From 1419eaa0036e5f11addcd765563d864511147da0 Mon Sep 17 00:00:00 2001 From: vincent Date: Sat, 10 Dec 2022 18:51:03 +0100 Subject: [PATCH] style: correct ansible lint --- tasks/AUR_builder.yml | 10 ++--- tasks/base_software.yml | 26 ++++++------ tasks/bat.yml | 8 ++-- tasks/depot_debian.yml | 4 +- tasks/depot_redhat.yml | 4 +- tasks/dhcpcd.yml | 8 ++-- tasks/firewalld.yml | 4 +- tasks/hostname.yml | 2 +- tasks/hosts.yml | 2 +- tasks/locales.yml | 8 ++-- tasks/main.yml | 54 ++++++++++++++++--------- tasks/pacman.yml | 27 ++++++++----- tasks/ssh.yml | 90 ++++++++++++++++++++--------------------- tasks/sudoers.yml | 29 +++++++------ tasks/tasks.sysctl.yml | 4 +- tasks/time.yml | 4 +- tasks/usergroup.yml | 18 ++++----- 17 files changed, 163 insertions(+), 139 deletions(-) diff --git a/tasks/AUR_builder.yml b/tasks/AUR_builder.yml index 413973c..6c9ade5 100644 --- a/tasks/AUR_builder.yml +++ b/tasks/AUR_builder.yml @@ -1,18 +1,18 @@ -- name: install base-devel package - pacman: +- name: Install base-devel package + community.general.pacman: state: present # not required. choices: absent;latest;present. Desired state of the package. name: ["base-devel"] # not required. Name or list of names of the packages to install, upgrade, or remove. update_cache: true become: true - name: Create aur_builder user - user: + ansible.builtin.user: name: aur_builder group: wheel become: true - name: Allow aur_builder to run pacman as root - lineinfile: + ansible.builtin.lineinfile: path: /etc/sudoers.d/11-install-aur_builder line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman" create: true @@ -20,7 +20,7 @@ mode: 0600 become: true -- name: install yay +- name: Install yay aur: state: present name: yay diff --git a/tasks/base_software.yml b/tasks/base_software.yml index d8f7a6d..f588043 100644 --- a/tasks/base_software.yml +++ b/tasks/base_software.yml @@ -1,5 +1,5 @@ -- name: upgrade arch-keyring - pacman: +- name: Upgrade arch-keyring + community.general.pacman: state: latest # noqa package-latest name: archlinux-keyring force: true @@ -7,8 +7,8 @@ become: true when: system_upgrade and ansible_facts['os_family'] == "Archlinux" -- name: upgrade system - pacman: +- name: Upgrade system + community.general.pacman: state: latest # noqa package-latest upgrade: true force: true @@ -18,19 +18,19 @@ register: upgrade - name: Reboot updates to apply - reboot: + ansible.builtin.reboot: reboot_timeout: 3600 when: upgrade.changed and "linux" in upgrade.packages and system_upgrade and ansible_facts['os_family'] == "Archlinux" become: true -- name: launch arch base install software - pacman: +- name: Launch arch base install software + community.general.pacman: state: present name: "{{ system_base_softwares }}" become: true when: ansible_facts['os_family'] == "Archlinux" -- name: install aur workstation soft +- name: Install aur workstation soft aur: name: "{{ system_base_aur_soft }}" state: present @@ -38,23 +38,23 @@ become_user: aur_builder when: ansible_facts['os_family'] == "Archlinux" and system_base_aur_soft -- name: launch debian base install software - apt: +- name: Launch debian base install software + ansible.builtin.apt: state: present name: "{{ system_base_softwares }}" update_cache: true become: true when: ansible_facts['os_family'] == "Debian" -- name: launch redhat base install software - dnf: +- name: Launch redhat base install software + ansible.builtin.dnf: state: present name: "{{ system_base_softwares }}" update_cache: true become: true when: ansible_facts['os_family'] == "RedHat" -#- name: pass user shell to zsh +#- name: Pass user shell to zsh # user: # name: "{{ user.name }}" # shell: /bin/zsh diff --git a/tasks/bat.yml b/tasks/bat.yml index 0eedf19..7e6c5f7 100644 --- a/tasks/bat.yml +++ b/tasks/bat.yml @@ -1,5 +1,5 @@ - name: GITHUB | Get current version of bat - shell: > + ansible.builtin.shell: > set -o pipefail && curl -L --silent https://api.github.com/repos/sharkdp/bat/releases/latest | grep '"tag_name":' | @@ -12,14 +12,12 @@ bat_version.rc != 0 or not bat_version.stdout|regex_search('\w+\.\w+\.\w+') - name: DEBIAN | Set URL to download bins - set_fact: + ansible.builtin.set_fact: debian_url: "https://github.com/sharkdp/bat/releases/download/v{{ bat_version.stdout }}/bat_{{ bat_version.stdout }}_amd64.deb" when: ansible_facts['os_family'] == "Debian" - name: DEBIAN | Install deb from github become: true - apt: + ansible.builtin.apt: deb: "{{ debian_url }}" when: ansible_facts['os_family'] == "Debian" - - diff --git a/tasks/depot_debian.yml b/tasks/depot_debian.yml index acd1a98..2b12de0 100644 --- a/tasks/depot_debian.yml +++ b/tasks/depot_debian.yml @@ -1,5 +1,5 @@ -- name: add repo main contrib - apt_repository: +- name: Add repo main contrib + ansible.builtin.apt_repository: repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free state: present update_cache: true diff --git a/tasks/depot_redhat.yml b/tasks/depot_redhat.yml index 397e8ea..bf0cf83 100644 --- a/tasks/depot_redhat.yml +++ b/tasks/depot_redhat.yml @@ -1,5 +1,5 @@ -- name: add repo main contrib - dnf: +- name: Add repo main contrib + ansible.builtin.dnf: name: epel-release state: present update_cache: true diff --git a/tasks/dhcpcd.yml b/tasks/dhcpcd.yml index 3231eaa..865d7da 100644 --- a/tasks/dhcpcd.yml +++ b/tasks/dhcpcd.yml @@ -1,10 +1,10 @@ --- -- name: ensure dhcpcd is instaled - pacman: +- name: Ensure dhcpcd is instaled + community.general.pacman: name: dhcpcd state: present -- name: change hostname setting - lineinfile: +- name: Change hostname setting + ansible.builtin.lineinfile: dest: /etc/dhcpcd.conf regexp: "^#hostname" line: "hostname" diff --git a/tasks/firewalld.yml b/tasks/firewalld.yml index c4d7c95..3f3365e 100644 --- a/tasks/firewalld.yml +++ b/tasks/firewalld.yml @@ -1,6 +1,6 @@ --- -- name: disable firewalld - service: +- name: Disable firewalld + ansible.builtin.service: name: firewalld state: stopped enabled: false diff --git a/tasks/hostname.yml b/tasks/hostname.yml index 49f6879..f036229 100644 --- a/tasks/hostname.yml +++ b/tasks/hostname.yml @@ -1,5 +1,5 @@ - name: Ensure hostname set - hostname: + ansible.builtin.hostname: name: "{{ inventory_hostname }}" use: systemd become: true diff --git a/tasks/hosts.yml b/tasks/hosts.yml index 491fd56..7e32a81 100644 --- a/tasks/hosts.yml +++ b/tasks/hosts.yml @@ -1,6 +1,6 @@ - name: Install custom hosts file become: true - template: + ansible.builtin.template: src: etc_hosts.j2 dest: "{{ hosts_file }}" owner: root diff --git a/tasks/locales.yml b/tasks/locales.yml index df44818..1164545 100644 --- a/tasks/locales.yml +++ b/tasks/locales.yml @@ -1,6 +1,6 @@ --- - name: Set keymap - copy: + ansible.builtin.copy: content: "KEYMAP={{ arch_base_keymap }}\n" dest: /etc/vconsole.conf mode: 0644 @@ -8,14 +8,14 @@ become: true - name: Generate locales - locale_gen: + community.general.locale_gen: name: "{{ item }}" state: present with_items: "{{ arch_base_locales }}" become: