style: correct ansible lint
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
vincent 2022-12-10 18:51:03 +01:00
parent cdef59b348
commit 1419eaa003
17 changed files with 163 additions and 139 deletions

View File

@ -1,18 +1,18 @@
- name: install base-devel package
pacman:
- name: Install base-devel package
community.general.pacman:
state: present # not required. choices: absent;latest;present. Desired state of the package.
name: ["base-devel"] # not required. Name or list of names of the packages to install, upgrade, or remove.
update_cache: true
become: true
- name: Create aur_builder user
user:
ansible.builtin.user:
name: aur_builder
group: wheel
become: true
- name: Allow aur_builder to run pacman as root
lineinfile:
ansible.builtin.lineinfile:
path: /etc/sudoers.d/11-install-aur_builder
line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman"
create: true
@ -20,7 +20,7 @@
mode: 0600
become: true
- name: install yay
- name: Install yay
aur:
state: present
name: yay

View File

@ -1,5 +1,5 @@
- name: upgrade arch-keyring
pacman:
- name: Upgrade arch-keyring
community.general.pacman:
state: latest # noqa package-latest
name: archlinux-keyring
force: true
@ -7,8 +7,8 @@
become: true
when: system_upgrade and ansible_facts['os_family'] == "Archlinux"
- name: upgrade system
pacman:
- name: Upgrade system
community.general.pacman:
state: latest # noqa package-latest
upgrade: true
force: true
@ -18,19 +18,19 @@
register: upgrade
- name: Reboot updates to apply
reboot:
ansible.builtin.reboot:
reboot_timeout: 3600
when: upgrade.changed and "linux" in upgrade.packages and system_upgrade and ansible_facts['os_family'] == "Archlinux"
become: true
- name: launch arch base install software
pacman:
- name: Launch arch base install software
community.general.pacman:
state: present
name: "{{ system_base_softwares }}"
become: true
when: ansible_facts['os_family'] == "Archlinux"
- name: install aur workstation soft
- name: Install aur workstation soft
aur:
name: "{{ system_base_aur_soft }}"
state: present
@ -38,23 +38,23 @@
become_user: aur_builder
when: ansible_facts['os_family'] == "Archlinux" and system_base_aur_soft
- name: launch debian base install software
apt:
- name: Launch debian base install software
ansible.builtin.apt:
state: present
name: "{{ system_base_softwares }}"
update_cache: true
become: true
when: ansible_facts['os_family'] == "Debian"
- name: launch redhat base install software
dnf:
- name: Launch redhat base install software
ansible.builtin.dnf:
state: present
name: "{{ system_base_softwares }}"
update_cache: true
become: true
when: ansible_facts['os_family'] == "RedHat"
#- name: pass user shell to zsh
#- name: Pass user shell to zsh
# user:
# name: "{{ user.name }}"
# shell: /bin/zsh

View File

@ -1,5 +1,5 @@
- name: GITHUB | Get current version of bat
shell: >
ansible.builtin.shell: >
set -o pipefail &&
curl -L --silent https://api.github.com/repos/sharkdp/bat/releases/latest |
grep '"tag_name":' |
@ -12,14 +12,12 @@
bat_version.rc != 0 or
not bat_version.stdout|regex_search('\w+\.\w+\.\w+')
- name: DEBIAN | Set URL to download bins
set_fact:
ansible.builtin.set_fact:
debian_url: "https://github.com/sharkdp/bat/releases/download/v{{ bat_version.stdout }}/bat_{{ bat_version.stdout }}_amd64.deb"
when: ansible_facts['os_family'] == "Debian"
- name: DEBIAN | Install deb from github
become: true
apt:
ansible.builtin.apt:
deb: "{{ debian_url }}"
when: ansible_facts['os_family'] == "Debian"

View File

@ -1,5 +1,5 @@
- name: add repo main contrib
apt_repository:
- name: Add repo main contrib
ansible.builtin.apt_repository:
repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free
state: present
update_cache: true

