fixing ansible lint

3 years ago · 62f3ee4316
parent d49819acec
commit 62f3ee4316
14 changed files with 102 additions and 224 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -0,0 +1,3 @@
+skip_list:
+  - '403' # allow for latest packages
+  - name[casing]
--- a/group_vars/linodes.yml
+++ b/group_vars/linodes.yml
@ -9,7 +9,6 @@ services:
 - name: nextcloud
 - name: nginx-proxy-manager
 - name: uptime-kuma
-#- name: docker-volume-backup
 - name: mariadb
 - name: photoprism
 - name: olivetin
--- a/host_vars/qnap.yml
+++ b/host_vars/qnap.yml
@ -42,8 +42,6 @@ services:
  endpoint_id: 2
 - name: vpn-stack
  endpoint_id: 2
-#- name: docker-volume-backup
-#  endpoint_id: 2
 - name: mariadb
  endpoint_id: 2
 - name: photoprism
--- a/playbooks/backup-docker-volumes.yml
+++ b/playbooks/backup-docker-volumes.yml
@ -1,5 +1,6 @@
 ---
- hosts: qnap
+- name: Backup Docker Volumes.
+  hosts: qnap
  become: true
  vars:
    # corrsponds to which category of backups will be used.
@ -8,12 +9,11 @@

  pre_tasks:
  - name: Include vault variables.
-    include_vars: '../{{vault_file}}'
+    include_vars: '../{{ vault_file }}'
    tags: [always]

  tasks:
    - name: Find Containers With Backup Label
-      register: docker_info
      docker_host_info:
        containers: true
        containers_filters:
@ -21,12 +21,11 @@
           - "ie.cianhatton.backup.enabled=true"
           - "ie.cianhatton.backup.schedule={{ schedule }}"
      register: filter_output
-    - debug: msg="{{filter_output}}"

    - name: Get Container Names
      set_fact: container_names="{{ filter_output.containers  | map(attribute="Names")  | flatten }}"

-    - debug: msg="{{container_names}}"
+    - debug: msg="{{ container_names }}"

    - name: Backup Containers with backup label
      include_role:
--- a/playbooks/verify-homelab.yml
+++ b/playbooks/verify-homelab.yml
@ -30,7 +30,7 @@
    register: image_details
  - name: Assert desired images exist
    assert:
-      that: {{item in image_details.images | map(attribute='RepoTags') | flatten: !!null ''}: !!null ''}
+      that: "{{ item in image_details.images | map(attribute='RepoTags') | flatten }}"
    with_items: '{{desired_docker_images}}'

  - name: Fetch Sudoers Files
--- a/roles/setup_hosted_services/tasks/main.yml
+++ b/roles/setup_hosted_services/tasks/main.yml
@ -106,20 +106,22 @@
  with_items: '{{services}}'

 - name: Ensure Nightly Cron Backups
+  tags: ["cron"]
  ansible.builtin.cron:
    name: backup docker volumes (nightly)
    weekday: "0"
    minute: "0"
    hour: "3"
    user: ansible
-    job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly"
+    job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly >> /home/cianhatton/logs/nightly.log 2>&1"
    cron_file: ansible_nightly_docker_volume_backup

 - name: Ensure Monthly Cron Backups
+  tags: ["cron"]
  ansible.builtin.cron:
    name: backup docker volumes (monthly)
    month: "*"
    day : "1"
    user: ansible
-    job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=monthly"
+    job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=monthly >> /home/cianhatton/logs/monthly.log 2>&1"
    cron_file: ansible_monthly_docker_volume_backup
--- a/roles/setup_mergerfs/tasks/main.yml
+++ b/roles/setup_mergerfs/tasks/main.yml
@ -37,4 +37,4 @@
  include_role:
    name: sprat.mergerfs
  vars:
-    mergerfs_mounts: '{{mounts}}'
+    mergerfs_mounts: '{{ mounts }}'
--- a/roles/setup_portainer/meta/main.yml
+++ b/roles/setup_portainer/meta/main.yml
@ -1,53 +1,15 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
-  company: your company (optional)
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
+  description: Setup Portainer for my Home Lab
  license: MIT

-  min_ansible_version: 2.1
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
+  min_ansible_version: "2.1"
+  platforms:
+    - name: Debian
+      versions:
+        - all

  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.

 dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
--- a/roles/setup_portainer/tasks/main.yml
+++ b/roles/setup_portainer/tasks/main.yml
@ -1,27 +1,27 @@
- name: Portainer | Create directory if it does not exist
+---
+- name: Portainer | Create directory if it does not exist.
  ansible.builtin.file:
-    path: '{{directories.docker_compose_directory}}'
+    path: '{{ directories.docker_compose_directory }}'
    state: directory
    mode: '0755'

- name: Portainer | Copy docker compose file
-  copy:
+- name: Portainer | Copy docker compose file.
+  ansible.builtin.copy:
    src: docker-compose.yml
-    dest: '{{directories.docker_compose_directory}}/docker-compose.yml'
+    dest: '{{ directories.docker_compose_directory }}/docker-compose.yml'

 - name: Portainer | Check if volume exists
-  shell: docker volume ls -f name=portainer_portainer_data --format '{{ '{{' }}  .Name
-    {{ '}}' }}'
+  ansible.builtin.shell: docker volume ls -f name=portainer_portainer_data --format '{{ '{{' }}  .Name {{ '}}' }}'
  register: portainer_volume
  changed_when: false

 - name: Portainer | Pull images
  docker_image:
-    name: '{{item}}'
+    name: '{{ item }}'
    source: pull
  with_items:
-  - ubuntu
-  - busybox
+    - ubuntu
+    - busybox

 - name: Docker Volume Backup | Restore Portainer volume from S3
  when: (portainer_volume.stdout_lines | length) == 0
@ -31,34 +31,17 @@
    name: s3-restore-portainer
    cleanup: true # delete container after it's done.
    state: started # container should execute.
-    detach: no # task fails if container exits.
+    detach: false # task fails if container exits.
    volumes:
-    - /var/run/docker.sock:/var/run/docker.sock
-    - /tmp:/tmp   # temp s3 archive goes here
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /tmp:/tmp   # temp s3 archive goes here
    env:
-      AWS_ACCESS_KEY_ID: '{{aws_s3.aws_access_key}}'
-      AWS_SECRET_ACCESS_KEY: '{{aws_s3.aws_secret_key}}'
-      AWS_DEFAULT_REGION: '{{aws_s3.region}}'
-      AWS_BUCKET: '{{aws_s3.bucket}}'
-      AWS_ENDPOINT: '{{aws_s3.s3_url}}'
-
+      AWS_ACCESS_KEY_ID: '{{ aws_s3.aws_access_key }}'
+      AWS_SECRET_ACCESS_KEY: '{{ aws_s3.aws_secret_key }}'
+      AWS_DEFAULT_REGION: '{{ aws_s3.region }}'
+      AWS_BUCKET: '{{ aws_s3.bucket }}'
+      AWS_ENDPOINT: '{{ aws_s3.s3_url }}'

 - name: Portainer | Docker compose up
  community.docker.docker_compose:
-    project_src: '{{directories.docker_compose_directory}}/portainer'
-
-# Don't really need this as long as there is an S3 backup.
-#- name: Portainer | Register Admin User
-#  when: (portainer_volume.stdout_lines | length) == 0
-#  uri:
-#    url: http://localhost:9000/api/users/admin/init
-#    method: POST
-#    body:
-#      Username: admin
-#      Password: "{{portainer.password}}"
-#    status_code: 200
-#    body_format: json
-#  register: result
-#  until: result.status == 200
-#  retries: 60
-#  delay: 1
+    project_src: '{{ directories.docker_compose_directory }}/portainer'
--- a/roles/setup_samba/defaults/main.yml
+++ b/roles/setup_samba/defaults/main.yml
@ -1,9 +1,10 @@
+---
 samba_group: smbgroup
 samba_user: smbuser
 users:
- name: cianhatton
+  - name: cianhatton
 shares:
- /share
- /share/public_files
- /share/private_files
- /share/cian_files
+  - /share
+  - /share/public_files
+  - /share/private_files
+  - /share/cian_files
--- a/roles/setup_samba/meta/main.yml
+++ b/roles/setup_samba/meta/main.yml
@ -1,53 +1,15 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
-  company: your company (optional)
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
+  description: Setup Samba Shares for my Home Lab.
  license: MIT

-  min_ansible_version: 2.1
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
+  min_ansible_version: "2.1"
+  platforms:
+    - name: Debian
+      versions:
+        - all

  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.

 dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
--- a/roles/setup_samba/tasks/main.yml
+++ b/roles/setup_samba/tasks/main.yml
@ -1,53 +1,57 @@
- name: Install samba packages using apt
-  apt:
+---
+- name: Install samba packages using apt.
+  ansible.builtin.apt:
    name:
-    - samba
+      - samba
    state: present
    update_cache: true

- name: Ensure samba group exists
+- name: Ensure samba group exists.
  ansible.builtin.group:
-    name: '{{samba_group}}'
+    name: '{{ samba_group }}'
    state: present
    system: true
  notify:
-  - reload-samba
+    - reload-samba

- name: Ensure samba user
+- name: Ensure samba user.
  ansible.builtin.user:
-    name: '{{samba_user}}'
+    name: '{{ samba_user }}'
    comment: Samba user
-    group: '{{samba_group}}'
+    group: '{{ samba_group }}'
    shell: /bin/false
    create_home: false
  notify:
-  - reload-samba
+    - reload-samba

- name: Add the User(s) to Samba group
-  user:
+- name: Add the User(s) to Samba group.
+  ansible.builtin.user:
    name: '{{ item.name }}'
    groups: '{{ samba_group }}'
    append: true
-  with_items: '{{users}}'
+  with_items: '{{ users }}'

- name: Ensure Share directories
+- name: Ensure Share directories.
  ansible.builtin.file:
-    path: '{{item}}'
+    path: '{{ item }}'
    recurse: true
    state: directory
-    owner: '{{samba_user}}'
-    group: '{{samba_group}}'
+    owner: '{{ samba_user }}'
+    group: '{{ samba_group }}'
    mode: u+rw,g+rw
-  with_items: '{{shares}}'
+  with_items: '{{ shares }}'
  notify:
-  - reload-samba
+    - reload-samba

- name: Copy smb conf files
-  copy:
-    src: '{{item}}'
-    dest: /etc/samba/{{item}}
+- name: Copy smb conf files.
+  ansible.builtin.copy:
+    src: '{{ item }}'
+    dest: "/etc/samba/{{ item }}"
+    mode: 0644
+    owner: "{{ samba_user }}"
+    group: "{{ samba_group }}"
  with_items:
-  - smb.conf
-  - shares.conf
+    - smb.conf
+    - shares.conf
  notify:
-  - reload-samba
+    - reload-samba
--- a/roles/setup_users/meta/main.yml
+++ b/roles/setup_users/meta/main.yml
@ -1,53 +1,15 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
-  company: your company (optional)
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
+  description: Setup users for my Home Lab
  license: MIT

-  min_ansible_version: 2.1
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
+  min_ansible_version: "2.1"
+  platforms:
+    - name: Debian
+      versions:
+        - all

  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.

 dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
--- a/roles/setup_users/tasks/main.yml
+++ b/roles/setup_users/tasks/main.yml
@ -1,39 +1,42 @@
 # https://stackoverflow.com/questions/37333305/ansible-create-a-user-with-sudo-privileges
- name: Install Sudo
-  apt:
+- name: Install Sudo.
+  ansible.builtin.apt:
    pkg:
-    - sudo
+      - sudo
    state: latest
    update_cache: true

- name: Make sure we have a  groups
-  group:
+- name: Make sure we have a groups.
+  ansible.builtin.group:
    name: '{{ item.group }}'
    state: present
  with_items: '{{ users }}'

- name: Add Users
+- name: Add Users.
  ansible.builtin.user:
    name: '{{ item.name }}'
    comment: '{{ item.name }} user'
    group: '{{ item.group }}'
  with_items: '{{ users }}'

- name: Add sudoers
-  template:
+- name: Add sudoers.
+  ansible.builtin.template:
    src: sudoers.j2
-    dest: /etc/sudoers.d/{{item.name}}
+    dest: /etc/sudoers.d/{{ item.name }}
    mode: 0440
  with_items: '{{ users }}'
-  when: item.passwordless_sudo == true
+  when: item.passwordless_sudo

- name: Set authorized key
+- name: Set authorized key.
  authorized_key:
    user: '{{ homelab_user }}'
    state: present
    key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

- name: Copy Bashrc
-  copy:
+- name: Copy Bashrc.
+  ansible.builtin.copy:
    src: bash_rc
    dest: "/home/{{ homelab_user }}/.bash_rc"
+    group: "{{ homelab_user }}"
+    owner: "{{ homelab_user }}"
+    mode: 0644