true - name: Set locale - lineinfile: + ansible.builtin.lineinfile: dest: /etc/locale.conf line: "LANG={{ arch_base_locale }}" regexp: "^LANG=" @@ -25,6 +25,6 @@ - name: Set timezone become: true - command: timedatectl set-timezone {{ arch_base_timezone }} + ansible.builtin.command: timedatectl set-timezone {{ arch_base_timezone }} args: creates: /etc/localtime diff --git a/tasks/main.yml b/tasks/main.yml index c30d434..682688e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,31 +1,49 @@ -- name: gather os specific variables - include_vars: "{{ item }}" +- name: Gather os specific variables + ansible.builtin.include_vars: "{{ item }}" with_first_found: - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" - "{{ ansible_os_family }}.yml" tags: vars -- include_tasks: hostname.yml -- include_tasks: hosts.yml -- include_tasks: tasks.sysctl.yml -- include_tasks: dhcpcd.yml +- name: Include hostname + ansible.builtin.include_tasks: hostname.yml +- name: Include hosts + ansible.builtin.include_tasks: hosts.yml +- name: Include tasks.sysctl + ansible.builtin.include_tasks: tasks.sysctl.yml +- name: Include wol + ansible.builtin.include_tasks: wol.yml +- name: Include dhcpcd + ansible.builtin.include_tasks: dhcpcd.yml when: ansible_os_family == "Archlinux" -- include_tasks: locales.yml +- name: Include locales + ansible.builtin.include_tasks: locales.yml when: ansible_os_family == "Archlinux" -- include_tasks: time.yml -- include_tasks: usergroup.yml -- include_tasks: ssh.yml -- include_tasks: sudoers.yml -- include_tasks: pacman.yml +- name: Include time + ansible.builtin.include_tasks: time.yml +- name: Include usergroup + ansible.builtin.include_tasks: usergroup.yml +- name: Include ssh + ansible.builtin.include_tasks: ssh.yml +- name: Include sudoers + ansible.builtin.include_tasks: sudoers.yml +- name: Include pacman + ansible.builtin.include_tasks: pacman.yml when: ansible_facts['os_family'] == "Archlinux" -- include_tasks: firewalld.yml +- name: Include firewalld + ansible.builtin.include_tasks: firewalld.yml when: ansible_facts['os_family'] == "RedHat" -- include_tasks: depot_debian.yml +- name: Include depot_debian + ansible.builtin.include_tasks: depot_debian.yml when: ansible_facts['os_family'] == "Debian" -- include_tasks: depot_redhat.yml +- name: Inclide depot_redhat + ansible.builtin.include_tasks: depot_redhat.yml when: ansible_os_family == "RedHat" -- include_tasks: AUR_builder.yml +- name: Include AUR_builder + ansible.builtin.include_tasks: AUR_builder.yml when: ansible_facts['os_family'] == "Archlinux" -- include_tasks: base_software.yml -- include_tasks: bat.yml +- name: Include base_software + ansible.builtin.include_tasks: base_software.yml +- name: Include bat + ansible.builtin.include_tasks: bat.yml when: ansible_facts['os_family'] == "Debian" diff --git a/tasks/pacman.yml b/tasks/pacman.yml index 777e87b..bd8800e 100644 --- a/tasks/pacman.yml +++ b/tasks/pacman.yml @@ -1,33 +1,42 @@ --- - name: Configure pacman color - replace: dest=/etc/pacman.conf regexp="^#(Color)" replace="\1" + ansible.builtin.replace: + dest: /etc/pacman.conf + regexp: ^#(Color)" + replace: \1" become: true - name: Configure more pacman visuals - replace: dest=/etc/pacman.conf regexp="#(VerbosePkgLists)" replace="\1\nILoveCandy" + ansible.builtin.replace: + dest: /etc/pacman.conf + regexp: "#(VerbosePkgLists)" + replace: \1\nILoveCandy" become: true - name: Configure pacman multilib repo become: true - replace: dest=/etc/pacman.conf regexp="^#(\[multilib\])\n^#(.