View File

@ -1,5 +1,5 @@
- name: add repo main contrib
dnf:
- name: Add repo main contrib
ansible.builtin.dnf:
name: epel-release
state: present
update_cache: true

View File

@ -1,10 +1,10 @@
---
- name: ensure dhcpcd is instaled
pacman:
- name: Ensure dhcpcd is instaled
community.general.pacman:
name: dhcpcd
state: present
- name: change hostname setting
lineinfile:
- name: Change hostname setting
ansible.builtin.lineinfile:
dest: /etc/dhcpcd.conf
regexp: "^#hostname"
line: "hostname"

View File

@ -1,6 +1,6 @@
---
- name: disable firewalld
service:
- name: Disable firewalld
ansible.builtin.service:
name: firewalld
state: stopped
enabled: false

View File

@ -1,5 +1,5 @@
- name: Ensure hostname set
hostname:
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
use: systemd
become: true

View File

@ -1,6 +1,6 @@
- name: Install custom hosts file
become: true
template:
ansible.builtin.template:
src: etc_hosts.j2
dest: "{{ hosts_file }}"
owner: root

View File

@ -1,6 +1,6 @@
---
- name: Set keymap
copy:
ansible.builtin.copy:
content: "KEYMAP={{ arch_base_keymap }}\n"
dest: /etc/vconsole.conf
mode: 0644
@ -8,14 +8,14 @@
become: true
- name: Generate locales
locale_gen:
community.general.locale_gen:
name: "{{ item }}"
state: present
with_items: "{{ arch_base_locales }}"
become: true
- name: Set locale
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/locale.conf
line: "LANG={{ arch_base_locale }}"
regexp: "^LANG="
@ -25,6 +25,6 @@
- name: Set timezone
become: true
command: timedatectl set-timezone {{ arch_base_timezone }}
ansible.builtin.command: timedatectl set-timezone {{ arch_base_timezone }}
args:
creates: /etc/localtime

View File

@ -1,31 +1,49 @@
- name: gather os specific variables
include_vars: "{{ item }}"
- name: Gather os specific variables
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_os_family }}.yml"
tags: vars
- include_tasks: hostname.yml
- include_tasks: hosts.yml
- include_tasks: tasks.sysctl.yml
- include_tasks: dhcpcd.yml
- name: Include hostname
ansible.builtin.include_tasks: hostname.yml
- name: Include hosts
ansible.builtin.include_tasks: hosts.yml
- name: Include tasks.sysctl
ansible.builtin.include_tasks: tasks.sysctl.yml
- name: Include wol
ansible.builtin.include_tasks: wol.yml
- name: Include dhcpcd
ansible.builtin.include_tasks: dhcpcd.yml
when: ansible_os_family == "Archlinux"
- include_tasks: locales.yml
- name: Include locales
ansible.builtin.include_tasks: locales.yml
when: ansible_os_family == "Archlinux"
- include_tasks: time.yml
- include_tasks: usergroup.yml
- include_tasks: ssh.yml
- include_tasks: sudoers.yml
- include_tasks: pacman.yml
- name: Include time
ansible.builtin.include_tasks: time.yml
- name: Include usergroup
ansible.builtin.include_tasks: usergroup.yml
- name: Include ssh
ansible.builtin.include_tasks: ssh.yml
- name: Include sudoers
ansible.builtin.include_tasks: sudoers.yml
- name: Include pacman
ansible.builtin.include_tasks: pacman.yml
when: ansible_facts['os_family'] == "Archlinux"
- include_tasks: firewalld.yml
- name: Include firewalld
ansible.builtin.include_tasks: firewalld.yml
when: ansible_facts['os_family'] == "RedHat"
- include_tasks: depot_debian.yml
- name: Include depot_debian
ansible.builtin.include_tasks: depot_debian.yml
when: ansible_facts['os_family'] == "Debian"
- include_tasks: depot_redhat.yml
- name: Inclide depot_redhat
ansible.builtin.include_tasks: depot_redhat.yml
when: ansible_os_family == "RedHat"
- include_tasks: AUR_builder.yml
- name: Include AUR_builder
ansible.builtin.include_tasks: AUR_builder.yml
when: ansible_facts['os_family'] == "Archlinux"
- include_tasks: base_software.yml
- include_tasks: bat.yml
- name: Include base_software
ansible.builtin.include_tasks: base_software.yml
- name: Include bat
ansible.builtin.include_tasks: bat.yml
when: ansible_facts['os_family'] == "Debian"

