linting

2022-02-13 09:40:15 +01:00 · 2022-02-13 09:40:15 +01:00 · 20a93c9fcb
commit 20a93c9fcb
parent a7b16cb3bc
12 changed files with 111 additions and 104 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -6,12 +6,12 @@
  command: localectl set-keymap {{ arch_base_keymap }}

 - name: Update_pacman_repos
-  become: yes
-  pacman: update_cache=yes
+  become: true
+  pacman: update_cache=true

 - name: Restart sshd
  service: name=sshd state=restarted
-  become: yes
+  become: true

 - name: restart_sysctl
  service: name=systemd-sysctl state=restarted
--- a/tasks/AUR_builder.yml
+++ b/tasks/AUR_builder.yml
@ -1,29 +1,30 @@
 - name: install base-devel package
  pacman:
    state: present # not required. choices: absent;latest;present. Desired state of the package.
-    name: ['base-devel'] # not required. Name or list of names of the packages to install, upgrade, or remove.
-    update_cache: yes
-  become: yes
+    name: ["base-devel"] # not required. Name or list of names of the packages to install, upgrade, or remove.
+    update_cache: true
+  become: true

 - name: Create aur_builder user
  user:
    name: aur_builder
    group: wheel
-  become: yes
+  become: true

 - name: Allow aur_builder to run pacman as root
  lineinfile:
    path: /etc/sudoers.d/11-install-aur_builder
-    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
-    create: yes
-    validate: 'visudo -cf %s'
-  become: yes
+    line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman"
+    create: true
+    validate: "visudo -cf %s"
+    mode: 0600
+  become: true

 - name: install yay
  aur:
    state: present
    name: yay
    use: makepkg
-    skip_pgp_check: yes
-  become: yes
+    skip_pgp_check: true
+  become: true
  become_user: aur_builder
--- a/tasks/base_software.yml
+++ b/tasks/base_software.yml
@ -1,19 +1,19 @@
 - name: upgrade arch-keyring
  pacman:
-    state: latest # not required. choices: absent;latest;present. Desired state of the package.
+    state: latest # noqa package-latest
    name: archlinux-keyring
-    force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases.
+    force: true
    update_cache: false
-  become: yes
+  become: true
  when: system_upgrade and  ansible_facts['os_family'] == "Archlinux"

 - name: upgrade system
  pacman:
-    state: latest # not required. choices: absent;latest;present. Desired state of the package.
-    upgrade: true # not required. Whether or not to upgrade whole system.
-    force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases.
+    state: latest # noqa package-latest
+    upgrade: true
+    force: true
    update_cache: false
-  become: yes
+  become: true
  when: system_upgrade and  ansible_facts['os_family'] == "Archlinux"
  register: upgrade

@ -21,33 +21,34 @@
  reboot:
    reboot_timeout: 3600
  when: upgrade.changed and "linux" in upgrade.packages and system_upgrade and  ansible_facts['os_family'] == "Archlinux"
-  become: yes
+  become: true

 - name: launch arch base install software
  pacman:
-    state: present # not required. choices: absent;latest;present. Desired state of the package.
-    name: "{{system_base_softwares_arch}}"
-  become: yes
+    state: present
+    name: "{{ system_base_softwares_arch }}"
+  become: true
  when: ansible_facts['os_family'] == "Archlinux"

 - name: install aur workstation soft
  aur:
    name: "{{ system_base_aur_soft }}"
    state: present
-  become: yes
+  become: true
  become_user: aur_builder
  when: ansible_facts['os_family'] == "Archlinux" and system_base_aur_soft

 - name: launch debian base install software
  apt:
-    state: present # not required. choices: absent;latest;present. Desired state of the package.
-    name: "{{system_base_softwares_debian}}"
-    update_cache: yes
-  become: yes
+    state: present
+    name: "{{ system_base_softwares_debian }}"
+    update_cache: true
+  become: true
  when: ansible_facts['os_family'] == "Debian"

 - name: GITHUB | Get current version of bat
  shell: >
+    set -o pipefail
    warn=False
    curl --silent https://github.com/sharkdp/bat/releases/latest |
    grep 'tag' |
@ -66,12 +67,12 @@
 - name: DEBIAN | Install deb from github
  become: true
  apt:
-    deb: "{{debian_url}}"
+    deb: "{{ debian_url }}"
  when: ansible_facts['os_family'] == "Debian"

