "{{ pkgs }}" state: present executable: pip3 @@ -38,7 +38,7 @@ - docker-compose - name: Set up Docker services - import_tasks: services.yml + ansible.builtin.import_tasks: services.yml tags: - services - reboot diff --git a/roles/docker_services/tasks/services.yml b/roles/docker_services/tasks/services.yml index 24bb2ef..fa32242 100644 --- a/roles/docker_services/tasks/services.yml +++ b/roles/docker_services/tasks/services.yml @@ -1,7 +1,7 @@ # vim: ft=yaml.ansible --- - name: Copy Docker daemon config file - template: + ansible.builtin.template: src: daemon.json.j2 dest: /etc/docker/daemon.json owner: root @@ -9,7 +9,7 @@ register: daemon_config - name: Disable and (re)start Docker daemon - service: + ansible.builtin.service: name: "{{ item }}" enabled: false state: "{{ 'restarted' if daemon_config.changed else 'started' }}" @@ -18,14 +18,14 @@ - docker.service - name: Create base directory for Docker volumes - file: + ansible.builtin.file: name: "{{ base_volume }}" owner: "{{ ansible_user }}" mode: u=rwx,g=rx,o=rx state: directory - name: Create Docker network for services - docker_network: + community.docker.docker_network: name: services ipam_config: - subnet: 172.16.0.0/16 @@ -33,11 +33,11 @@ state: present - name: Deploy services - include_tasks: services/{{ item.key }}.yml + ansible.builtin.include_tasks: services/{{ item.key }}.yml loop: "{{ services | dict2items }}" when: single_service is not defined - name: Deploy single service - include_tasks: services/{{ single_service }}.yml + ansible.builtin.include_tasks: services/{{ single_service }}.yml when: single_service is defined and single_service in services diff --git a/roles/docker_services/tasks/services/caddy.yml b/roles/docker_services/tasks/services/caddy.yml index 74d9d42..10e5827 100644 --- a/roles/docker_services/tasks/services/caddy.yml +++ b/roles/docker_services/tasks/services/caddy.yml @@ -1,7 +1,7 @@ # vim: ft=yaml.ansible --- - name: Create Caddy volume directories - file: + ansible.builtin.file: name: "{{ services.caddy.volume }}/{{ dir }}" owner: root mode: u=rwx,g=rx,o=rx @@ -13,14 +13,14 @@ loop_var: dir - name: Copy Caddyfile - template: + ansible.builtin.template: src: Caddyfile.j2 dest: "{{ services.caddy.volume }}/Caddyfile" owner: root mode: u=rw,g=r,o=r - name: Deploy Caddy Docker container - docker_container: + community.docker.docker_container: name: caddy image: caddy:{{ services.caddy.version }} restart_policy: always diff --git a/roles/docker_services/tasks/services/emby.yml b/roles/docker_services/tasks/services/emby.yml index 597648a..0cf7f6b 100644 --- a/roles/docker_services/tasks/services/emby.yml +++ b/roles/docker_services/tasks/services/emby.yml @@ -1,7 +1,7 @@ # vim: ft=yaml.ansible --- - name: Create Emby volume directories - file: + ansible.builtin.file: name: "{{ services.emby.volume }}/{{ dir }}" owner: "{{ ansible_user }}" mode: u=rwx,g=rx,o=rx @@ -14,7 +14,7 @@ loop_var: dir - name: Deploy Emby Docker container - docker_container: + community.docker.docker_container: name: emby_app image: emby/embyserver_arm64v8:{{ services.emby.version }} restart_policy: always diff --git a/roles/docker_services/tasks/services/monerod.yml b/roles/docker_services/tasks/services/monerod.yml index b28923e..85b865b 100644 --- a/roles/docker_services/tasks/services/monerod.yml +++ b/roles/docker_services/tasks/services/monerod.yml @@ -1,12 +1,12 @@ # vim: ft=yaml.ansible --- - name: Create Docker volume for Monero blockchain data - docker_volume: + community.docker.docker_volume: volume_name: monerod-node-blockchain state: present - name: Deploy Monero node Docker container - docker_container: + community.docker.docker_container: name: monerod_node image: sethsimmons/simple-monerod:{{ services.monerod.version }} restart_policy: always diff --git a/roles/docker_services/tasks/services/nextcloud.yml b/roles/docker_services/tasks/services/nextcloud.yml index 38239ea..4032d75 100644 --- a/roles/docker_services/tasks/services/nextcloud.yml +++ b/roles/docker_services/tasks/services/nextcloud.yml @@ -1,14 +1,14 @@ # vim: ft=yaml.ansible --- - name: Create Nextcloud apache2 directory - file: + ansible.builtin.file: name: "{{ services.nextcloud.volume }}/apache2" owner: root mode: u=rwx,g=rx,o=rx state: directory - name: Create Nextcloud app directory - file: + ansible.builtin.file: name: "{{ services.nextcloud.volume }}/app" owner: root group: '33' @@ -16,14 +16,14 @@ state: directory - name: Create Nextcloud PostgreSQL directory - file: + ansible.builtin.file: name: "{{ services.nextcloud.volume }}/postgres" owner: '70' mode: u=rwx,go= state: directory - name: Copy Apache2 config files - copy: + ansible.builtin.copy: src: nextcloud/apache2/{{ file }} dest: "{{ services.nextcloud.volume }}/apache2/{{ file }}" owner: root @@ -35,7 +35,7 @@ loop_var: file - name: Deploy Nextcloud with Docker Compose - docker_compose: + community.docker.docker_compose: project_name: nextcloud pull: true definition: diff --git a/roles/docker_services/tasks/services/postfix.yml b/roles/docker_services/tasks/services/postfix.yml index bba0ff6..635e345 100644 --- a/roles/docker_services/tasks/services/postfix.yml +++ b/roles/docker_services/tasks/services/postfix.yml @@ -1,19 +1,19 @@ # vim: ft=yaml.ansible --- - name: Create Docker network for Postfix - docker_network: + community.docker.docker_network: name: postfix state: present - name: Create Postfix volume directories - file: + ansible.builtin.file: name: "{{ services.postfix.volume }}/dkim" owner: root mode: u=rwx,g=rx,o=rx state: directory - name: Deploy Postfix Docker container - docker_container: + community.docker.docker_container: name: postfix image: boky/postfix:{{ services.postfix.version }} restart_policy: always diff --git a/roles/docker_services/tasks/services/restic.yml b/roles/docker_services/tasks/services/restic.yml index b3575a1..964fa59 100644 --- a/roles/docker_services/tasks/services/restic.yml +++ b/roles/docker_services/tasks/services/restic.yml @@ -1,7 +1,7 @@ # vim: ft=yaml.ansible --- - name: Deploy Restic with Docker Compose - docker_compose: + community.docker.docker_compose: project_name: restic pull: true definition: diff --git a/roles/docker_services/tasks/services/snowflake.yml b/roles/docker_services/tasks/services/snowflake.yml index 4e807b5..146caa9 100644 --- a/roles/docker_services/tasks/services/snowflake.yml +++ b/roles/docker_services/tasks/services/snowflake.yml @@ -1,7 +1,7 @@ # vim: ft=yaml.ansible --- - name: Deploy snowflake-proxy Docker container - docker_container: + community.docker.docker_container: name: snowflake-proxy image: thetorproject/snowflake-proxy:{{ services.snowflake.version }} restart_policy: always diff --git a/roles/docker_services/tasks/services/watchtower.yml b/roles/docker_services/tasks/services/watchtower.yml index 6d2bdc5..ace5573 100644 --- a/roles/docker_services/tasks/services/watchtower.yml +++ b/roles/docker_services/tasks/services/watchtower.yml @@ -1,12 +1,12 @@ # vim: ft=yaml.ansible --- - name: Create Docker network for Watchtower - docker_network: + community.docker.docker_network: name: watchtower state: present - name: Deploy