View File

@ -1,33 +1,42 @@
---
- name: Configure pacman color
replace: dest=/etc/pacman.conf regexp="^#(Color)" replace="\1"
ansible.builtin.replace:
dest: /etc/pacman.conf
regexp: ^#(Color)"
replace: \1"
become: true
- name: Configure more pacman visuals
replace: dest=/etc/pacman.conf regexp="#(VerbosePkgLists)" replace="\1\nILoveCandy"
ansible.builtin.replace:
dest: /etc/pacman.conf
regexp: "#(VerbosePkgLists)"
replace: \1\nILoveCandy"
become: true
- name: Configure pacman multilib repo
become: true
replace: dest=/etc/pacman.conf regexp="^#(\[multilib\])\n^#(.*)$" replace="\1\n\2"
ansible.builtin.replace:
dest: /etc/pacman.conf
regexp: ^#(\[multilib\])\n^#(.*)$"
replace: \1\n\2"
notify: Update_pacman_repos
when: ansible_architecture == "x86_64"
- name: add local repo to mirrorlist
- name: Add local repo to mirrorlist
become: true
lineinfile:
ansible.builtin.lineinfile:
path: /etc/pacman.d/mirrorlist
line: "Server= {{ system_arch_local_mirror }}/$repo/os/$arch"
state: present
insertbefore: BOF
when: system_arch_local_mirror
- name: stat ca-certificates
stat:
- name: Stat ca-certificates
ansible.builtin.stat:
path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of.
register: cacertificates
- name: reinstall certificate for old system
command: "pacman -Sy ca-certificates-utils openssl --noconfirm"
- name: Reinstall certificate for old system
ansible.builtin.command: "pacman -Sy ca-certificates-utils openssl --noconfirm"
become: true
when: not cacertificates.stat.exists

View File

@ -1,91 +1,91 @@
- name: ensure SSH instalation
- name: Ensure SSH instalation
become: true
package:
name: "{{ system_ssh_package }}"
ansible.builtin.package:
name: '{{ system_ssh_package }}'
state: present
- name: ensure .ssh exist for user
- name: Ensure .ssh exist for user
become: true
file:
ansible.builtin.file:
state: directory
path: "/home/{{item}}/.ssh"
owner: "{{item}}"
path: '/home/{{ item }}/.ssh'
owner: '{{ item }}'
mode: 0700
with_items:
- "{{user.name}}"
- '{{ user.name }}'
- ansible
- name: copy ssh config for user
- name: Copy ssh config for user
become: true
template:
dest: "/home/{{ item }}/.ssh/config"
src: "ssh/config.j2"
ansible.builtin.template:
dest: '/home/{{ item }}/.ssh/config'
src: 'ssh/config.j2'
force: true
remote_src: false
mode: "600"
mode: '600'
selevel: s0
owner: "{{ item }}"
owner: '{{ item }}'
with_items:
- "{{ user.name }}"
- '{{ user.name }}'
- ansible
- name: ensure root ssh directory exist
- name: Ensure root ssh directory exist
become: true
file:
ansible.builtin.file:
state: directory
path: "/root/.ssh"
owner: "root"
path: '/root/.ssh'
owner: 'root'
mode: 0700
- name: copy ssh config for root
- name: Copy ssh config for root
become: true
copy:
ansible.builtin.copy:
dest: /root/.ssh/
src: "ssh/config"
src: 'ssh/config'
force: true
remote_src: false
mode: "600"
mode: '600'
selevel: s0
owner: "root"
owner: 'root'
- name: ensure key directory exist
- name: Ensure key directory exist
become: true
file:
ansible.builtin.file:
state: directory
path: "{{ item.keyfile | dirname }}"
owner: "{{ item.user }}"
path: '{{ item.keyfile | dirname }}'
owner: '{{ item.user }}'
mode: 0700
with_items: "{{ privatekeytodeploy }}"
with_items: '{{ privatekeytodeploy }}'
- name: Install ssh private key
become: true
copy:
content: "{{ item.privatekey }}"
dest: "{{ item.keyfile }}"
ansible.builtin.copy:
content: '{{ item.privatekey }}'
dest: '{{ item.keyfile }}'
mode: 0600
owner: "{{ item.user }}"
with_items: "{{ privatekeytodeploy }}"
owner: '{{ item.user }}'
with_items: '{{ privatekeytodeploy }}'
- name: Deploy SSH-Keys to remote host
authorized_key:
user: "{{ item.user }}"
key: "{{ item.sshkey }}"
ansible.posix.authorized_key:
user: '{{ item.user }}'
key: '{{ item.sshkey }}'
exclusive: false
with_items: "{{ keystodeploy }}"
with_items: '{{ keystodeploy }}'
become: true
- name: les connexions par mot de passe sont désactivées
- name: Les connexions par mot de passe sont désactivées
become: true
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PasswordAuthentication"
line: "PasswordAuthentication no"
regexp: '^#?PasswordAuthentication'
line: 'PasswordAuthentication no'
state: present
notify: Restart sshd
- name: Remove root SSH access
become: true
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
state: present
notify: Restart sshd

