evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity

Ansible-lint and yamllint again

Browse source 
Lot of truthy variables, indentation and trailing spaces
This commit is contained in:
Jérémy Dubois 2020-06-01 11:37:15 +02:00
parent af7b3b36fe
commit e29e0e9e62
21 changed files with 115 additions and 120 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
prerequisite.yml
View file

@ -3,10 +3,10 @@
--- ---
- hosts: all - hosts: all
become: yes become: true
become_method: su become_method: su
user: root user: root
gather_facts: no gather_facts: false
tasks: tasks:

26
roles/base/defaults/main.yml
View file

@ -1,6 +1,6 @@
--- ---
ntpd_servers: ntpd_servers:
- "ntp.evolix.net" - "ntp.evolix.net"
general_alert_email: "root@localhost" general_alert_email: "root@localhost"
general_technical_realm: "example.com" general_technical_realm: "example.com"
@ -8,23 +8,23 @@ general_technical_realm: "example.com"
evomaintenance_realm: "example.com" evomaintenance_realm: "example.com"
evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}" evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
evomaintenance_pg_host: Null evomaintenance_pg_host: null
evomaintenance_pg_passwd: Null evomaintenance_pg_passwd: null
evomaintenance_pg_db: Null evomaintenance_pg_db: null
evomaintenance_pg_table: Null evomaintenance_pg_table: null
evomaintenance_from_domain: "{{ evomaintenance_realm }}" evomaintenance_from_domain: "{{ evomaintenance_realm }}"
evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}" evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>" evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
evomaintenance_urgency_from: mama.doe@example.com evomaintenance_urgency_from: mama.doe@example.com
evomaintenance_urgency_tel: "06.00.00.00.00" evomaintenance_urgency_tel: "06.00.00.00.00"
evomaintenance_install_vendor: False evomaintenance_install_vendor: false
evomaintenance_force_config: True evomaintenance_force_config: true
evomaintenance_api_endpoint: Null evomaintenance_api_endpoint: null
evomaintenance_api_key: Null evomaintenance_api_key: null
evomaintenance_hook_api: True evomaintenance_hook_api: true
evomaintenance_hook_db: False evomaintenance_hook_db: false
evomaintenance_hook_commit: True evomaintenance_hook_commit: true
evomaintenance_hook_mail: True evomaintenance_hook_mail: true
evomaintenance_default_hosts: [] evomaintenance_default_hosts: []
evomaintenance_additional_hosts: [] evomaintenance_additional_hosts: []
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}" evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"

6
roles/base/tasks/doas.yml
View file

@ -6,8 +6,6 @@
owner: root owner: root
group: wheel group: wheel
mode: "0640" mode: "0640"
backup: no backup: false
tags: tags:
- doas - doas

6
roles/base/tasks/dotfiles.yml
View file

@ -39,10 +39,10 @@
dest: /etc/skel/.profile dest: /etc/skel/.profile
insertafter: EOF insertafter: EOF
line: 'trap "doas /usr/share/scripts/evomaintenance.sh" 0' line: 'trap "doas /usr/share/scripts/evomaintenance.sh" 0'
create: yes create: true
tags: tags:
- admin - admin
- dotfiles - dotfiles
- name: Add vim configuration to dotfiles for new users - name: Add vim configuration to dotfiles for new users
copy: copy:

4
roles/base/tasks/evobackup.yml
View file

@ -6,7 +6,7 @@
owner: root owner: root
group: wheel group: wheel
mode: "0755" mode: "0755"
force: no force: false
tags: tags:
- evobackup - evobackup
@ -16,6 +16,6 @@
line: '#sh /usr/share/scripts/zzz_evobackup' line: '#sh /usr/share/scripts/zzz_evobackup'
owner: root owner: root
mode: "0644" mode: "0644"
create: yes create: true
tags: tags:
- evobackup - evobackup

6
roles/base/tasks/evomaintenance.yml
View file

@ -12,8 +12,8 @@
- name: Copy evomaintenance script and template - name: Copy evomaintenance script and template
copy: src={{ item.src }} dest={{ item.dest }} owner=root group=wheel mode="0755" copy: src={{ item.src }} dest={{ item.dest }} owner=root group=wheel mode="0755"
with_items: with_items:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/' } - {src: 'evomaintenance.sh', dest: '/usr/share/scripts/'}
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/' } - {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/'}
tags: tags:
- evomaintenance - evomaintenance
- script-evomaintenance - script-evomaintenance
@ -25,6 +25,6 @@
owner: root owner: root
group: wheel group: wheel
mode: "0600" mode: "0600"
backup: no backup: false
tags: tags:
- evomaintenance - evomaintenance

