ansible-lint

2023-07-07 22:40:54 +05:30 · 2023-07-07 22:40:54 +05:30 · 3f9c37c08f
commit 3f9c37c08f
parent 8a0bf70474
5 changed files with 117 additions and 102 deletions
--- a/all/playbook.yaml
+++ b/all/playbook.yaml
@ -1,40 +1,39 @@
---
 - name: Install shit
  hosts: all
  tasks:
-  - name: Std Repo stuff
-    apt:
-      update_cache: true
-      name:
-        - vim
-        - curl
-        - wget
-        - sudo
-        - net-tools
-        - nmap
-        - python3-pip
-        - python3-passlib
-        - vnstat
-        - chrony
-  - name: Enable VNStat service
-    service:
-      name: vnstat
-      enabled: yes
-      state: started
-  - name: Enable Chrony (NTP) service
-    service:
-      name: chrony
-      enabled: yes
-      state: started
+    - name: Std Repo stuff
+      ansible.builtin.apt:
+        update_cache: true
+        name:
+          - vim
+          - curl
+          - wget
+          - sudo
+          - net-tools
+          - nmap
+          - python3-pip
+          - python3-passlib
+          - vnstat
+          - chrony
+    - name: Enable VNStat service
+      ansible.builtin.service:
+        name: vnstat
+        enabled: true
+        state: started
+    - name: Enable Chrony (NTP) service
+      ansible.builtin.service:
+        name: chrony
+        enabled: true
+        state: started
 - name: Sysctl
  hosts: all
  tasks:
-    - name: disable dmesg logging to console
-      sysctl:
+    - name: Disable dmesg logging to console
+      ansible.posix.sysctl:
        name: kernel.printk
        value: '3 4 1 3'
        state: present
-        sysctl_set: yes
+        sysctl_set: true
 - name: Add users
  hosts: all
  vars:
@ -45,58 +44,65 @@
      - midou
      - ansiblerunner
    password: d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db
-
  tasks:
-    - name: bashrc skel
-      template: 
+    - name: Bashrc skel
+      ansible.builtin.template:
        src: templates/bashrc.j2
        dest: /etc/skel/.bashrc
-    - name: profile skel
-      template: 
+        mode: preserve
+    - name: Profile skel
+      ansible.builtin.template:
        src: templates/profile.j2
        dest: /etc/skel/.profile
-    - name: bash_aliases skel
-      template: 
+        mode: preserve
+    - name: Bash_aliases skel
+      ansible.builtin.template:
        src: templates/bash_aliases.j2
        dest: /etc/skel/.bash_aliases
-    - name: prompt skel
-      template: 
+        mode: preserve
+    - name: Prompt skel
+      ansible.builtin.template:
        src: templates/prompt.j2
        dest: /etc/skel/.prompt
-    - name: bashrc root
-      template: 
+        mode: preserve
+    - name: Bashrc root
+      ansible.builtin.template:
        src: templates/bashrc.j2
        dest: /root/.bashrc
-    - name: profile root
-      template: 
+        mode: preserve
+    - name: Profile root
+      ansible.builtin.template:
        src: templates/profile.j2
        dest: /root/.profile
-    - name: bash_aliases root
-      template: 
+        mode: preserve
+    - name: Bash_aliases root
+      ansible.builtin.template:
        src: templates/bash_aliases.j2
        dest: /root/.bash_aliases
-    - name: prompt root
-      template: 
+        mode: preserve
+    - name: Prompt root
+      ansible.builtin.template:
        src: templates/prompt.j2
        dest: /root/.prompt
+        mode: preserve
    - name: Add user
-      user:
+      ansible.builtin.user:
        name: "{{ item }}"
        group: users
        groups: users,sudo
        password: "{{ password }}"
        shell: /bin/bash
        update_password: on_create # Add the same initial password for all users (can be overwritten by user)
-      with_items: 
+      with_items:
        - "{{ users }}"
    - name: "Add authorized keys"
-      authorized_key:
+      ansible.posix.authorized_key:
        user: "{{ item }}"
-        key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
+        key: "{{ lookup('file', 'files/' + item + '.pub') }}"
      with_items:
        - "{{ users }}"
