ansible-lint

all/playbook.yaml

@@ -1,40 +1,39 @@
----
 - name: Install shit
   hosts: all
   tasks:
-  - name: Std Repo stuff
+    - name: Std Repo stuff
-    apt:
+      ansible.builtin.apt:
-      update_cache: true
+        update_cache: true
-      name:
+        name:
-        - vim
+          - vim
-        - curl
+          - curl
-        - wget
+          - wget
-        - sudo
+          - sudo
-        - net-tools
+          - net-tools
-        - nmap
+          - nmap
-        - python3-pip
+          - python3-pip
-        - python3-passlib
+          - python3-passlib
-        - vnstat
+          - vnstat
-        - chrony
+          - chrony
-  - name: Enable VNStat service
+    - name: Enable VNStat service
-    service:
+      ansible.builtin.service:
-      name: vnstat
+        name: vnstat
-      enabled: yes
+        enabled: true
-      state: started
+        state: started
-  - name: Enable Chrony (NTP) service
+    - name: Enable Chrony (NTP) service
-    service:
+      ansible.builtin.service:
-      name: chrony
+        name: chrony
-      enabled: yes
+        enabled: true
-      state: started
+        state: started
 - name: Sysctl
   hosts: all
   tasks:
-    - name: disable dmesg logging to console
+    - name: Disable dmesg logging to console
-      sysctl:
+      ansible.posix.sysctl:
         name: kernel.printk
         value: '3 4 1 3'
         state: present
-        sysctl_set: yes
+        sysctl_set: true
 - name: Add users
   hosts: all
   vars:
@@ -45,58 +44,65 @@
       - midou
       - ansiblerunner
     password: d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db
-
   tasks:
-    - name: bashrc skel
+    - name: Bashrc skel
-      template: 
+      ansible.builtin.template:
         src: templates/bashrc.j2
         dest: /etc/skel/.bashrc
-    - name: profile skel
+        mode: preserve
-      template: 
+    - name: Profile skel
+      ansible.builtin.template:
         src: templates/profile.j2
         dest: /etc/skel/.profile
-    - name: bash_aliases skel
+        mode: preserve
-      template: 
+    - name: Bash_aliases skel
+      ansible.builtin.template:
         src: templates/bash_aliases.j2
         dest: /etc/skel/.bash_aliases
-    - name: prompt skel
+        mode: preserve
-      template: 
+    - name: Prompt skel
+      ansible.builtin.template:
         src: templates/prompt.j2
         dest: /etc/skel/.prompt
-    - name: bashrc root
+        mode: preserve
-      template: 
+    - name: Bashrc root
+      ansible.builtin.template:
         src: templates/bashrc.j2
         dest: /root/.bashrc
-    - name: profile root
+        mode: preserve
-      template: 
+    - name: Profile root
+      ansible.builtin.template:
         src: templates/profile.j2
         dest: /root/.profile
-    - name: bash_aliases root
+        mode: preserve
-      template: 
+    - name: Bash_aliases root
+      ansible.builtin.template:
         src: templates/bash_aliases.j2
         dest: /root/.bash_aliases
-    - name: prompt root
+        mode: preserve
-      template: 
+    - name: Prompt root
+      ansible.builtin.template:
         src: templates/prompt.j2
         dest: /root/.prompt
+        mode: preserve
     - name: Add user
-      user:
+      ansible.builtin.user:
         name: "{{ item }}"
         group: users
         groups: users,sudo
         password: "{{ password }}"
         shell: /bin/bash
         update_password: on_create # Add the same initial password for all users (can be overwritten by user)
-      with_items: 
+      with_items:
         - "{{ users }}"
     - name: "Add authorized keys"
-      authorized_key:
+      ansible.posix.authorized_key:
         user: "{{ item }}"
-        key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
+        key: "{{ lookup('file', 'files/' + item + '.pub') }}"
       with_items:
         - "{{ users }}"
     - name: "Allow admin users to sudo without a password"
-      lineinfile:
+      ansible.builtin.lineinfile:
         dest: "/etc/sudoers" # path: in version 2.3
         state: "present"
         regexp: "^%sudo"
@@ -111,25 +117,28 @@
       - midou
   tasks:
     - name: Add extra authorized_key for soleil
-      authorized_key:
+      ansible.posix.authorized_key:
-        user: "{{item}}"
+        user: "{{ item }}"
         key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn7RsO05kXSKBBopwzAri/MfhRwA+iuB1X96jQl0rhYvGmYVZLi0CPyXzE2laL5tRiyXYsIgHTVCfsn+CF+ilFXBa+xLcJ9Yau/SjtnZASixljeZuy0o3aTdl/IqcOcLVCdDaatuzOXFTjZCE+r67FqxFcaw9lzWi7QjtE1j8ar5+qo278XWWltYogxccHXBXqDr2chz95Ye0lAEIWp0LOgkSYjVNNKaAc7Y6kwr7SlwKMdlfbY6WPOyRQX5l1rnpU6Cw4mRf+l06+drpkGFIll3dulm0CNIoXYVy3W5Hr+C0Z6FT0bqZP1NuG1bDWTlwbMD3jIfBqhTI3V7oL5EvHCh3KsHfE7bS97F7MoeNx1xZrj2zIbkakdsxvm5oXra2RXpLbQXEzZDntGYoPaJT70yvnBSpxNDtzhUzZKwlTZIGN3LU/9USfmVTphZAR7l/BmT+j64eUZevuy3ht6iQQigkmi6KwXySXlUuUq2pXwTA/Dq1er3NclwTwT+v1QJ8= user@CoreVM"
       with_items:
-        - "{{users}}"
+        - "{{ users }}"
 - name: Configure SSHD
   hosts: all
   tasks:
-    - name: sshd configuration file update
+    - name: Sshd configuration file update
-      template: 
+      ansible.builtin.template:
         src: templates/sshd_config.j2
         dest: /etc/ssh/sshd_config
-        backup: yes
+        backup: true
         owner: 0
         group: 0
-        mode: 0644
+        mode: "0644"
         validate: '/usr/sbin/sshd -T -f %s'
       notify:
         - restart sshd
   handlers:
-    - name: restart sshd
+    - name: Restart sshd
-      service: name=sshd state=restarted
+      ansible.builtin.service:
+        name: sshd
+        enabled: true
+        state: restarted

inventory.yml

@@ -7,31 +7,31 @@ all:
           ansible_user: ansiblerunner
           ansible_port: 22
           port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
         docker:
           ansible_host: docker.vpn.projectsegfau.lt
           ansible_user: ansiblerunner
           ansible_port: 22
           port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
         lxc:
           ansible_host: lxc.vpn.projectsegfau.lt
           ansible_user: ansiblerunner
           ansible_port: 22
           port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
         db:
           ansible_host: db.vpn.projectsegfau.lt
           ansible_user: ansiblerunner
           ansible_port: 22
           port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
         backwards:
           ansible_host: backwards.vpn.projectsegfau.lt
           ansible_user: ansiblerunner
           ansible_port: 22
           port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
     privfrontends:
       hosts:
         eu:
@@ -39,7 +39,7 @@ all:
           ansible_user: ansiblerunner
           ansible_port: 222
           port: 222
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
           caddy_extras_config: templates/1-extras.Caddyfile
           country: Luxembourg
           isp: BuyVM
@@ -50,7 +50,7 @@ all:
           ansible_user: ansiblerunner
           ansible_port: 22
           port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
           caddy_extras_config: templates/2-extras.Caddyfile
           country: United States
           isp: Digital Ocean
@@ -61,7 +61,7 @@ all:
           ansible_user: ansiblerunner
           ansible_port: 22
           port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
           caddy_extras_config: templates/3-extras.Caddyfile
           country: India
           isp: Bharti Airtel
@@ -74,4 +74,4 @@ all:
           ansible_user: ansiblerunner
           ansible_port: 22
           port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root

privfrontends/docker-tasks.yaml

@@ -1,47 +1,52 @@
 ---
 - name: Create directory for service
-  file:
+  ansible.builtin.file:
-    path: /opt/docker/{{item}}
+    path: /opt/docker/{{ item }}
     state: directory
+    mode: "0755"
   tags: docker
 
 - name: Copy docker-compose templates for the service
-  template:
+  ansible.builtin.template:
-    src: ./compose/{{item}}/compose.yml.j2
+    src: ./compose/{{ item }}/compose.yml.j2
-    dest: /opt/docker/{{item}}/compose.yml
+    dest: /opt/docker/{{ item }}/compose.yml
-    backup: yes
+    backup: true
+    mode: preserve
   register: check_status
   tags: docker
 
-- name: check if extras file exists for the service
+- name: Check if extras file exists for the service
-  local_action: stat path=./compose/{{item}}/extras.conf.j2
+  delegate_to: localhost
+  ansible.builtin.stat:
+    path: ./compose/{{ item }}/extras.conf.j2
   register: file
   tags: docker
 