4
roles/base/tasks/mail.yml
View file

@ -3,7 +3,7 @@
lineinfile: lineinfile:
path: /etc/rc.local path: /etc/rc.local
line: 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}' line: 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
create: yes create: true
tags: tags:
- misc - misc
@ -12,7 +12,7 @@
dest: /etc/mail/aliases dest: /etc/mail/aliases
regexp: "# root:" regexp: "# root:"
replace: "root: {{ general_alert_email }}" replace: "root: {{ general_alert_email }}"
backup: no backup: false
notify: notify:
- newaliases - newaliases
tags: tags:

16
roles/base/tasks/packages.yml
View file

@ -10,20 +10,20 @@
- name: Install packages (vim rsync mtr etc) - name: Install packages (vim rsync mtr etc)
openbsd_pkg: openbsd_pkg:
name: name:
- wget - wget
- vim--no_x11 - vim--no_x11
- rsync-- - rsync--
- mtr-- - mtr--
- iftop - iftop
- sudo-- - sudo--
- postgresql-client - postgresql-client
tags: tags:
- pkg - pkg
- name: Disable sndiod - name: Disable sndiod
service: service:
name: sndiod name: sndiod
enabled: no enabled: false
state: stopped state: stopped
tags: tags:
- pkg - pkg

12
roles/base/tasks/sudo.yml
View file

@ -4,11 +4,11 @@
lineinfile: lineinfile:
dest: /etc/sudoers dest: /etc/sudoers
insertafter: '# and set environment variables.' insertafter: '# and set environment variables.'
line: '%wheel ALL=(ALL) SETENV: ALL' line: '%wheel ALL=(ALL) SETENV: ALL'
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
backup: no backup: false
tags: tags:
- sudo - sudo
- name: Configure sudoers for evomaintenance and monitoring - name: Configure sudoers for evomaintenance and monitoring
blockinfile: blockinfile:
@ -19,8 +19,6 @@
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
%wheel ALL=NOPASSWD: MAINT %wheel ALL=NOPASSWD: MAINT
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
backup: no backup: false
tags: tags:
- sudo - sudo

6
roles/bgp/tasks/main.yml
View file

@ -5,7 +5,7 @@
dest: /usr/share/scripts/bgpd-check-peers.sh dest: /usr/share/scripts/bgpd-check-peers.sh
when: group_names | select('search','bgp') | list | count > 0 when: group_names | select('search','bgp') | list | count > 0
tags: tags:
- bgp - bgp
- name: Cron job for bgp check script is installed - name: Cron job for bgp check script is installed
cron: cron:
@ -15,13 +15,13 @@
tags: tags:
- bgp - bgp
- name: Create bgp log directory - name: Create bgp log directory
file: file:
path: /var/log/bgp path: /var/log/bgp
state: directory state: directory
when: group_names | select('search','bgp') | list | count > 0 when: group_names | select('search','bgp') | list | count > 0
tags: tags:
- bgp - bgp
- name: weekly best routes cron job is installed - name: weekly best routes cron job is installed
cron: cron:

2
roles/etc-git/defaults/main.yml
View file

@ -1,4 +1,4 @@
--- ---
commit_message: Ansible run commit_message: Ansible run
etc_git_monitor_status: True etc_git_monitor_status: true

34
roles/etc-git/tasks/commit.yml
View file

@ -3,20 +3,20 @@
command: git status --porcelain command: git status --porcelain
args: args:
chdir: /etc chdir: /etc
changed_when: False changed_when: false
register: git_status register: git_status
when: not ansible_check_mode when: not ansible_check_mode
ignore_errors: yes ignore_errors: true
tags: tags:
- etc-git - etc-git
- commit-etc - commit-etc
- debug: - debug:
var: git_status var: git_status
verbosity: 3 verbosity: 3
tags: tags:
- etc-git - etc-git
- commit-etc - commit-etc
- name: fetch current Git user.email - name: fetch current Git user.email
git_config: git_config:
@ -24,18 +24,18 @@
repo: /etc repo: /etc
scope: local scope: local
register: git_config_user_email register: git_config_user_email
ignore_errors: yes ignore_errors: true
tags: tags:
- etc-git - etc-git
- commit-etc - commit-etc
- name: set commit author - name: set commit author
set_fact: set_fact:
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}' commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}'
tags: tags:
- etc-git - etc-git
- commit-etc - commit-etc
- name: /etc modifications are committed - name: /etc modifications are committed
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\"" shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
@ -43,14 +43,14 @@
chdir: /etc chdir: /etc
register: etc_commit_end_run register: etc_commit_end_run
when: not ansible_check_mode and git_status.stdout != "" when: not ansible_check_mode and git_status.stdout != ""
ignore_errors: yes ignore_errors: true
tags: tags:
- etc-git - etc-git
- commit-etc - commit-etc
- debug: - debug:
var: etc_commit_end_run var: etc_commit_end_run
verbosity: 4 verbosity: 4
tags: tags:
- etc-git - etc-git
- commit-etc - commit-etc

