Ansible-lint and yamllint
Does not fix all warnings, but gets rid of the purely cosmetic ones. (roles/accounts/tasks/main.yml)
This commit is contained in:
parent
38e5c1bf70
commit
af7b3b36fe
|
@ -10,13 +10,13 @@
|
||||||
become: true
|
become: true
|
||||||
become_user: root
|
become_user: root
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
# become_method: su
|
# become_method: su
|
||||||
|
|
||||||
|
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.yml
|
- vars/main.yml
|
||||||
# - vars/secrets.yml
|
# - vars/secrets.yml
|
||||||
# - vars/openbsd-secret.yml
|
# - vars/openbsd-secret.yml
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
@ -27,9 +27,9 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
- evocheck
|
- evocheck
|
||||||
- post-install
|
- post-install
|
||||||
#- openvpn
|
# - openvpn
|
||||||
#- ospf
|
# - ospf
|
||||||
#- bgp
|
# - bgp
|
||||||
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- include: "tasks/commit_etc_git.yml"
|
- include: "tasks/commit_etc_git.yml"
|
||||||
|
@ -41,5 +41,3 @@
|
||||||
|
|
||||||
# environment:
|
# environment:
|
||||||
# PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/"
|
# PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/"
|
||||||
|
|
||||||
# vim:ft=ansible
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
|
# ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
|
||||||
|
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
become: yes
|
become: yes
|
||||||
become_method: su
|
become_method: su
|
||||||
user: root
|
user: root
|
||||||
|
|
|
@ -30,12 +30,13 @@
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: grep_allowusers_ssh
|
register: grep_allowusers_ssh
|
||||||
|
|
||||||
- assert:
|
- name: "Check that AllowUsers and AllowGroup do not override each other"
|
||||||
|
assert:
|
||||||
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
||||||
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
||||||
|
|
||||||
- set_fact:
|
- name: "If AllowGroups is present then use it"
|
||||||
# If "AllowGroups is present"
|
set_fact:
|
||||||
ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
|
ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
|
||||||
|
|
||||||
- name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'"
|
- name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'"
|
||||||
|
|
|
@ -3,29 +3,29 @@
|
||||||
## Edit and uncomment to overwrite the default values ##
|
## Edit and uncomment to overwrite the default values ##
|
||||||
########################################################
|
########################################################
|
||||||
|
|
||||||
#ntpd_servers:
|
# ntpd_servers:
|
||||||
#- "ntp.evolix.net"
|
# - "ntp.evolix.net"
|
||||||
#
|
#
|
||||||
#general_alert_email: "root@localhost"
|
# general_alert_email: "root@localhost"
|
||||||
#general_technical_realm: "example.com"
|
# general_technical_realm: "example.com"
|
||||||
evolinux_ssh_group: "evolinux-ssh"
|
evolinux_ssh_group: "evolinux-ssh"
|
||||||
evolinux_sudo_group: "evolinux-sudo"
|
evolinux_sudo_group: "evolinux-sudo"
|
||||||
evolinux_root_disable_ssh: true
|
evolinux_root_disable_ssh: true
|
||||||
#
|
#
|
||||||
#evomaintenance_realm: "example.com"
|
# evomaintenance_realm: "example.com"
|
||||||
#evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
|
# evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
|
||||||
#evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
|
# evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
|
||||||
#evomaintenance_pg_host: Null
|
# evomaintenance_pg_host: Null
|
||||||
#evomaintenance_pg_passwd: Null
|
# evomaintenance_pg_passwd: Null
|
||||||
#evomaintenance_pg_db: Null
|
# evomaintenance_pg_db: Null
|
||||||
#evomaintenance_pg_table: Null
|
# evomaintenance_pg_table: Null
|
||||||
#evomaintenance_from_domain: "{{ evomaintenance_realm }}"
|
# evomaintenance_from_domain: "{{ evomaintenance_realm }}"
|
||||||
#evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
|
# evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
|
||||||
#evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
|
# evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
|
||||||
#evomaintenance_urgency_from: mama.doe@example.com
|
# evomaintenance_urgency_from: mama.doe@example.com
|
||||||
#evomaintenance_urgency_tel: "06.00.00.00.00"
|
# evomaintenance_urgency_tel: "06.00.00.00.00"
|
||||||
#
|
#
|
||||||
#evolix_users:
|
# evolix_users:
|
||||||
# foo:
|
# foo:
|
||||||
# name: foo
|
# name: foo
|
||||||
# uid: 1042
|
# uid: 1042
|
||||||
|
|
Loading…
Reference in a new issue