style: correct ansible lint
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
cdef59b348
commit
1419eaa003
@ -1,18 +1,18 @@
|
||||
- name: install base-devel package
|
||||
pacman:
|
||||
- name: Install base-devel package
|
||||
community.general.pacman:
|
||||
state: present # not required. choices: absent;latest;present. Desired state of the package.
|
||||
name: ["base-devel"] # not required. Name or list of names of the packages to install, upgrade, or remove.
|
||||
update_cache: true
|
||||
become: true
|
||||
|
||||
- name: Create aur_builder user
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: aur_builder
|
||||
group: wheel
|
||||
become: true
|
||||
|
||||
- name: Allow aur_builder to run pacman as root
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/sudoers.d/11-install-aur_builder
|
||||
line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman"
|
||||
create: true
|
||||
@ -20,7 +20,7 @@
|
||||
mode: 0600
|
||||
become: true
|
||||
|
||||
- name: install yay
|
||||
- name: Install yay
|
||||
aur:
|
||||
state: present
|
||||
name: yay
|
||||
|
@ -1,5 +1,5 @@
|
||||
- name: upgrade arch-keyring
|
||||
pacman:
|
||||
- name: Upgrade arch-keyring
|
||||
community.general.pacman:
|
||||
state: latest # noqa package-latest
|
||||
name: archlinux-keyring
|
||||
force: true
|
||||
@ -7,8 +7,8 @@
|
||||
become: true
|
||||
when: system_upgrade and ansible_facts['os_family'] == "Archlinux"
|
||||
|
||||
- name: upgrade system
|
||||
pacman:
|
||||
- name: Upgrade system
|
||||
community.general.pacman:
|
||||
state: latest # noqa package-latest
|
||||
upgrade: true
|
||||
force: true
|
||||
@ -18,19 +18,19 @@
|
||||
register: upgrade
|
||||
|
||||
- name: Reboot updates to apply
|
||||
reboot:
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: 3600
|
||||
when: upgrade.changed and "linux" in upgrade.packages and system_upgrade and ansible_facts['os_family'] == "Archlinux"
|
||||
become: true
|
||||
|
||||
- name: launch arch base install software
|
||||
pacman:
|
||||
- name: Launch arch base install software
|
||||
community.general.pacman:
|
||||
state: present
|
||||
name: "{{ system_base_softwares }}"
|
||||
become: true
|
||||
when: ansible_facts['os_family'] == "Archlinux"
|
||||
|
||||
- name: install aur workstation soft
|
||||
- name: Install aur workstation soft
|
||||
aur:
|
||||
name: "{{ system_base_aur_soft }}"
|
||||
state: present
|
||||
@ -38,23 +38,23 @@
|
||||
become_user: aur_builder
|
||||
when: ansible_facts['os_family'] == "Archlinux" and system_base_aur_soft
|
||||
|
||||
- name: launch debian base install software
|
||||
apt:
|
||||
- name: Launch debian base install software
|
||||
ansible.builtin.apt:
|
||||
state: present
|
||||
name: "{{ system_base_softwares }}"
|
||||
update_cache: true
|
||||
become: true
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: launch redhat base install software
|
||||
dnf:
|
||||
- name: Launch redhat base install software
|
||||
ansible.builtin.dnf:
|
||||
state: present
|
||||
name: "{{ system_base_softwares }}"
|
||||
update_cache: true
|
||||
become: true
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
|
||||
#- name: pass user shell to zsh
|
||||
#- name: Pass user shell to zsh
|
||||
# user:
|
||||
# name: "{{ user.name }}"
|
||||
# shell: /bin/zsh
|
||||
|
@ -1,5 +1,5 @@
|
||||
- name: GITHUB | Get current version of bat
|
||||
shell: >
|
||||
ansible.builtin.shell: >
|
||||
set -o pipefail &&
|
||||
curl -L --silent https://api.github.com/repos/sharkdp/bat/releases/latest |
|
||||
grep '"tag_name":' |
|
||||
@ -12,14 +12,12 @@
|
||||
bat_version.rc != 0 or
|
||||
not bat_version.stdout|regex_search('\w+\.\w+\.\w+')
|
||||
- name: DEBIAN | Set URL to download bins
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
debian_url: "https://github.com/sharkdp/bat/releases/download/v{{ bat_version.stdout }}/bat_{{ bat_version.stdout }}_amd64.deb"
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: DEBIAN | Install deb from github
|
||||
become: true
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
deb: "{{ debian_url }}"
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
- name: add repo main contrib
|
||||
apt_repository:
|
||||
- name: Add repo main contrib
|
||||
ansible.builtin.apt_repository:
|
||||
repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free
|
||||
state: present
|
||||
update_cache: true
|
||||
|
@ -1,5 +1,5 @@
|
||||
- name: add repo main contrib
|
||||
dnf:
|
||||
- name: Add repo main contrib
|
||||
ansible.builtin.dnf:
|
||||
name: epel-release
|
||||
state: present
|
||||
update_cache: true
|
||||
|
@ -1,10 +1,10 @@
|
||||
---
|
||||
- name: ensure dhcpcd is instaled
|
||||
pacman:
|
||||
- name: Ensure dhcpcd is instaled
|
||||
community.general.pacman:
|
||||
name: dhcpcd
|
||||
state: present
|
||||
- name: change hostname setting
|
||||
lineinfile:
|
||||
- name: Change hostname setting
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/dhcpcd.conf
|
||||
regexp: "^#hostname"
|
||||
line: "hostname"
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: disable firewalld
|
||||
service:
|
||||
- name: Disable firewalld
|
||||
ansible.builtin.service:
|
||||
name: firewalld
|
||||
state: stopped
|
||||
enabled: false
|
||||
|
@ -1,5 +1,5 @@
|
||||
- name: Ensure hostname set
|
||||
hostname:
|
||||
ansible.builtin.hostname:
|
||||
name: "{{ inventory_hostname }}"
|
||||
use: systemd
|
||||
become: true
|
||||
|
@ -1,6 +1,6 @@
|
||||
- name: Install custom hosts file
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: etc_hosts.j2
|
||||
dest: "{{ hosts_file }}"
|
||||
owner: root
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Set keymap
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: "KEYMAP={{ arch_base_keymap }}\n"
|
||||
dest: /etc/vconsole.conf
|
||||
mode: 0644
|
||||
@ -8,14 +8,14 @@
|
||||
become: true
|
||||
|
||||
- name: Generate locales
|
||||
locale_gen:
|
||||
community.general.locale_gen:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ arch_base_locales }}"
|
||||
become: true
|
||||
|
||||
- name: Set locale
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/locale.conf
|
||||
line: "LANG={{ arch_base_locale }}"
|
||||
regexp: "^LANG="
|
||||
@ -25,6 +25,6 @@
|
||||
|
||||
- name: Set timezone
|
||||
become: true
|
||||
command: timedatectl set-timezone {{ arch_base_timezone }}
|
||||
ansible.builtin.command: timedatectl set-timezone {{ arch_base_timezone }}
|
||||
args:
|
||||
creates: /etc/localtime
|
||||
|
@ -1,31 +1,49 @@
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ item }}"
|
||||
- name: Gather os specific variables
|
||||
ansible.builtin.include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_os_family }}.yml"
|
||||
tags: vars
|
||||
|
||||
- include_tasks: hostname.yml
|
||||
- include_tasks: hosts.yml
|
||||
- include_tasks: tasks.sysctl.yml
|
||||
- include_tasks: dhcpcd.yml
|
||||
- name: Include hostname
|
||||
ansible.builtin.include_tasks: hostname.yml
|
||||
- name: Include hosts
|
||||
ansible.builtin.include_tasks: hosts.yml
|
||||
- name: Include tasks.sysctl
|
||||
ansible.builtin.include_tasks: tasks.sysctl.yml
|
||||
- name: Include wol
|
||||
ansible.builtin.include_tasks: wol.yml
|
||||
- name: Include dhcpcd
|
||||
ansible.builtin.include_tasks: dhcpcd.yml
|
||||
when: ansible_os_family == "Archlinux"
|
||||
- include_tasks: locales.yml
|
||||
- name: Include locales
|
||||
ansible.builtin.include_tasks: locales.yml
|
||||
when: ansible_os_family == "Archlinux"
|
||||
- include_tasks: time.yml
|
||||
- include_tasks: usergroup.yml
|
||||
- include_tasks: ssh.yml
|
||||
- include_tasks: sudoers.yml
|
||||
- include_tasks: pacman.yml
|
||||
- name: Include time
|
||||
ansible.builtin.include_tasks: time.yml
|
||||
- name: Include usergroup
|
||||
ansible.builtin.include_tasks: usergroup.yml
|
||||
- name: Include ssh
|
||||
ansible.builtin.include_tasks: ssh.yml
|
||||
- name: Include sudoers
|
||||
ansible.builtin.include_tasks: sudoers.yml
|
||||
- name: Include pacman
|
||||
ansible.builtin.include_tasks: pacman.yml
|
||||
when: ansible_facts['os_family'] == "Archlinux"
|
||||
- include_tasks: firewalld.yml
|
||||
- name: Include firewalld
|
||||
ansible.builtin.include_tasks: firewalld.yml
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
- include_tasks: depot_debian.yml
|
||||
- name: Include depot_debian
|
||||
ansible.builtin.include_tasks: depot_debian.yml
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
- include_tasks: depot_redhat.yml
|
||||
- name: Inclide depot_redhat
|
||||
ansible.builtin.include_tasks: depot_redhat.yml
|
||||
when: ansible_os_family == "RedHat"
|
||||
- include_tasks: AUR_builder.yml
|
||||
- name: Include AUR_builder
|
||||
ansible.builtin.include_tasks: AUR_builder.yml
|
||||
when: ansible_facts['os_family'] == "Archlinux"
|
||||
- include_tasks: base_software.yml
|
||||
- include_tasks: bat.yml
|
||||
- name: Include base_software
|
||||
ansible.builtin.include_tasks: base_software.yml
|
||||
- name: Include bat
|
||||
ansible.builtin.include_tasks: bat.yml
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
@ -1,33 +1,42 @@
|
||||
---
|
||||
- name: Configure pacman color
|
||||
replace: dest=/etc/pacman.conf regexp="^#(Color)" replace="\1"
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/pacman.conf
|
||||
regexp: ^#(Color)"
|
||||
replace: \1"
|
||||
become: true
|
||||
|
||||
- name: Configure more pacman visuals
|
||||
replace: dest=/etc/pacman.conf regexp="#(VerbosePkgLists)" replace="\1\nILoveCandy"
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/pacman.conf
|
||||
regexp: "#(VerbosePkgLists)"
|
||||
replace: \1\nILoveCandy"
|
||||
become: true
|
||||
|
||||
- name: Configure pacman multilib repo
|
||||
become: true
|
||||
replace: dest=/etc/pacman.conf regexp="^#(\[multilib\])\n^#(.*)$" replace="\1\n\2"
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/pacman.conf
|
||||
regexp: ^#(\[multilib\])\n^#(.*)$"
|
||||
replace: \1\n\2"
|
||||
notify: Update_pacman_repos
|
||||
when: ansible_architecture == "x86_64"
|
||||
|
||||
- name: add local repo to mirrorlist
|
||||
- name: Add local repo to mirrorlist
|
||||
become: true
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/pacman.d/mirrorlist
|
||||
line: "Server= {{ system_arch_local_mirror }}/$repo/os/$arch"
|
||||
state: present
|
||||
insertbefore: BOF
|
||||
when: system_arch_local_mirror
|
||||
|
||||
- name: stat ca-certificates
|
||||
stat:
|
||||
- name: Stat ca-certificates
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of.
|
||||
register: cacertificates
|
||||
|
||||
- name: reinstall certificate for old system
|
||||
command: "pacman -Sy ca-certificates-utils openssl --noconfirm"
|
||||
- name: Reinstall certificate for old system
|
||||
ansible.builtin.command: "pacman -Sy ca-certificates-utils openssl --noconfirm"
|
||||
become: true
|
||||
when: not cacertificates.stat.exists
|
||||
|
@ -1,91 +1,91 @@
|
||||
- name: ensure SSH instalation
|
||||
- name: Ensure SSH instalation
|
||||
become: true
|
||||
package:
|
||||
name: "{{ system_ssh_package }}"
|
||||
ansible.builtin.package:
|
||||
name: '{{ system_ssh_package }}'
|
||||
state: present
|
||||
- name: ensure .ssh exist for user
|
||||
- name: Ensure .ssh exist for user
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "/home/{{item}}/.ssh"
|
||||
owner: "{{item}}"
|
||||
path: '/home/{{ item }}/.ssh'
|
||||
owner: '{{ item }}'
|
||||
mode: 0700
|
||||
with_items:
|
||||
- "{{user.name}}"
|
||||
- '{{ user.name }}'
|
||||
- ansible
|
||||
|
||||
- name: copy ssh config for user
|
||||
- name: Copy ssh config for user
|
||||
become: true
|
||||
template:
|
||||
dest: "/home/{{ item }}/.ssh/config"
|
||||
src: "ssh/config.j2"
|
||||
ansible.builtin.template:
|
||||
dest: '/home/{{ item }}/.ssh/config'
|
||||
src: 'ssh/config.j2'
|
||||
force: true
|
||||
remote_src: false
|
||||
mode: "600"
|
||||
mode: '600'
|
||||
selevel: s0
|
||||
owner: "{{ item }}"
|
||||
owner: '{{ item }}'
|
||||
with_items:
|
||||
- "{{ user.name }}"
|
||||
- '{{ user.name }}'
|
||||
- ansible
|
||||
- name: ensure root ssh directory exist
|
||||
- name: Ensure root ssh directory exist
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "/root/.ssh"
|
||||
owner: "root"
|
||||
path: '/root/.ssh'
|
||||
owner: 'root'
|
||||
mode: 0700
|
||||
|
||||
- name: copy ssh config for root
|
||||
- name: Copy ssh config for root
|
||||
become: true
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
dest: /root/.ssh/
|
||||
src: "ssh/config"
|
||||
src: 'ssh/config'
|
||||
force: true
|
||||
remote_src: false
|
||||
mode: "600"
|
||||
mode: '600'
|
||||
selevel: s0
|
||||
owner: "root"
|
||||
owner: 'root'
|
||||
|
||||
- name: ensure key directory exist
|
||||
- name: Ensure key directory exist
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ item.keyfile | dirname }}"
|
||||
owner: "{{ item.user }}"
|
||||
path: '{{ item.keyfile | dirname }}'
|
||||
owner: '{{ item.user }}'
|
||||
mode: 0700
|
||||
with_items: "{{ privatekeytodeploy }}"
|
||||
with_items: '{{ privatekeytodeploy }}'
|
||||
|
||||
- name: Install ssh private key
|
||||
become: true
|
||||
copy:
|
||||
content: "{{ item.privatekey }}"
|
||||
dest: "{{ item.keyfile }}"
|
||||
ansible.builtin.copy:
|
||||
content: '{{ item.privatekey }}'
|
||||
dest: '{{ item.keyfile }}'
|
||||
mode: 0600
|
||||
owner: "{{ item.user }}"
|
||||
with_items: "{{ privatekeytodeploy }}"
|
||||
owner: '{{ item.user }}'
|
||||
with_items: '{{ privatekeytodeploy }}'
|
||||
|
||||
- name: Deploy SSH-Keys to remote host
|
||||
authorized_key:
|
||||
user: "{{ item.user }}"
|
||||
key: "{{ item.sshkey }}"
|
||||
ansible.posix.authorized_key:
|
||||
user: '{{ item.user }}'
|
||||
key: '{{ item.sshkey }}'
|
||||
exclusive: false
|
||||
with_items: "{{ keystodeploy }}"
|
||||
with_items: '{{ keystodeploy }}'
|
||||
become: true