16
roles/etc-git/tasks/main.yml
View file

@ -12,7 +12,7 @@
args: args:
chdir: /etc chdir: /etc
creates: /etc/.git/ creates: /etc/.git/
warn: no warn: false
register: git_init register: git_init
tags: tags:
- etc-git - etc-git
@ -48,11 +48,11 @@
command: "git log" command: "git log"
args: args:
chdir: /etc chdir: /etc
warn: no warn: false
changed_when: False changed_when: false
failed_when: False failed_when: false
register: git_log register: git_log
check_mode: no check_mode: false
tags: tags:
- etc-git - etc-git
@ -60,7 +60,7 @@
shell: "git add -A . && git commit -m \"Initial commit via Ansible\"" shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
args: args:
chdir: /etc chdir: /etc
warn: no warn: false
register: git_commit register: git_commit
when: git_log.rc != 0 or (git_init is defined and git_init.changed) when: git_log.rc != 0 or (git_init is defined and git_init.changed)
tags: tags:
@ -72,7 +72,7 @@
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet' line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
owner: root owner: root
mode: "0644" mode: "0644"
create: yes create: true
tags: tags:
- etc-git - etc-git
@ -82,7 +82,7 @@
line: "{{ item }}" line: "{{ item }}"
owner: root owner: root
mode: "0644" mode: "0644"
create: yes create: true
when: etc_git_monitor_status when: etc_git_monitor_status
tags: tags:
- etc-git - etc-git

8
roles/evocheck/tasks/exec.yml
View file

@ -2,9 +2,9 @@
- name: run evocheck - name: run evocheck
command: "{{ evocheck_bin_dir }}/evocheck.sh" command: "{{ evocheck_bin_dir }}/evocheck.sh"
register: evocheck_run register: evocheck_run
changed_when: False changed_when: false
failed_when: False failed_when: false
check_mode: no check_mode: false
tags: tags:
- evocheck-exec - evocheck-exec
@ -12,4 +12,4 @@
var: evocheck_run.stdout_lines var: evocheck_run.stdout_lines
when: evocheck_run.stdout != "" when: evocheck_run.stdout != ""
tags: tags:
- evocheck-exec - evocheck-exec

6
roles/evocheck/tasks/install.yml
View file

@ -15,7 +15,7 @@
dest: "{{ evocheck_bin_dir }}/evocheck.sh" dest: "{{ evocheck_bin_dir }}/evocheck.sh"
mode: "0700" mode: "0700"
owner: root owner: root
force: yes force: true
tags: tags:
- evocheck - evocheck
@ -23,7 +23,7 @@
copy: copy:
src: evocheck.cf src: evocheck.cf
dest: /etc/evocheck.cf dest: /etc/evocheck.cf
force: no force: false
tags: tags:
- evocheck - evocheck
@ -33,6 +33,6 @@
line: 'sh /usr/share/scripts/evocheck.sh --verbose --cron' line: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
owner: root owner: root
mode: "0644" mode: "0644"
create: yes create: true
tags: tags:
- evocheck - evocheck

4
roles/forwarding/tasks/main.yml
View file

@ -4,7 +4,7 @@
name: net.inet.ip.forwarding name: net.inet.ip.forwarding
value: 1 value: 1
state: present state: present
reload: yes reload: true
tags: tags:
- net - net
@ -13,6 +13,6 @@
name: net.inet6.ip6.forwarding name: net.inet6.ip6.forwarding
value: 1 value: 1
state: present state: present
reload: yes reload: true
tags: tags:
- net - net

2
roles/nagios-nrpe/tasks/main.yml
View file

@ -54,5 +54,5 @@
- name: Starting and enabling nrpe - name: Starting and enabling nrpe
service: service:
name: nrpe name: nrpe
enabled: yes enabled: true
state: started state: started