 - name: pass user shell to zsh
  user:
-    name: "{{user.name}}" # required. Name of the user to create, remove or modify.
-    shell: /bin/zsh # not required. Optionally set the user's shell.,On macOS, before version 2.5, the default shell for non-system users was /usr/bin/false. Since 2.5, the default shell for non-system users on macOS is /bin/bash.
-    state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
-  become: yes
+    name: "{{ user.name }}"
+    shell: /bin/zsh
+    state: present
+  become: true
--- a/tasks/depot_debian.yml
+++ b/tasks/depot_debian.yml
@ -1,6 +1,6 @@
 - name: add repo main contrib
  apt_repository:
    repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free
-      state: present # not required. choices: absent;present. A source string state.
-      update_cache: yes # not required. Run the equivalent of C(apt-get update) when a change occurs.  Cache updates are run after making changes.
-  become: yes
+    state: present
+    update_cache: true
+  become: true
--- a/tasks/hostname.yml
+++ b/tasks/hostname.yml
@ -1,6 +1,5 @@
-
 - name: Ensure hostname set
  hostname:
    name: "{{ inventory_hostname }}"
    use: systemd
-  become: yes
+  become: true
--- a/tasks/locales.yml
+++ b/tasks/locales.yml
@ -1,22 +1,30 @@
 ---
 - name: Set keymap
-  copy: content="KEYMAP={{ arch_base_keymap }}\n" dest=/etc/vconsole.conf
+  copy:
+    content: "KEYMAP={{ arch_base_keymap }}\n"
+    dest: /etc/vconsole.conf
+    mode: 0644
  notify: Update keymap
-  become: yes
+  become: true

 - name: Generate locales
  locale_gen:
    name: "{{ item }}"
    state: present
  with_items: "{{ arch_base_locales }}"
-  become: yes
+  become: true

 - name: Set locale
-  lineinfile: dest=/etc/locale.conf line="LANG={{ arch_base_locale }}" regexp="^LANG=" create=yes
-  become: yes
+  lineinfile:
+    dest: /etc/locale.conf
+    line: "LANG={{ arch_base_locale }}"
+    regexp: "^LANG="
+    create: true
+    mode: 0644
+  become: true
+
 - name: Set timezone
-  become: yes
+  become: true
  command: timedatectl set-timezone {{ arch_base_timezone }}
  args:
    creates: /etc/localtime
-
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,4 +1,4 @@
-#- include_tasks: hostname.yml
+- include_tasks: hostname.yml
 - include_tasks: hosts.yml
 - include_tasks: tasks.sysctl.yml
 - include_tasks: dhcpcd.yml
--- a/tasks/pacman.yml
+++ b/tasks/pacman.yml
@ -1,23 +1,23 @@
 ---
 - name: Configure pacman color
  replace: dest=/etc/pacman.conf regexp="^#(Color)" replace="\1"
-  become: yes
+  become: true

 - name: Configure more pacman visuals
  replace: dest=/etc/pacman.conf regexp="#(VerbosePkgLists)" replace="\1\nILoveCandy"
-  become: yes
+  become: true

 - name: Configure pacman multilib repo
-  become: yes
+  become: true
  replace: dest=/etc/pacman.conf regexp="^#(\[multilib\])\n^#(.*)$" replace="\1\n\2"
  notify: Update_pacman_repos
  when: ansible_architecture == "x86_64"

 - name: add local repo to mirrorlist
-  become: yes
+  become: true
  lineinfile:
    path: /etc/pacman.d/mirrorlist
-    line: "Server= {{system_arch_local_mirror}}/$repo/os/$arch"
+    line: "Server= {{ system_arch_local_mirror }}/$repo/os/$arch"
    state: present
    insertbefore: BOF
  when: system_arch_local_mirror is defined
@ -27,8 +27,7 @@
    path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of.
  register: cacertificates

-
 - name: reinstall certificate for old system
  command: "pacman -Sy ca-certificates-utils openssl --noconfirm"
-  become: yes
+  become: true
  when: not cacertificates.stat.exists
--- a/tasks/ssh.yml
+++ b/tasks/ssh.yml
@ -1,15 +1,15 @@
 - name: copy  ssh config for user
-  become: yes
+  become: true
  copy:
-    dest: /home/{{item}}/.ssh/ # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist.
-    src: "ssh/config" # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync.
-    force: yes # not required. the default is C(yes), which will replace the remote file when contents are different than the source. If C(no), the file will only be transferred if the destination does not exist.
-    remote_src: no # not required. If C(no), it will search for I(src) at originating/master machine.,If C(yes) it will go to the remote/target machine for the I(src). Default is C(no).,Currently I(remote_src) does not support recursive copying.,I(remote_src) only works with C(mode=preserve) as of version 2.6.
-    mode: "600" # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number.  Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.  As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)).  As of version 2.3, the mode may also be the special string C(preserve).  C(preserve) means that the file will be given the same permissions as the source file.
-    selevel: s0 # not required. Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the C(range). C(_default) feature works as for I(seuser).
-    owner: "{{item}}" # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
+    dest: /home/{{ item }}/.ssh/
+    src: "ssh/config"
+    force: true
+    remote_src: false
+    mode: "600"
+    selevel: s0
+    owner: "{{ item }}"
  with_items:
-    - "{{user.name}}"
+    - "{{ user.name }}"
 - name: ensure root ssh directory exist
  become: true
  file:
@ -19,44 +19,44 @@
    mode: 0700

