Fix new ansible-lint errors
Quite a few changes here, hopefully they work!
This commit is contained in:
parent
2a0d40aca9
commit
2af9f8529d
27 changed files with 52 additions and 47 deletions
|
@ -2,6 +2,10 @@ skip_list:
|
||||||
- command-instead-of-shell
|
- command-instead-of-shell
|
||||||
- no-handler
|
- no-handler
|
||||||
- git-latest
|
- git-latest
|
||||||
|
- fqcn
|
||||||
|
- name[casing]
|
||||||
|
- name[play]
|
||||||
|
- no-changed-when
|
||||||
|
|
||||||
exclude_paths:
|
exclude_paths:
|
||||||
- galaxy_roles/
|
- galaxy_roles/
|
||||||
|
|
|
@ -2,7 +2,7 @@ docker_user:
|
||||||
id: 3000
|
id: 3000
|
||||||
name: dockeruser
|
name: dockeruser
|
||||||
|
|
||||||
docker_compose_file_mask: 0664
|
docker_compose_file_mask: "664"
|
||||||
docker_compose_directory_mask: 0775
|
docker_compose_directory_mask: "775"
|
||||||
|
|
||||||
docker_update_command: docker-compose pull && docker-compose down --remove-orphans && docker-compose rm && docker-compose up -d
|
docker_update_command: docker-compose pull && docker-compose down --remove-orphans && docker-compose rm && docker-compose up -d
|
||||||
|
|
4
ansible/group_vars/all/me.yml
Normal file
4
ansible/group_vars/all/me.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
me:
|
||||||
|
user: jake
|
||||||
|
home: /home/jake
|
||||||
|
name: Jake Howard
|
|
@ -1,3 +0,0 @@
|
||||||
user: jake
|
|
||||||
home: /home/{{ user }}
|
|
||||||
name: Jake Howard
|
|
|
@ -1,4 +1,4 @@
|
||||||
"hosts":
|
"vps_hosts":
|
||||||
"casey_ip": "213.219.38.11"
|
"casey_ip": "213.219.38.11"
|
||||||
"grimes_ip": "104.238.172.209"
|
"grimes_ip": "104.238.172.209"
|
||||||
"walker_ip": "192.248.168.230"
|
"walker_ip": "192.248.168.230"
|
|
@ -1,5 +1,5 @@
|
||||||
wireguard:
|
wireguard:
|
||||||
public_ip: "{{ hosts.casey_ip }}"
|
public_ip: "{{ vps_hosts.casey_ip }}"
|
||||||
port: 51820
|
port: 51820
|
||||||
cidr: 10.23.0.0/24
|
cidr: 10.23.0.0/24
|
||||||
server:
|
server:
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
vars:
|
vars:
|
||||||
docker_install_compose_plugin: "{{ ansible_os_family == 'Debian' }}"
|
docker_install_compose_plugin: "{{ ansible_os_family == 'Debian' }}"
|
||||||
docker_users:
|
docker_users:
|
||||||
- "{{ user }}"
|
- "{{ me.user }}"
|
||||||
- docker_cleanup
|
- docker_cleanup
|
||||||
|
|
||||||
- hosts:
|
- hosts:
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
password: aurto
|
password: aurto
|
||||||
owner: http
|
owner: http
|
||||||
group: http
|
group: http
|
||||||
mode: 0600
|
mode: "600"
|
||||||
become: true
|
become: true
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
|
@ -24,6 +24,6 @@
|
||||||
template:
|
template:
|
||||||
src: files/nginx.conf
|
src: files/nginx.conf
|
||||||
dest: /etc/nginx/nginx.conf
|
dest: /etc/nginx/nginx.conf
|
||||||
mode: "0600"
|
mode: "600"
|
||||||
become: true
|
become: true
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# Change to a high/odd port if this server is exposed to the internet directly
|
# Change to a high/odd port if this server is exposed to the internet directly
|
||||||
Port {{ ssh_port }}
|
Port {{ ssh_port }}
|
||||||
|
|
||||||
AllowUsers {% if hostname_slug in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
|
AllowUsers {% if hostname_slug in pve_hosts %}{{ me.user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ me.user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
|
||||||
|
|
||||||
# Bind to all interfaces (change to specific interface if needed)
|
# Bind to all interfaces (change to specific interface if needed)
|
||||||
ListenAddress 0.0.0.0
|