 - name: Copy extras file
-  template:
+  ansible.builtin.template:
-    src: ./compose/{{item}}/extras.conf.j2
+    src: ./compose/{{ item }}/extras.conf.j2
-    dest: /opt/docker/{{item}}/extras.conf
+    dest: /opt/docker/{{ item }}/extras.conf
-    backup: yes
+    backup: true
+    mode: preserve
   when: file.stat.exists
   tags: docker
 
 - name: "Update docker service image"
-  command:
+  ansible.builtin.command:
     chdir: "/opt/docker/{{ item }}"
     cmd: docker compose pull
   when: check_status.changed
   tags: docker
 
 - name: "Stop docker service"
-  command:
+  ansible.builtin.command:
     chdir: "/opt/docker/{{ item }}"
     cmd: docker compose down
   when: check_status.changed
   tags: docker
 
 - name: "Start docker service"
-  command:
+  ansible.builtin.command:
     chdir: "/opt/docker/{{ item }}"
     cmd: docker compose up -d --build --remove-orphans
   when: check_status.changed

privfrontends/playbook.yaml

@@ -13,20 +13,22 @@
   tasks:
     # This is run again so config still updates even if i dont run the role which isnt needed most of the time
     - name: Copy Caddyfile
-      template:
+      ansible.builtin.template:
         src: ./templates/Caddyfile.j2
         dest: /etc/caddy/Caddyfile
+        mode: preserve
       tags: caddy-non-update
     - name: Copy per-server caddy extras
-      copy:
+      ansible.builtin.copy:
         src: "./templates/{{ inventory_hostname }}/"
         dest: /etc/caddy/
         directory_mode: true
+        mode: preserve
       tags: caddy-non-update
     - name: Reload Caddy
-      service:
+      ansible.builtin.service:
         name: caddy
-        enabled: yes
+        enabled: true
         state: reloaded
       tags: caddy-non-update
 - name: Setup docker compose for privacy frontends
@@ -34,11 +36,9 @@
   vars:
     docker_services:
       - anonymousoverflow
-        #- beatbump
       - breezewiki
       - gothub
       - gothub-dev
-        #- invidious
       - librarian
       - libreddit
       - nitter
@@ -48,20 +48,23 @@
       - simplytranslate
       - teddit
       - watchtower
-    non_pizza_docker_services:
-      #- piped
-      - searxng
   tasks:
-    #
     # community.docker does not support compose 2.0 right now.
     # https://github.com/ansible-collections/community.docker/issues/216
-    #
     - name: Update docker compose files and restart those with changes
-      include_tasks: docker-tasks.yaml
+      ansible.builtin.include_tasks: docker-tasks.yaml
       with_items: "{{ docker_services }}"
       tags: docker
+- name: Setup docker compose for privacy frontends (non-pizza1)
+  hosts: in,us
+  vars:
+    non_pizza_docker_services:
+      - searxng
+  tasks:
+    # community.docker does not support compose 2.0 right now.
+    # https://github.com/ansible-collections/community.docker/issues/216
     - name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
-      include_tasks: docker-tasks.yaml
+      ansible.builtin.include_tasks: docker-tasks.yaml
       with_items: "{{ non_pizza_docker_services }}"
       tags: docker
 
@@ -69,14 +72,14 @@
   hosts: privfrontends
   tasks:
     - name: Restart invidious every hour
-      cron:
+      ansible.builtin.cron:
         name: "hourly invidious restart"
         special_time: hourly
-        job: "docker restart invidious-invidious-1 && curl https://healthchecks.projectsegfau.lt/ping/{{invidious_hc_uuid}}"
+        job: "docker restart invidious-invidious-1 && curl https://healthchecks.projectsegfau.lt/ping/{{ invidious_hc_uuid }}"
       tags: cron
     - name: Restart teddit every hour
-      cron:
+      ansible.builtin.cron:
         name: "hourly teddit restart"
         special_time: hourly
-        job: "docker restart teddit && curl https://healthchecks.projectsegfau.lt/ping/{{teddit_hc_uuid}}"
+        job: "docker restart teddit && curl https://healthchecks.projectsegfau.lt/ping/{{ teddit_hc_uuid }}"
       tags: cron

roles/requirements.yml

@@ -1,5 +1,3 @@
 ---
-
 - src: git+https://github.com/caddy-ansible/caddy-ansible.git
   version: v3.2.0
-