*)$" replace="\1\n\2" + ansible.builtin.replace: + dest: /etc/pacman.conf + regexp: ^#(\[multilib\])\n^#(.*)$" + replace: \1\n\2" notify: Update_pacman_repos when: ansible_architecture == "x86_64" -- name: add local repo to mirrorlist +- name: Add local repo to mirrorlist become: true - lineinfile: + ansible.builtin.lineinfile: path: /etc/pacman.d/mirrorlist line: "Server= {{ system_arch_local_mirror }}/$repo/os/$arch" state: present insertbefore: BOF when: system_arch_local_mirror -- name: stat ca-certificates - stat: +- name: Stat ca-certificates + ansible.builtin.stat: path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of. register: cacertificates -- name: reinstall certificate for old system - command: "pacman -Sy ca-certificates-utils openssl --noconfirm" +- name: Reinstall certificate for old system + ansible.builtin.command: "pacman -Sy ca-certificates-utils openssl --noconfirm" become: true when: not cacertificates.stat.exists diff --git a/tasks/ssh.yml b/tasks/ssh.yml index a28afdb..9ed0ee6 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -1,91 +1,91 @@ -- name: ensure SSH instalation +- name: Ensure SSH instalation become: true - package: - name: "{{ system_ssh_package }}" + ansible.builtin.package: + name: '{{ system_ssh_package }}' state: present -- name: ensure .ssh exist for user +- name: Ensure .ssh exist for user become: true - file: + ansible.builtin.file: state: directory - path: "/home/{{item}}/.ssh" - owner: "{{item}}" + path: '/home/{{ item }}/.ssh' + owner: '{{ item }}' mode: 0700 with_items: - - "{{user.name}}" + - '{{ user.name }}' - ansible -- name: copy ssh config for user +- name: Copy ssh config for user become: true - template: - dest: "/home/{{ item }}/.ssh/config" - src: "ssh/config.j2" + ansible.builtin.template: + dest: '/home/{{ item }}/.ssh/config' + src: 'ssh/config.j2' force: true remote_src: false - mode: "600" + mode: '600' selevel: s0 - owner: "{{ item }}" + owner: '{{ item }}' with_items: - - "{{ user.name }}" + - '{{ user.name }}' - ansible -- name: ensure root ssh directory exist +- name: Ensure root ssh directory exist become: true - file: + ansible.builtin.file: state: directory - path: "/root/.ssh" - owner: "root" + path: '/root/.ssh' + owner: 'root' mode: 0700 -- name: copy ssh config for root +- name: Copy ssh config for root become: true - copy: + ansible.builtin.copy: dest: /root/.ssh/ - src: "ssh/config" + src: 'ssh/config' force: true remote_src: false - mode: "600" + mode: '600' selevel: s0 - owner: "root" + owner: 'root' -- name: ensure key directory exist +- name: Ensure key directory exist become: true - file: + ansible.builtin.file: state: directory - path: "{{ item.keyfile | dirname }}" - owner: "{{ item.user }}" + path: '{{ item.keyfile | dirname }}' + owner: '{{ item.user }}' mode: 0700 - with_items: "{{ privatekeytodeploy }}" + with_items: '{{ privatekeytodeploy }}' - name: Install ssh private key become: true - copy: - content: "{{ item.privatekey }}" - dest: "{{ item.keyfile }}" + ansible.builtin.copy: + content: '{{ item.privatekey }}' + dest: '{{ item.keyfile }}' mode: 0600 - owner: "{{ item.user }}" - with_items: "{{ privatekeytodeploy }}" + owner: '{{ item.user }}' + with_items: '{{ privatekeytodeploy }}' - name: Deploy SSH-Keys to remote host - authorized_key: - user: "{{ item.user }}" - key: "{{ item.sshkey }}" + ansible.posix.authorized_key: + user: '{{ item.user }}' + key: '{{ item.sshkey }}' exclusive: false - with_items: "{{ keystodeploy }}" + with_items: '{{ keystodeploy }}' become: true -- name: les connexions par mot de passe sont désactivées +- name: Les connexions par mot de passe sont désactivées become: true - lineinfile: + ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config - regexp: "^#?PasswordAuthentication" - line: "PasswordAuthentication no" + regexp: '^#?PasswordAuthentication' + line: 'PasswordAuthentication no' state: present notify: Restart sshd - name: Remove root SSH access become: true - lineinfile: + ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config - regexp: "^PermitRootLogin" - line: "PermitRootLogin no" + regexp: '^PermitRootLogin' + line: 'PermitRootLogin no' state: present notify: Restart sshd diff --git a/tasks/sudoers.yml b/tasks/sudoers.yml index 47e5524..8d38087 100644 --- a/tasks/sudoers.yml +++ b/tasks/sudoers.yml @@ -1,24 +1,23 @@ -- name: set sudoers right - lineinfile: - dest: "/etc/sudoers.d/{{user.name}}" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: "present" +- name: Set sudoers right + ansible.builtin.lineinfile: + dest: '/etc/sudoers.d/{{ user.name }}' + regexp: '{{ item.regexp }}' + line: '{{ item.line }}' + state: 'present' create: True - owner: "root" - group: "root" - mode: "0440" + owner: 'root' + group: 'root' + mode: '0440' validate: 'visudo -cf "%s"' with_items: - - regexp: '^{{user.name}}\s' - line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL" + - regexp: '^{{ user.name }}\s' + line: '{{ user.name }} ALL = (ALL) NOPASSWD:ALL' become: True -- name: change secure path - replace: - path: "/etc/sudoers" +- name: Change secure path + ansible.builtin.replace: + path: '/etc/sudoers' regexp: ^Defaults\s*secure_path.* replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin validate: 'visudo -cf "%s"' become: true - diff --git a/tasks/tasks.sysctl.yml b/tasks/tasks.sysctl.yml index f476608..e85dbd9 100644 --- a/tasks/tasks.sysctl.yml +++ b/tasks/tasks.sysctl.yml @@ -1,6 +1,6 @@ --- -- name: disable IPV6 - template: +- name: Disable IPV6 + ansible.builtin.template: src: 40-ipv6.j2 dest: /etc/sysctl.d/40-ipv6.conf owner: root diff --git a/tasks/time.yml b/tasks/time.yml index 810d5b2..543d6fc 100644 --- a/tasks/time.yml +++ b/tasks/time.yml @@ -1,6 +1,6 @@ --- - name: Enable timesync - service: + ansible.builtin.service: name: systemd-timesyncd.service enabled: true state: started @@ -8,7 +8,7 @@ when: ansible_facts['os_family'] == 'Archlinux' and not ansible_virtualization_type in ["lxc","docker"] - name: Set timezone and hardware clock - timezone: + community.general.timezone: hwclock: "{{ time.hwclock }}" name: "{{ time.timezone }}" become: true diff --git a/tasks/usergroup.yml b/tasks/usergroup.yml index f071094..3e16361 100644 --- a/tasks/usergroup.yml +++ b/tasks/usergroup.yml @@ -1,15 +1,15 @@ --- -- name: create system user +- name: Create system user become: true - user: - name: "{{ item.name }}" + ansible.builtin.user: + name: '{{ item.name }}' system: true home: "{{ item.home | default('/') }}" - shell: "{{ item.shell |default('/usr/bin/nologin') }}" - with_items: "{{ system_user }}" + shell: "{{ item.shell | default('/usr/bin/nologin') }}" + with_items: '{{ system_user }}' -- name: create system group - group: - name: "{{ item.name }}" - with_items: "{{ system_group }}" +- name: Create system group + ansible.builtin.group: + name: '{{ item.name }}' + with_items: '{{ system_group }}' become: true