Watchtower Docker container - docker_container: + community.docker.docker_container: name: watchtower image: containrrr/watchtower:{{ services.watchtower.version }} restart_policy: always diff --git a/roles/docker_services/tasks/services/wireguard.yml b/roles/docker_services/tasks/services/wireguard.yml index d89849c..ace2c5c 100644 --- a/roles/docker_services/tasks/services/wireguard.yml +++ b/roles/docker_services/tasks/services/wireguard.yml @@ -1,19 +1,19 @@ # vim: ft=yaml.ansible --- - name: Create Wireguard volume directory - file: + ansible.builtin.file: name: "{{ services.wireguard.volume }}" owner: root mode: u=rwx,g=rx,o=rx state: directory - name: Create Docker network for Wireguard - docker_network: + community.docker.docker_network: name: wireguard state: present - name: Deploy Wireguard Docker container - docker_container: + community.docker.docker_container: name: wireguard image: linuxserver/wireguard:{{ services.wireguard.version }} restart_policy: always diff --git a/roles/os_config/handlers/main.yml b/roles/os_config/handlers/main.yml index e531692..848dd3e 100644 --- a/roles/os_config/handlers/main.yml +++ b/roles/os_config/handlers/main.yml @@ -1,7 +1,7 @@ # vim: ft=yaml.ansible --- - name: Create .env for apt-update-push - template: + ansible.builtin.template: src: env.j2 dest: /home/{{ ansible_user }}/apt-update-push/.env owner: root @@ -9,28 +9,28 @@ listen: apt-update-push - name: Install apt-update-push - command: /home/{{ ansible_user }}/apt-update-push/install.sh + ansible.builtin.command: /home/{{ ansible_user }}/apt-update-push/install.sh listen: apt-update-push - name: Change GPIO_PIN - lineinfile: + ansible.builtin.lineinfile: regexp: '^GPIO_PIN = ' line: GPIO_PIN = 14 dest: /home/{{ ansible_user }}/pi-fan-controller/fancontrol.py listen: pi-fan-controller - name: Install requirements for pi-fan-controller - pip: + ansible.builtin.pip: requirements: /home/{{ ansible_user }}/pi-fan-controller/requirements.txt executable: pip3 listen: pi-fan-controller - name: Install pi-fan-controller - command: /home/{{ ansible_user }}/pi-fan-controller/script/install + ansible.builtin.command: /home/{{ ansible_user }}/pi-fan-controller/script/install listen: pi-fan-controller - name: Restart sshd - service: + ansible.builtin.service: name: sshd state: restarted listen: sshd diff --git a/roles/os_config/tasks/base.yml b/roles/os_config/tasks/base.yml index 144682e..2c92f2f 100644 --- a/roles/os_config/tasks/base.yml +++ b/roles/os_config/tasks/base.yml @@ -1,20 +1,20 @@ # vim: ft=yaml.ansible --- - name: Set hostname - hostname: + ansible.builtin.hostname: name: "{{ hostname }}" - name: Set timezone - timezone: + community.general.timezone: name: "{{ timezone }}" - name: Upgrade system packages - apt: + ansible.builtin.apt: update_cache: true upgrade: full - name: Install packages via apt - apt: + ansible.builtin.apt: name: "{{ pkgs }}" state: present vars: @@ -29,7 +29,7 @@ - unattended-upgrades - name: Clone apt-update-push - git: + ansible.builtin.git: dest: /home/{{ ansible_user }}/apt-update-push repo: https://github.com/samsapti/apt-update-push.git clone: true @@ -40,7 +40,7 @@ notify: apt-update-push - name: Clone pi-fan-controller - git: + ansible.builtin.git: dest: /home/{{ ansible_user }}/pi-fan-controller repo: https://github.com/Howchoo/pi-fan-controller.git clone: true diff --git a/roles/os_config/tasks/disks.yml b/roles/os_config/tasks/disks.yml index 8f81201..5d1a2ad 100644 --- a/roles/os_config/tasks/disks.yml +++ b/roles/os_config/tasks/disks.yml @@ -1,7 +1,7 @@ # vim: ft=yaml.ansible --- - name: (Create and) open LUKS containers - luks_device: + community.crypto.luks_device: uuid: "{{ item.disk.uuid }}" passphrase: "{{ item.disk.luks_pw }}" name: "{{ item.name }}" @@ -14,7 +14,7 @@ name: "{{ ssd_name }}" - name: Create filesystems if they do not exist - filesystem: + community.general.filesystem: dev: "{{ item }}" fstype: ext4 state: present @@ -24,7 +24,7 @@ when: ansible_mounts | selectattr('device', 'eq', item) | length == 0 - name: Mount filesystems - mount: + ansible.posix.mount: src: "{{ item.dev }}" path: "{{ item.path }}" fstype: ext4 @@ -47,7 +47,7 @@ when: ansible_swaptotal_mb == 0 - name: Mount swapfile - shell: | + ansible.builtin.shell: | mkswap {{ ssd_mount_point }}/swapfile swapon {{ ssd_mount_point }}/swapfile when: ansible_swaptotal_mb == 0 diff --git a/roles/os_config/tasks/firewall.yml b/roles/os_config/tasks/firewall.yml index 9a72129..53d5ea6 100644 --- a/roles/os_config/tasks/firewall.yml +++ b/roles/os_config/tasks/firewall.yml @@ -1,7 +1,7 @@ # vim: ft=yaml.ansible --- - name: Allow necessary ports in UFW - ufw: + community.general.ufw: rule: allow port: "{{ item.port }}" proto: "{{ item.proto | default('tcp') }}" @@ -15,6 +15,6 @@ proto: udp - name: Enable UFW - ufw: + community.general.ufw: state: enabled policy: deny diff --git a/roles/os_config/tasks/main.yml b/roles/os_config/tasks/main.yml index bfcab82..d2b82d7 100644 --- a/roles/os_config/tasks/main.yml +++ b/roles/os_config/tasks/main.yml @@ -1,20 +1,20 @@ # vim: ft=yaml.ansible --- - name: Configure system base - import_tasks: base.yml + ansible.builtin.import_tasks: base.yml - name: Reboot if needed - import_tasks: reboot.yml + ansible.builtin.import_tasks: reboot.yml tags: - reboot - name: Configure firewall - import_tasks: firewall.yml + ansible.builtin.import_tasks: firewall.yml - name: Configure SSH - import_tasks: ssh.yml + ansible.builtin.import_tasks: ssh.yml - name: Configure disks - import_tasks: disks.yml + ansible.builtin.import_tasks: disks.yml tags: - reboot diff --git a/roles/os_config/tasks/reboot.yml b/roles/os_config/tasks/reboot.yml index 66a050d..a8a2ab1 100644 --- a/roles/os_config/tasks/reboot.yml +++ b/roles/os_config/tasks/reboot.yml @@ -1,19 +1,19 @@ # vim: ft=yaml.ansible --- - name: Check if a reboot is needed - stat: + ansible.builtin.stat: path: /var/run/reboot-required register: needs_reboot - name: Reboot host - reboot: + ansible.builtin.reboot: connect_timeout: 120 when: needs_reboot.stat.exists or (force_reboot is defined and force_reboot) register: reboot - name: Re-gather facts - setup: + ansible.builtin.setup: filter: - ansible_mounts - ansible_swaptotal_mb diff --git a/roles/os_config/tasks/ssh.yml b/roles/os_config/tasks/ssh.yml index 7f85311..ba85f8e 100644 --- a/roles/os_config/tasks/ssh.yml +++ b/roles/os_config/tasks/ssh.yml @@ -1,27 +1,27 @@ # vim: ft=yaml.ansible --- - name: Add public SSH key to default user - authorized_key: + ansible.posix.authorized_key: user: "{{ ansible_user }}" key: "{{ ssh_key }}" exclusive: true - name: Allow SSH login with public keys - lineinfile: + ansible.builtin.lineinfile: regexp: '^#?PubkeyAuthentication ' line: PubkeyAuthentication yes dest: /etc/ssh/sshd_config notify: sshd - name: Disallow SSH login with password - lineinfile: + ansible.builtin.lineinfile: regexp: '^#?PasswordAuthentication ' line: PasswordAuthentication no dest: /etc/ssh/sshd_config notify: sshd - name: Disallow root login over SSH - lineinfile: + ansible.builtin.lineinfile: regexp: '^#?PermitRootLogin ' line: PermitRootLogin no dest: /etc/ssh/sshd_config