From 20a93c9fcbb630fed3ffb62ce02c21f45a335037 Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 13 Feb 2022 09:40:15 +0100 Subject: [PATCH] linting --- handlers/main.yml | 6 ++--- tasks/AUR_builder.yml | 21 ++++++++------- tasks/base_software.yml | 43 +++++++++++++++--------------- tasks/depot_debian.yml | 8 +++--- tasks/hostname.yml | 3 +-- tasks/locales.yml | 26 +++++++++++------- tasks/main.yml | 2 +- tasks/pacman.yml | 19 +++++++------- tasks/ssh.yml | 58 ++++++++++++++++++++--------------------- tasks/tasks.sysctl.yml | 2 +- tasks/time.yml | 8 +++--- tasks/usergroup.yml | 19 +++++++------- 12 files changed, 111 insertions(+), 104 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 6643765..361395d 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -6,12 +6,12 @@ command: localectl set-keymap {{ arch_base_keymap }} - name: Update_pacman_repos - become: yes - pacman: update_cache=yes + become: true + pacman: update_cache=true - name: Restart sshd service: name=sshd state=restarted - become: yes + become: true - name: restart_sysctl service: name=systemd-sysctl state=restarted diff --git a/tasks/AUR_builder.yml b/tasks/AUR_builder.yml index 39a32fe..413973c 100644 --- a/tasks/AUR_builder.yml +++ b/tasks/AUR_builder.yml @@ -1,29 +1,30 @@ - name: install base-devel package pacman: state: present # not required. choices: absent;latest;present. Desired state of the package. - name: ['base-devel'] # not required. Name or list of names of the packages to install, upgrade, or remove. - update_cache: yes - become: yes + name: ["base-devel"] # not required. Name or list of names of the packages to install, upgrade, or remove. + update_cache: true + become: true - name: Create aur_builder user user: name: aur_builder group: wheel - become: yes + become: true - name: Allow aur_builder to run pacman as root lineinfile: path: /etc/sudoers.d/11-install-aur_builder - line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' - create: yes - validate: 'visudo -cf %s' - become: yes + line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman" + create: true + validate: "visudo -cf %s" + mode: 0600 + become: true - name: install yay aur: state: present name: yay use: makepkg - skip_pgp_check: yes - become: yes + skip_pgp_check: true + become: true become_user: aur_builder diff --git a/tasks/base_software.yml b/tasks/base_software.yml index a1ba3b2..f536b88 100644 --- a/tasks/base_software.yml +++ b/tasks/base_software.yml @@ -1,19 +1,19 @@ - name: upgrade arch-keyring pacman: - state: latest # not required. choices: absent;latest;present. Desired state of the package. + state: latest # noqa package-latest name: archlinux-keyring - force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases. + force: true update_cache: false - become: yes + become: true when: system_upgrade and ansible_facts['os_family'] == "Archlinux" - name: upgrade system pacman: - state: latest # not required. choices: absent;latest;present. Desired state of the package. - upgrade: true # not required. Whether or not to upgrade whole system. - force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases. + state: latest # noqa package-latest + upgrade: true + force: true update_cache: false - become: yes + become: true when: system_upgrade and ansible_facts['os_family'] == "Archlinux" register: upgrade @@ -21,33 +21,34 @@ reboot: reboot_timeout: 3600 when: upgrade.changed and "linux" in upgrade.packages and system_upgrade and ansible_facts['os_family'] == "Archlinux" - become: yes + become: true - name: launch arch base install software pacman: - state: present # not required. choices: absent;latest;present. Desired state of the package. - name: "{{system_base_softwares_arch}}" - become: yes + state: present + name: "{{ system_base_softwares_arch }}" + become: true when: ansible_facts['os_family'] == "Archlinux" - name: install aur workstation soft aur: name: "{{ system_base_aur_soft }}" state: present - become: yes + become: true become_user: aur_builder when: ansible_facts['os_family'] == "Archlinux" and system_base_aur_soft - name: launch debian base install software apt: - state: present # not required. choices: absent;latest;present. Desired state of the package. - name: "{{system_base_softwares_debian}}" - update_cache: yes - become: yes + state: present + name: "{{ system_base_softwares_debian }}" + update_cache: true + become: true when: ansible_facts['os_family'] == "Debian" - name: GITHUB | Get current version of bat shell: > + set -o pipefail warn=False curl --silent https://github.com/sharkdp/bat/releases/latest | grep 'tag' | @@ -66,12 +67,12 @@ - name: DEBIAN | Install deb from github become: true apt: - deb: "{{debian_url}}" + deb: "{{ debian_url }}" when: ansible_facts['os_family'] == "Debian" - name: pass user shell to zsh user: - name: "{{user.name}}" # required. Name of the user to create, remove or modify. - shell: /bin/zsh # not required. Optionally set the user's shell.,On macOS, before version 2.5, the default shell for non-system users was /usr/bin/false. Since 2.5, the default shell for non-system users on macOS is /bin/bash. - state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated. - become: yes + name: "{{ user.name }}" + shell: /bin/zsh + state: present + become: true diff --git a/tasks/depot_debian.yml b/tasks/depot_debian.yml index dc30576..acd1a98 100644 --- a/tasks/depot_debian.yml +++ b/tasks/depot_debian.yml @@ -1,6 +1,6 @@ - name: add repo main contrib apt_repository: - repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free - state: present # not required. choices: absent;present. A source string state. - update_cache: yes # not required. Run the equivalent of C(apt-get update) when a change occurs. Cache updates are run after making changes. - become: yes \ No newline at end of file + repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free + state: present + update_cache: true + become: true diff --git a/tasks/hostname.yml b/tasks/hostname.yml index e906f20..49f6879 100644 --- a/tasks/hostname.yml +++ b/tasks/hostname.yml @@ -1,6 +1,5 @@ - - name: Ensure hostname set hostname: name: "{{ inventory_hostname }}" use: systemd - become: yes + become: true diff --git a/tasks/locales.yml b/tasks/locales.yml index 089276b..df44818 100644 --- a/tasks/locales.yml +++ b/tasks/locales.yml @@ -1,22 +1,30 @@ --- - name: Set keymap - copy: content="KEYMAP={{ arch_base_keymap }}\n" dest=/etc/vconsole.conf + copy: + content: "KEYMAP={{ arch_base_keymap }}\n" + dest: /etc/vconsole.conf + mode: 0644 notify: Update keymap - become: yes + become: true - name: Generate locales - locale_gen: + locale_gen: name: "{{ item }}" state: present with_items: "{{ arch_base_locales }}" - become: yes - + become: true + - name: Set locale - lineinfile: dest=/etc/locale.conf line="LANG={{ arch_base_locale }}" regexp="^LANG=" create=yes - become: yes + lineinfile: + dest: /etc/locale.conf + line: "LANG={{ arch_base_locale }}" + regexp: "^LANG=" + create: true + mode: 0644 + become: true + - name: Set timezone - become: yes + become: true command: timedatectl set-timezone {{ arch_base_timezone }} args: creates: /etc/localtime - diff --git a/tasks/main.yml b/tasks/main.yml index 2a06ea6..a331171 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,4 @@ -#- include_tasks: hostname.yml +- include_tasks: hostname.yml - include_tasks: hosts.yml - include_tasks: tasks.sysctl.yml - include_tasks: dhcpcd.yml diff --git a/tasks/pacman.yml b/tasks/pacman.yml index f74684e..ad1a761 100644 --- a/tasks/pacman.yml +++ b/tasks/pacman.yml @@ -1,34 +1,33 @@ --- - name: Configure pacman color replace: dest=/etc/pacman.conf regexp="^#(Color)" replace="\1" - become: yes + become: true - name: Configure more pacman visuals replace: dest=/etc/pacman.conf regexp="#(VerbosePkgLists)" replace="\1\nILoveCandy" - become: yes + become: true - name: Configure pacman multilib repo - become: yes + become: true replace: dest=/etc/pacman.conf regexp="^#(\[multilib\])\n^#(.*)$" replace="\1\n\2" notify: Update_pacman_repos when: ansible_architecture == "x86_64" - name: add local repo to mirrorlist - become: yes - lineinfile: + become: true + lineinfile: path: /etc/pacman.d/mirrorlist - line: "Server= {{system_arch_local_mirror}}/$repo/os/$arch" + line: "Server= {{ system_arch_local_mirror }}/$repo/os/$arch" state: present insertbefore: BOF when: system_arch_local_mirror is defined - name: stat ca-certificates stat: - path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of. + path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of. register: cacertificates - - name: reinstall certificate for old system command: "pacman -Sy ca-certificates-utils openssl --noconfirm" - become: yes - when: not cacertificates.stat.exists + become: true + when: not cacertificates.stat.exists diff --git a/tasks/ssh.yml b/tasks/ssh.yml index a8c76de..8a90100 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -1,15 +1,15 @@ - name: copy ssh config for user - become: yes + become: true copy: - dest: /home/{{item}}/.ssh/ # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist. - src: "ssh/config" # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync. - force: yes # not required. the default is C(yes), which will replace the remote file when contents are different than the source. If C(no), the file will only be transferred if the destination does not exist. - remote_src: no # not required. If C(no), it will search for I(src) at originating/master machine.,If C(yes) it will go to the remote/target machine for the I(src). Default is C(no).,Currently I(remote_src) does not support recursive copying.,I(remote_src) only works with C(mode=preserve) as of version 2.6. - mode: "600" # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)). As of version 2.3, the mode may also be the special string C(preserve). C(preserve) means that the file will be given the same permissions as the source file. - selevel: s0 # not required. Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the C(range). C(_default) feature works as for I(seuser). - owner: "{{item}}" # not required. Name of the user that should own the file/directory, as would be fed to I(chown). + dest: /home/{{ item }}/.ssh/ + src: "ssh/config" + force: true + remote_src: false + mode: "600" + selevel: s0 + owner: "{{ item }}" with_items: - - "{{user.name}}" + - "{{ user.name }}" - name: ensure root ssh directory exist become: true file: @@ -19,44 +19,44 @@ mode: 0700 - name: copy ssh config for root - become: yes + become: true copy: - dest: /root/.ssh/ # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist. - src: "ssh/config" # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync. - force: yes # not required. the default is C(yes), which will replace the remote file when contents are different than the source. If C(no), the file will only be transferred if the destination does not exist. - remote_src: no # not required. If C(no), it will search for I(src) at originating/master machine.,If C(yes) it will go to the remote/target machine for the I(src). Default is C(no).,Currently I(remote_src) does not support recursive copying.,I(remote_src) only works with C(mode=preserve) as of version 2.6. - mode: "600" # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)). As of version 2.3, the mode may also be the special string C(preserve). C(preserve) means that the file will be given the same permissions as the source file. - selevel: s0 # not required. Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the C(range). C(_default) feature works as for I(seuser). - owner: "root" # not required. Name of the user that should own the file/directory, as would be fed to I(chown). + dest: /root/.ssh/ + src: "ssh/config" + force: true + remote_src: false + mode: "600" + selevel: s0 + owner: "root" - name: ensure key directory exist become: true file: state: directory path: "{{ item.keyfile | dirname }}" - owner: "{{item.user}}" + owner: "{{ item.user }}" mode: 0700 - with_items: "{{privatekeytodeploy}}" + with_items: "{{ privatekeytodeploy }}" - name: Install ssh private key - become: yes + become: true copy: content: "{{ item.privatekey }}" dest: "{{ item.keyfile }}" mode: 0600 - owner: "{{item.user}}" - with_items: "{{privatekeytodeploy}}" + owner: "{{ item.user }}" + with_items: "{{ privatekeytodeploy }}" - name: Deploy SSH-Keys to remote host authorized_key: - user: "{{item.user}}" - key: "{{item.sshkey}}" - exclusive: no - with_items: "{{keystodeploy}}" - become: yes + user: "{{ item.user }}" + key: "{{ item.sshkey }}" + exclusive: false + with_items: "{{ keystodeploy }}" + become: true - name: les connexions par mot de passe sont désactivées - become: yes + become: true lineinfile: dest: /etc/ssh/sshd_config regexp: "^#?PasswordAuthentication" @@ -65,7 +65,7 @@ notify: Restart sshd - name: Remove root SSH access - become: yes + become: true lineinfile: dest: /etc/ssh/sshd_config regexp: "^PermitRootLogin" diff --git a/tasks/tasks.sysctl.yml b/tasks/tasks.sysctl.yml index 109d87b..f476608 100644 --- a/tasks/tasks.sysctl.yml +++ b/tasks/tasks.sysctl.yml @@ -7,4 +7,4 @@ group: root mode: 0644 notify: restart_sysctl - become: True + become: true diff --git a/tasks/time.yml b/tasks/time.yml index d9da526..5f6d30b 100644 --- a/tasks/time.yml +++ b/tasks/time.yml @@ -1,12 +1,12 @@ --- - name: Enable timesync command: timedatectl set-ntp true - become: yes + become: true args: creates: /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service - name: Set timezone and hardware clock timezone: - hwclock: '{{ time.hwclock }}' - name: '{{ time.timezone }}' - become: yes \ No newline at end of file + hwclock: "{{ time.hwclock }}" + name: "{{ time.timezone }}" + become: true diff --git a/tasks/usergroup.yml b/tasks/usergroup.yml index eb80491..f071094 100644 --- a/tasks/usergroup.yml +++ b/tasks/usergroup.yml @@ -1,16 +1,15 @@ --- - name: create system user - become: yes + become: true user: - name: "{{item.name}}" - system: yes - home: "{{ item.home | default('/') }}" - shell: "{{ item.shell |default('/usr/bin/nologin') }}" - with_items: "{{system_user}}" - + name: "{{ item.name }}" + system: true + home: "{{ item.home | default('/') }}" + shell: "{{ item.shell |default('/usr/bin/nologin') }}" + with_items: "{{ system_user }}" - name: create system group group: - name: "{{item.name}}" - with_items: "{{system_group}}" - become: yes + name: "{{ item.name }}" + with_items: "{{ system_group }}" + become: true