    - name: "Allow admin users to sudo without a password"
-      lineinfile:
+      ansible.builtin.lineinfile:
        dest: "/etc/sudoers" # path: in version 2.3
        state: "present"
        regexp: "^%sudo"
@ -111,25 +117,28 @@
      - midou
  tasks:
    - name: Add extra authorized_key for soleil
-      authorized_key:
-        user: "{{item}}"
+      ansible.posix.authorized_key:
+        user: "{{ item }}"
        key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn7RsO05kXSKBBopwzAri/MfhRwA+iuB1X96jQl0rhYvGmYVZLi0CPyXzE2laL5tRiyXYsIgHTVCfsn+CF+ilFXBa+xLcJ9Yau/SjtnZASixljeZuy0o3aTdl/IqcOcLVCdDaatuzOXFTjZCE+r67FqxFcaw9lzWi7QjtE1j8ar5+qo278XWWltYogxccHXBXqDr2chz95Ye0lAEIWp0LOgkSYjVNNKaAc7Y6kwr7SlwKMdlfbY6WPOyRQX5l1rnpU6Cw4mRf+l06+drpkGFIll3dulm0CNIoXYVy3W5Hr+C0Z6FT0bqZP1NuG1bDWTlwbMD3jIfBqhTI3V7oL5EvHCh3KsHfE7bS97F7MoeNx1xZrj2zIbkakdsxvm5oXra2RXpLbQXEzZDntGYoPaJT70yvnBSpxNDtzhUzZKwlTZIGN3LU/9USfmVTphZAR7l/BmT+j64eUZevuy3ht6iQQigkmi6KwXySXlUuUq2pXwTA/Dq1er3NclwTwT+v1QJ8= user@CoreVM"
      with_items:
-        - "{{users}}"
+        - "{{ users }}"
 - name: Configure SSHD
  hosts: all
  tasks:
-    - name: sshd configuration file update
-      template: 
+    - name: Sshd configuration file update
+      ansible.builtin.template:
        src: templates/sshd_config.j2
        dest: /etc/ssh/sshd_config
-        backup: yes
+        backup: true
        owner: 0
        group: 0
-        mode: 0644
+        mode: "0644"
        validate: '/usr/sbin/sshd -T -f %s'
      notify:
        - restart sshd
  handlers:
-    - name: restart sshd
-      service: name=sshd state=restarted
+    - name: Restart sshd
+      ansible.builtin.service:
+        name: sshd
+        enabled: true
+        state: restarted
--- a/inventory.yml
+++ b/inventory.yml
@ -7,31 +7,31 @@ all:
          ansible_user: ansiblerunner
          ansible_port: 22
          port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
        docker:
          ansible_host: docker.vpn.projectsegfau.lt
          ansible_user: ansiblerunner
          ansible_port: 22
          port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
        lxc:
          ansible_host: lxc.vpn.projectsegfau.lt
          ansible_user: ansiblerunner
          ansible_port: 22
          port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
        db:
          ansible_host: db.vpn.projectsegfau.lt
          ansible_user: ansiblerunner
          ansible_port: 22
          port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
        backwards:
          ansible_host: backwards.vpn.projectsegfau.lt
          ansible_user: ansiblerunner
          ansible_port: 22
          port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
    privfrontends:
      hosts:
        eu:
@ -39,7 +39,7 @@ all:
          ansible_user: ansiblerunner
          ansible_port: 222
          port: 222
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
          caddy_extras_config: templates/1-extras.Caddyfile
          country: Luxembourg
          isp: BuyVM
@ -50,7 +50,7 @@ all:
          ansible_user: ansiblerunner
          ansible_port: 22
          port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
          caddy_extras_config: templates/2-extras.Caddyfile
          country: United States
          isp: Digital Ocean
@ -61,7 +61,7 @@ all:
          ansible_user: ansiblerunner
          ansible_port: 22
          port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
          caddy_extras_config: templates/3-extras.Caddyfile
          country: India
          isp: Bharti Airtel
@ -74,4 +74,4 @@ all:
          ansible_user: ansiblerunner
          ansible_port: 22
          port: 22
-          ansible_become: yes # Run everything as root
+          ansible_become: true # Run everything as root
--- a/privfrontends/docker-tasks.yaml
+++ b/privfrontends/docker-tasks.yaml
@ -1,47 +1,52 @@
 ---
 - name: Create directory for service
-  file:
-    path: /opt/docker/{{item}}
+  ansible.builtin.file:
+    path: /opt/docker/{{ item }}
    state: directory
+    mode: "0755"
  tags: docker