 - name: copy  ssh config for root
-  become: yes
+  become: true
  copy:
-    dest: /root/.ssh/ # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist.
-    src: "ssh/config" # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync.
-    force: yes # not required. the default is C(yes), which will replace the remote file when contents are different than the source. If C(no), the file will only be transferred if the destination does not exist.
-    remote_src: no # not required. If C(no), it will search for I(src) at originating/master machine.,If C(yes) it will go to the remote/target machine for the I(src). Default is C(no).,Currently I(remote_src) does not support recursive copying.,I(remote_src) only works with C(mode=preserve) as of version 2.6.
-    mode: "600" # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number.  Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.  As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)).  As of version 2.3, the mode may also be the special string C(preserve).  C(preserve) means that the file will be given the same permissions as the source file.
-    selevel: s0 # not required. Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the C(range). C(_default) feature works as for I(seuser).
-    owner: "root" # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
+    dest: /root/.ssh/
+    src: "ssh/config"
+    force: true
+    remote_src: false
+    mode: "600"
+    selevel: s0
+    owner: "root"

 - name: ensure key directory exist
  become: true
  file:
    state: directory
    path: "{{ item.keyfile | dirname }}"
-    owner: "{{item.user}}"
+    owner: "{{ item.user }}"
    mode: 0700
-  with_items: "{{privatekeytodeploy}}"
+  with_items: "{{ privatekeytodeploy }}"

 - name: Install ssh private key
-  become: yes
+  become: true
  copy:
    content: "{{ item.privatekey }}"
    dest: "{{ item.keyfile }}"
    mode: 0600
-    owner: "{{item.user}}"
-  with_items: "{{privatekeytodeploy}}"
+    owner: "{{ item.user }}"
+  with_items: "{{ privatekeytodeploy }}"

 - name: Deploy SSH-Keys to remote host
  authorized_key:
-    user: "{{item.user}}"
-    key: "{{item.sshkey}}"
-    exclusive: no
-  with_items: "{{keystodeploy}}"
-  become: yes
+    user: "{{ item.user }}"
+    key: "{{ item.sshkey }}"
+    exclusive: false
+  with_items: "{{ keystodeploy }}"
+  become: true

 - name: les connexions par mot de passe sont désactivées
-  become: yes
+  become: true
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^#?PasswordAuthentication"
@ -65,7 +65,7 @@
  notify: Restart sshd

 - name: Remove root SSH access
-  become: yes
+  become: true
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^PermitRootLogin"
--- a/tasks/tasks.sysctl.yml
+++ b/tasks/tasks.sysctl.yml
@ -7,4 +7,4 @@
    group: root
    mode: 0644
  notify: restart_sysctl
-  become: True
+  become: true
--- a/tasks/time.yml
+++ b/tasks/time.yml
@ -1,12 +1,12 @@
 ---
 - name: Enable timesync
  command: timedatectl set-ntp true
-  become: yes
+  become: true
  args:
    creates: /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service

 - name: Set timezone and hardware clock
  timezone:
-    hwclock: '{{ time.hwclock }}'
-    name: '{{ time.timezone }}'
-  become: yes
+    hwclock: "{{ time.hwclock }}"
+    name: "{{ time.timezone }}"
+  become: true
--- a/tasks/usergroup.yml
+++ b/tasks/usergroup.yml
@ -1,16 +1,15 @@
 ---
 - name: create system user
-  become: yes
+  become: true
  user:
-      name: "{{item.name}}"
-      system: yes
+    name: "{{ item.name }}"
+    system: true
    home: "{{ item.home | default('/') }}"
    shell: "{{ item.shell |default('/usr/bin/nologin') }}"
-  with_items: "{{system_user}}"
-
+  with_items: "{{ system_user }}"

 - name: create system group
  group:
-      name: "{{item.name}}"
-  with_items: "{{system_group}}"
-  become: yes
+    name: "{{ item.name }}"
+  with_items: "{{ system_group }}"
+  become: true