ListenAddress 0.0.0.0
|
||||||
|
|
|
@ -21,13 +21,13 @@
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
validate: /usr/sbin/sshd -t -f %s
|
validate: /usr/sbin/sshd -t -f %s
|
||||||
backup: true
|
backup: true
|
||||||
mode: 0644
|
mode: "644"
|
||||||
become: true
|
become: true
|
||||||
register: sshd_config
|
register: sshd_config
|
||||||
|
|
||||||
- name: Set up authorized keys
|
- name: Set up authorized keys
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ user }}"
|
user: "{{ me.user }}"
|
||||||
state: present
|
state: present
|
||||||
key: "{{ lookup('file', item) }}"
|
key: "{{ lookup('file', item) }}"
|
||||||
loop:
|
loop:
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
- name: Make me
|
- name: Make me
|
||||||
user:
|
user:
|
||||||
name: "{{ user }}"
|
name: "{{ me.user }}"
|
||||||
home: "{{ home }}"
|
home: "{{ me.home }}"
|
||||||
comment: "{{ name }}"
|
comment: "{{ me.name }}"
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
system: true
|
system: true
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Give user sudo access
|
- name: Give user sudo access
|
||||||
user:
|
user:
|
||||||
name: "{{ user }}"
|
name: "{{ me.user }}"
|
||||||
groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
|
groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
|
||||||
append: true
|
append: true
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -21,14 +21,14 @@
|
||||||
|
|
||||||
- name: Add user to docker user group
|
- name: Add user to docker user group
|
||||||
user:
|
user:
|
||||||
name: "{{ user }}"
|
name: "{{ me.user }}"
|
||||||
groups: "{{ docker_user.name }}"
|
groups: "{{ docker_user.name }}"
|
||||||
append: true
|
append: true
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Add user to docker group
|
- name: Add user to docker group
|
||||||
user:
|
user:
|
||||||
name: "{{ user }}"
|
name: "{{ me.user }}"
|
||||||
groups: docker
|
groups: docker
|
||||||
append: true
|
append: true
|
||||||
become: true
|
become: true
|
||||||
|
@ -44,8 +44,8 @@
|
||||||
copy:
|
copy:
|
||||||
src: ./files/docker-utils
|
src: ./files/docker-utils
|
||||||
dest: "{{ home }}"
|
dest: "{{ home }}"
|
||||||
mode: 0755
|
mode: "755"
|
||||||
directory_mode: 0755
|
directory_mode: "755"
|
||||||
|
|
||||||
- name: override docker service for zfs dependencies
|
- name: override docker service for zfs dependencies
|
||||||
include_tasks: zfs-override.yml
|
include_tasks: zfs-override.yml
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
- name: Make user
|
- name: Make user
|
||||||
user:
|
user:
|
||||||
name: "{{ f2b_user }}"
|
name: "{{ f2b_user }}"
|
||||||
comment: "{{ name }}"
|
comment: "{{ me.user }}"
|
||||||
shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
|
shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
|
||||||
system: false
|
system: false
|
||||||
become: true
|
become: true
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
template:
|
template:
|
||||||
src: files/f2b-entrypoint.sh
|
src: files/f2b-entrypoint.sh
|
||||||
dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
|
dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
|
||||||
mode: 0755
|
mode: "755"
|
||||||
become: true
|
become: true
|
||||||
register: sshd_config
|
register: sshd_config
|
||||||
|
|
||||||
|
|
|
@ -98,7 +98,7 @@ scrape_configs:
|
||||||
module: [https_redir]
|
module: [https_redir]
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- http://{{ hosts.casey_ip }}
|
- http://{{ vps_hosts.casey_ip }}
|
||||||
relabel_configs:
|
relabel_configs:
|
||||||
- source_labels: [__address__]