|
||||
|
||||
- name: les connexions par mot de passe sont désactivées
|
||||
- name: Les connexions par mot de passe sont désactivées
|
||||
become: true
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?PasswordAuthentication"
|
||||
line: "PasswordAuthentication no"
|
||||
regexp: '^#?PasswordAuthentication'
|
||||
line: 'PasswordAuthentication no'
|
||||
state: present
|
||||
notify: Restart sshd
|
||||
|
||||
- name: Remove root SSH access
|
||||
become: true
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^PermitRootLogin"
|
||||
line: "PermitRootLogin no"
|
||||
regexp: '^PermitRootLogin'
|
||||
line: 'PermitRootLogin no'
|
||||
state: present
|
||||
notify: Restart sshd
|
||||
|
@ -1,24 +1,23 @@
|
||||
- name: set sudoers right
|
||||
lineinfile:
|
||||
dest: "/etc/sudoers.d/{{user.name}}"
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
state: "present"
|
||||
- name: Set sudoers right
|
||||
ansible.builtin.lineinfile:
|
||||
dest: '/etc/sudoers.d/{{ user.name }}'
|
||||
regexp: '{{ item.regexp }}'
|
||||
line: '{{ item.line }}'
|
||||
state: 'present'
|
||||
create: True
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0440"
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
mode: '0440'
|
||||
validate: 'visudo -cf "%s"'
|
||||
with_items:
|
||||
- regexp: '^{{ user.name }}\s'
|
||||
line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
|
||||
line: '{{ user.name }} ALL = (ALL) NOPASSWD:ALL'
|
||||
become: True
|
||||
|
||||
- name: change secure path
|
||||
replace:
|
||||
path: "/etc/sudoers"
|
||||
- name: Change secure path
|
||||
ansible.builtin.replace:
|
||||
path: '/etc/sudoers'
|
||||
regexp: ^Defaults\s*secure_path.*
|
||||
replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
|
||||
validate: 'visudo -cf "%s"'
|
||||
become: true
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: disable IPV6
|
||||
template:
|
||||
- name: Disable IPV6
|
||||
ansible.builtin.template:
|
||||
src: 40-ipv6.j2
|
||||
dest: /etc/sysctl.d/40-ipv6.conf
|
||||
owner: root
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Enable timesync
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: systemd-timesyncd.service
|
||||
enabled: true
|
||||
state: started
|
||||
@ -8,7 +8,7 @@
|
||||
when: ansible_facts['os_family'] == 'Archlinux' and not ansible_virtualization_type in ["lxc","docker"]
|
||||
|
||||
- name: Set timezone and hardware clock
|
||||
timezone:
|
||||
community.general.timezone:
|
||||
hwclock: "{{ time.hwclock }}"
|
||||
name: "{{ time.timezone }}"
|
||||
become: true
|
||||
|
@ -1,15 +1,15 @@
|
||||
---
|
||||
- name: create system user
|
||||
- name: Create system user
|
||||
become: true
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
ansible.builtin.user:
|
||||
name: '{{ item.name }}'
|
||||
system: true
|
||||
home: "{{ item.home | default('/') }}"
|
||||
shell: "{{ item.shell | default('/usr/bin/nologin') }}"
|
||||
with_items: "{{ system_user }}"
|
||||
with_items: '{{ system_user }}'
|
||||
|
||||
- name: create system group
|
||||
group:
|
||||
name: "{{ item.name }}"
|
||||
with_items: "{{ system_group }}"
|
||||
- name: Create system group
|
||||
ansible.builtin.group:
|
||||
name: '{{ item.name }}'
|
||||
with_items: '{{ system_group }}'
|
||||
become: true
|
||||
|
Loading…
Reference in New Issue
Block a user