 - name: Copy docker-compose templates for the service
-  template:
-    src: ./compose/{{item}}/compose.yml.j2
-    dest: /opt/docker/{{item}}/compose.yml
-    backup: yes
+  ansible.builtin.template:
+    src: ./compose/{{ item }}/compose.yml.j2
+    dest: /opt/docker/{{ item }}/compose.yml
+    backup: true
+    mode: preserve
  register: check_status
  tags: docker

- name: check if extras file exists for the service
-  local_action: stat path=./compose/{{item}}/extras.conf.j2
+- name: Check if extras file exists for the service
+  delegate_to: localhost
+  ansible.builtin.stat:
+    path: ./compose/{{ item }}/extras.conf.j2
  register: file
  tags: docker

 - name: Copy extras file
-  template:
-    src: ./compose/{{item}}/extras.conf.j2
-    dest: /opt/docker/{{item}}/extras.conf
-    backup: yes
+  ansible.builtin.template:
+    src: ./compose/{{ item }}/extras.conf.j2
+    dest: /opt/docker/{{ item }}/extras.conf
+    backup: true
+    mode: preserve
  when: file.stat.exists
  tags: docker

 - name: "Update docker service image"
-  command:
+  ansible.builtin.command:
    chdir: "/opt/docker/{{ item }}"
    cmd: docker compose pull
  when: check_status.changed
  tags: docker

 - name: "Stop docker service"
-  command:
+  ansible.builtin.command:
    chdir: "/opt/docker/{{ item }}"
    cmd: docker compose down
  when: check_status.changed
  tags: docker

 - name: "Start docker service"
-  command:
+  ansible.builtin.command:
    chdir: "/opt/docker/{{ item }}"
    cmd: docker compose up -d --build --remove-orphans
  when: check_status.changed
--- a/privfrontends/playbook.yaml
+++ b/privfrontends/playbook.yaml
@ -13,20 +13,22 @@
  tasks:
    # This is run again so config still updates even if i dont run the role which isnt needed most of the time
    - name: Copy Caddyfile
-      template:
+      ansible.builtin.template:
        src: ./templates/Caddyfile.j2
        dest: /etc/caddy/Caddyfile
+        mode: preserve
      tags: caddy-non-update
    - name: Copy per-server caddy extras
-      copy:
+      ansible.builtin.copy:
        src: "./templates/{{ inventory_hostname }}/"
        dest: /etc/caddy/
        directory_mode: true
+        mode: preserve
      tags: caddy-non-update
    - name: Reload Caddy
-      service:
+      ansible.builtin.service:
        name: caddy
-        enabled: yes
+        enabled: true
        state: reloaded
      tags: caddy-non-update
 - name: Setup docker compose for privacy frontends
@ -34,11 +36,9 @@
  vars:
    docker_services:
      - anonymousoverflow
-        #- beatbump
      - breezewiki
      - gothub
      - gothub-dev
-        #- invidious
      - librarian
      - libreddit
      - nitter
@ -48,20 +48,23 @@
      - simplytranslate
      - teddit
      - watchtower
-    non_pizza_docker_services:
-      #- piped
-      - searxng
  tasks:
-    #
    # community.docker does not support compose 2.0 right now.
    # https://github.com/ansible-collections/community.docker/issues/216
-    #
    - name: Update docker compose files and restart those with changes
-      include_tasks: docker-tasks.yaml
+      ansible.builtin.include_tasks: docker-tasks.yaml
      with_items: "{{ docker_services }}"
      tags: docker
+- name: Setup docker compose for privacy frontends (non-pizza1)
+  hosts: in,us
+  vars:
+    non_pizza_docker_services:
+      - searxng
+  tasks:
+    # community.docker does not support compose 2.0 right now.
+    # https://github.com/ansible-collections/community.docker/issues/216
    - name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
-      include_tasks: docker-tasks.yaml
+      ansible.builtin.include_tasks: docker-tasks.yaml
      with_items: "{{ non_pizza_docker_services }}"
      tags: docker

@ -69,14 +72,14 @@
  hosts: privfrontends
  tasks:
    - name: Restart invidious every hour
-      cron:
+      ansible.builtin.cron:
        name: "hourly invidious restart"
        special_time: hourly
-        job: "docker restart invidious-invidious-1 && curl https://healthchecks.projectsegfau.lt/ping/{{invidious_hc_uuid}}"
+        job: "docker restart invidious-invidious-1 && curl https://healthchecks.projectsegfau.lt/ping/{{ invidious_hc_uuid }}"
      tags: cron
    - name: Restart teddit every hour
-      cron:
+      ansible.builtin.cron:
        name: "hourly teddit restart"
        special_time: hourly
-        job: "docker restart teddit && curl https://healthchecks.projectsegfau.lt/ping/{{teddit_hc_uuid}}"
+        job: "docker restart teddit && curl https://healthchecks.projectsegfau.lt/ping/{{ teddit_hc_uuid }}"
      tags: cron
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@ -1,5 +1,3 @@
 ---
-
 - src: git+https://github.com/caddy-ansible/caddy-ansible.git
  version: v3.2.0
-