63
roles/openvpn/tasks/main.yml
View file

@ -3,7 +3,7 @@
openbsd_pkg: openbsd_pkg:
name: "openvpn--" name: "openvpn--"
tags: tags:
- openvpn - openvpn
- name: Create /etc/openvpn directory - name: Create /etc/openvpn directory
file: file:
@ -13,59 +13,58 @@
group: "wheel" group: "wheel"
mode: "0755" mode: "0755"
tags: tags:
- openvpn - openvpn
- name: Deploy OpenVPN configuration - name: Deploy OpenVPN configuration
template: template:
src: "server.conf.j2" src: "server.conf.j2"
dest: "/etc/openvpn/server.conf" dest: "/etc/openvpn/server.conf"
mode: "0600" mode: "0600"
notify: restart openvpn notify: restart openvpn
tags: tags:
- openvpn - openvpn
- name: Enabling OpenVPN - name: Enabling OpenVPN
service: service:
name: openvpn name: openvpn
enabled: yes enabled: true
tags: tags:
- openvpn - openvpn
- name: Set OpenVPN flag - name: Set OpenVPN flag
shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"' shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"'
tags: tags:
- openvpn - openvpn
- name: Create shellpki user - name: Create shellpki user
user: user:
name: "_shellpki" name: "_shellpki"
system: yes system: true
state: present state: present
system: yes
home: "/etc/shellpki/" home: "/etc/shellpki/"
shell: "/sbin/nologin" shell: "/sbin/nologin"
tags: tags:
- openvpn - openvpn
- name: Copy some shellpki files - name: Copy some shellpki files
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: root owner: root
group: wheel group: wheel
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
force: yes force: true
with_items: with_items:
- { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' } - {src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640'}
- { src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755' } - {src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755'}
tags: tags:
- openvpn - openvpn
- name: Deploy DH PARAMETERS - name: Deploy DH PARAMETERS
template: template:
src: "dh2048.pem.j2" src: "dh2048.pem.j2"
dest: "/etc/shellpki/dh2048.pem" dest: "/etc/shellpki/dh2048.pem"
mode: "0600" mode: "0600"
tags: tags:
- openvpn - openvpn
@ -77,7 +76,7 @@
group: "wheel" group: "wheel"
mode: "0755" mode: "0755"
tags: tags:
- openvpn - openvpn
- name: Include /etc/sudoers.d in sudoers configuration file - name: Include /etc/sudoers.d in sudoers configuration file
lineinfile: lineinfile:
@ -91,20 +90,20 @@
src: "sudo_shellpki" src: "sudo_shellpki"
dest: "/etc/sudoers.d/shellpki" dest: "/etc/sudoers.d/shellpki"
force: true force: true
mode: "0440" mode: "0440"
validate: '/usr/local/sbin/visudo -cf %s' validate: '/usr/local/sbin/visudo -cf %s'
tags: tags:
- openvpn - openvpn
- name: Copy check_openvpn - name: Copy check_openvpn
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: root owner: root
group: wheel group: wheel
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
force: yes force: true
with_items: with_items:
- { src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755' } - {src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755'}
tags: tags:
- openvpn - openvpn

2
roles/ospf/tasks/main.yml
View file

@ -8,7 +8,7 @@
- "ospf6d-check-peers.sh" - "ospf6d-check-peers.sh"
when: group_names | select('search','ospf') | list | count > 0 when: group_names | select('search','ospf') | list | count > 0
tags: tags:
- ospf - ospf
- name: Cron job for ospf check scripts is installed - name: Cron job for ospf check scripts is installed
cron: cron:

2
roles/pf/tasks/main.yml
View file

@ -4,4 +4,4 @@
src: pf.conf.j2 src: pf.conf.j2
dest: /etc/pf.conf dest: /etc/pf.conf
mode: "0600" mode: "0600"
backup: yes backup: true

6
tasks/commit_etc_git.yml
View file

@ -3,10 +3,10 @@
command: git status --porcelain command: git status --porcelain
args: args:
chdir: /etc chdir: /etc
changed_when: False changed_when: false
register: git_status register: git_status
when: not ansible_check_mode when: not ansible_check_mode
ignore_errors: yes ignore_errors: true
tags: tags:
- commit-etc - commit-etc
@ -16,6 +16,6 @@
chdir: /etc chdir: /etc
register: etc_commit_end_evolinux register: etc_commit_end_evolinux
when: not ansible_check_mode and git_status.stdout != "" when: not ansible_check_mode and git_status.stdout != ""
ignore_errors: yes ignore_errors: true
tags: tags:
- commit-etc - commit-etc