View File

@ -1,24 +1,23 @@
- name: set sudoers right
lineinfile:
dest: "/etc/sudoers.d/{{user.name}}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: "present"
- name: Set sudoers right
ansible.builtin.lineinfile:
dest: '/etc/sudoers.d/{{ user.name }}'
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
state: 'present'
create: True
owner: "root"
group: "root"
mode: "0440"
owner: 'root'
group: 'root'
mode: '0440'
validate: 'visudo -cf "%s"'
with_items:
- regexp: '^{{user.name}}\s'
line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
- regexp: '^{{ user.name }}\s'
line: '{{ user.name }} ALL = (ALL) NOPASSWD:ALL'
become: True
- name: change secure path
replace:
path: "/etc/sudoers"
- name: Change secure path
ansible.builtin.replace:
path: '/etc/sudoers'
regexp: ^Defaults\s*secure_path.*
replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
validate: 'visudo -cf "%s"'
become: true

View File

@ -1,6 +1,6 @@
---
- name: disable IPV6
template:
- name: Disable IPV6
ansible.builtin.template:
src: 40-ipv6.j2
dest: /etc/sysctl.d/40-ipv6.conf
owner: root

View File

@ -1,6 +1,6 @@
---
- name: Enable timesync
service:
ansible.builtin.service:
name: systemd-timesyncd.service
enabled: true
state: started
@ -8,7 +8,7 @@
when: ansible_facts['os_family'] == 'Archlinux' and not ansible_virtualization_type in ["lxc","docker"]
- name: Set timezone and hardware clock
timezone:
community.general.timezone:
hwclock: "{{ time.hwclock }}"
name: "{{ time.timezone }}"
become: true

View File

@ -1,15 +1,15 @@
---
- name: create system user
- name: Create system user
become: true
user:
name: "{{ item.name }}"
ansible.builtin.user:
name: '{{ item.name }}'
system: true
home: "{{ item.home | default('/') }}"
shell: "{{ item.shell |default('/usr/bin/nologin') }}"
with_items: "{{ system_user }}"
shell: "{{ item.shell | default('/usr/bin/nologin') }}"
with_items: '{{ system_user }}'
- name: create system group
group:
name: "{{ item.name }}"
with_items: "{{ system_group }}"
- name: Create system group
ansible.builtin.group:
name: '{{ item.name }}'
with_items: '{{ system_group }}'
become: true