|
- source_labels: [__address__]
|
||||||
target_label: __param_target
|
target_label: __param_target
|
||||||
|
|
|
@ -6,9 +6,9 @@ maxretry = 100
|
||||||
filter = nginx-tcp
|
filter = nginx-tcp
|
||||||
logpath = /var/log/nginx/ips.log
|
logpath = /var/log/nginx/ips.log
|
||||||
port = http,https,8448
|
port = http,https,8448
|
||||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
|
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
|
||||||
|
|
||||||
[traefik]
|
[traefik]
|
||||||
enabled = true
|
enabled = true
|
||||||
port = http,https,8448
|
port = http,https,8448
|
||||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
|
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
|
||||||
|
|
|
@ -32,15 +32,15 @@
|
||||||
file:
|
file:
|
||||||
path: "{{ home }}/wireguard-clients"
|
path: "{{ home }}/wireguard-clients"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ user }}"
|
owner: "{{ me.user }}"
|
||||||
mode: 0700
|
mode: "700"
|
||||||
|
|
||||||
- name: Wireguard client configuration
|
- name: Wireguard client configuration
|
||||||
template:
|
template:
|
||||||
src: files/wireguard-client.conf
|
src: files/wireguard-client.conf
|
||||||
dest: "{{ home }}/wireguard-clients/{{ item.key }}.conf"
|
dest: "{{ home }}/wireguard-clients/{{ item.key }}.conf"
|
||||||
owner: "{{ user }}"
|
owner: "{{ me.user }}"
|
||||||
mode: 0600
|
mode: "600"
|
||||||
loop: "{{ wireguard.clients | dict2items }}"
|
loop: "{{ wireguard.clients | dict2items }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.key }}"
|
label: "{{ item.key }}"
|
||||||
|
|
|
@ -34,5 +34,5 @@
|
||||||
minute: 0
|
minute: 0
|
||||||
weekday: 1
|
weekday: 1
|
||||||
job: /opt/mastodon/purge-media.sh
|
job: /opt/mastodon/purge-media.sh
|
||||||
user: "{{ user }}"
|
user: "{{ me.user }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
nebula_lighthouse_public_ip: "{{ hosts.casey_ip }}"
|
nebula_lighthouse_public_ip: "{{ vps_hosts.casey_ip }}"
|
||||||
nebula_lighthouse_ip: "{{ nebula.clients.casey.ip }}"
|
nebula_lighthouse_ip: "{{ nebula.clients.casey.ip }}"
|
||||||
nebula_lighthouse_port: 6328
|
nebula_lighthouse_port: 6328
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
alias={{ hosts.casey_ip }},{{ pve_hosts.ingress.external_ip }}
|
alias={{ vps_hosts.casey_ip }},{{ pve_hosts.ingress.external_ip }}
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
template:
|
template:
|
||||||
src: files/internal-alias.conf
|
src: files/internal-alias.conf
|
||||||
dest: /etc/dnsmasq.d/internal-alias.conf
|
dest: /etc/dnsmasq.d/internal-alias.conf
|
||||||
mode: 0644
|
mode: "644"
|
||||||
notify: restart pihole FTL
|
notify: restart pihole FTL
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
@ -13,6 +13,6 @@
|
||||||
template:
|
template:
|
||||||
src: files/setup-vars.conf
|
src: files/setup-vars.conf
|
||||||
dest: /etc/pihole/setupVars.conf
|
dest: /etc/pihole/setupVars.conf
|
||||||
mode: 0644
|
mode: "644"
|
||||||
notify: restart pihole FTL
|
notify: restart pihole FTL
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
- name: Set configuration
|
- name: Set configuration
|
||||||
ini_file:
|
ini_file:
|
||||||
path: "{{ qbittorrent_user.home }}/.config/qBittorrent/qBittorrent.conf"
|
path: "{{ qbittorrent_user.home }}/.config/qBittorrent/qBittorrent.conf"
|
||||||
mode: 0700
|
mode: "700"
|
||||||
owner: "{{ qbittorrent_user.name }}"
|
owner: "{{ qbittorrent_user.name }}"
|
||||||
section: "{{ item.section }}"
|
section: "{{ item.section }}"
|
||||||
option: "{{ item.option }}"
|
option: "{{ item.option }}"
|
||||||
|
|
|
@ -6,5 +6,5 @@ maxretry = 5
|
||||||
filter = traefik
|
filter = traefik
|
||||||
logpath = /tmp/traefik-logs/access.log
|
logpath = /tmp/traefik-logs/access.log
|
||||||
port = http,https
|
port = http,https
|
||||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
|
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
|
||||||
action = gateway
|
action = gateway
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
template:
|
template:
|
||||||
src: files/fail2ban/traefik-jail.conf
|
src: files/fail2ban/traefik-jail.conf
|
||||||
dest: /etc/fail2ban/jail.d/traefik.conf
|
dest: /etc/fail2ban/jail.d/traefik.conf
|
||||||
mode: 0644
|
mode: "644"
|
||||||
become: true
|
become: true
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
template:
|
template:
|
||||||
src: files/fail2ban/traefik-filter.conf
|
src: files/fail2ban/traefik-filter.conf
|
||||||
dest: /etc/fail2ban/filter.d/traefik.conf
|
dest: /etc/fail2ban/filter.d/traefik.conf
|
||||||
mode: 0644
|
mode: "644"
|
||||||
become: true
|
become: true
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
template:
|
template:
|
||||||
src: files/fail2ban/remote-action.conf
|
src: files/fail2ban/remote-action.conf
|
||||||
dest: /etc/fail2ban/action.d/gateway.conf
|
dest: /etc/fail2ban/action.d/gateway.conf
|
||||||
mode: 0644
|
mode: "644"
|
||||||
become: true
|
become: true
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
path: /opt/upload/htpasswd.txt
|
path: /opt/upload/htpasswd.txt
|
||||||
name: jake
|
name: jake
|
||||||
password: "{{ superuser_upload_password }}"
|
password: "{{ superuser_upload_password }}"
|
||||||
mode: 0640
|
mode: "640"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
@ -33,5 +33,5 @@
|
||||||
path: /opt/upload/htpasswd.txt
|
path: /opt/upload/htpasswd.txt
|
||||||
name: nextcloud
|
name: nextcloud
|
||||||
password: "{{ nextcloud_upload_password }}"
|
password: "{{ nextcloud_upload_password }}"
|
||||||
mode: 0640
|
mode: "640"
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
- name: Give user passwordless access to ZFS commands
|
- name: Give user passwordless access to ZFS commands
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/sudoers
|
path: /etc/sudoers
|
||||||
line: "{{ user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
|
line: "{{ me.user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Sanoid
|
- name: Sanoid
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
resource "local_file" "hosts" {
|
resource "local_file" "hosts" {
|
||||||
content = yamlencode({
|
content = yamlencode({
|
||||||
hosts : {
|
vps_hosts : {
|
||||||
casey_ip : linode_instance.casey.ip_address,
|
casey_ip : linode_instance.casey.ip_address,
|
||||||
walker_ip : vultr_instance.walker.main_ip,
|
walker_ip : vultr_instance.walker.main_ip,
|
||||||
grimes_ip : vultr_instance.grimes.main_ip,
|
grimes_ip : vultr_instance.grimes.main_ip,
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
filename = "${path.module}/../ansible/group_vars/all/hosts.yml"
|
filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml"
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@ extends: default
|
||||||
ignore: |
|
ignore: |
|
||||||
ansible/galaxy_roles
|
ansible/galaxy_roles
|
||||||
ansible/galaxy_collections
|
ansible/galaxy_collections
|
||||||
ansible/group_vars/all/hosts.yml
|
ansible/group_vars/all/vps-hosts.yml
|
||||||
ansible/roles/traefik/files/traefik.yml
|
ansible/roles/traefik/files/traefik.yml
|
||||||
ansible/roles/nebula/files/nebula.yml
|
ansible/roles/nebula/files/nebula.yml
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue