Fix new ansible-lint errors
All checks were successful
/ terraform (push) Successful in 46s
/ ansible (push) Successful in 1m53s

Quite a few changes here, hopefully they work!
This commit is contained in:
Jake Howard 2023-06-15 15:16:19 +01:00
parent 2a0d40aca9
commit 2af9f8529d
Signed by: jake
GPG key ID: 57AFB45680EDD477
27 changed files with 52 additions and 47 deletions

View file

@ -2,6 +2,10 @@ skip_list:
- command-instead-of-shell
- no-handler
- git-latest
- fqcn
- name[casing]
- name[play]
- no-changed-when
exclude_paths:
- galaxy_roles/

View file

@ -2,7 +2,7 @@ docker_user:
id: 3000
name: dockeruser
docker_compose_file_mask: 0664
docker_compose_directory_mask: 0775
docker_compose_file_mask: "664"
docker_compose_directory_mask: "775"
docker_update_command: docker-compose pull && docker-compose down --remove-orphans && docker-compose rm && docker-compose up -d

View file

@ -0,0 +1,4 @@
me:
user: jake
home: /home/jake
name: Jake Howard

View file

@ -1,3 +0,0 @@
user: jake
home: /home/{{ user }}
name: Jake Howard

View file

@ -1,4 +1,4 @@
"hosts":
"vps_hosts":
"casey_ip": "213.219.38.11"
"grimes_ip": "104.238.172.209"
"walker_ip": "192.248.168.230"

View file

@ -1,5 +1,5 @@
wireguard:
public_ip: "{{ hosts.casey_ip }}"
public_ip: "{{ vps_hosts.casey_ip }}"
port: 51820
cidr: 10.23.0.0/24
server:

View file

@ -40,7 +40,7 @@
vars:
docker_install_compose_plugin: "{{ ansible_os_family == 'Debian' }}"
docker_users:
- "{{ user }}"
- "{{ me.user }}"
- docker_cleanup
- hosts:

View file

@ -16,7 +16,7 @@
password: aurto
owner: http
group: http
mode: 0600
mode: "600"
become: true
notify: restart nginx
@ -24,6 +24,6 @@
template:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
mode: "0600"
mode: "600"
become: true
notify: restart nginx

View file

@ -2,7 +2,7 @@
# Change to a high/odd port if this server is exposed to the internet directly
Port {{ ssh_port }}
AllowUsers {% if hostname_slug in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
AllowUsers {% if hostname_slug in pve_hosts %}{{ me.user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ me.user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
# Bind to all interfaces (change to specific interface if needed)
ListenAddress 0.0.0.0

View file

@ -21,13 +21,13 @@
dest: /etc/ssh/sshd_config
validate: /usr/sbin/sshd -t -f %s
backup: true
mode: 0644
mode: "644"
become: true
register: sshd_config
- name: Set up authorized keys
ansible.posix.authorized_key:
user: "{{ user }}"
user: "{{ me.user }}"
state: present
key: "{{ lookup('file', item) }}"
loop:

View file

@ -1,15 +1,15 @@
- name: Make me
user:
name: "{{ user }}"
home: "{{ home }}"
comment: "{{ name }}"
name: "{{ me.user }}"
home: "{{ me.home }}"
comment: "{{ me.name }}"
shell: /bin/bash
system: true
become: true
- name: Give user sudo access
user:
name: "{{ user }}"
name: "{{ me.user }}"
groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
append: true
become: true

View file

@ -21,14 +21,14 @@
- name: Add user to docker user group
user:
name: "{{ user }}"
name: "{{ me.user }}"
groups: "{{ docker_user.name }}"
append: true
become: true
- name: Add user to docker group
user:
name: "{{ user }}"
name: "{{ me.user }}"
groups: docker
append: true
become: true
@ -44,8 +44,8 @@
copy:
src: ./files/docker-utils
dest: "{{ home }}"
mode: 0755
directory_mode: 0755
mode: "755"
directory_mode: "755"
- name: override docker service for zfs dependencies
include_tasks: zfs-override.yml

View file

@ -1,7 +1,7 @@
- name: Make user
user:
name: "{{ f2b_user }}"
comment: "{{ name }}"
comment: "{{ me.user }}"
shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
system: false
become: true
@ -22,7 +22,7 @@
template:
src: files/f2b-entrypoint.sh
dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
mode: 0755
mode: "755"
become: true
register: sshd_config

View file

@ -98,7 +98,7 @@ scrape_configs:
module: [https_redir]
static_configs:
- targets:
- http://{{ hosts.casey_ip }}
- http://{{ vps_hosts.casey_ip }}
relabel_configs:
- source_labels: [__address__]
target_label: __param_target

View file

@ -6,9 +6,9 @@ maxretry = 100
filter = nginx-tcp
logpath = /var/log/nginx/ips.log
port = http,https,8448
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
[traefik]
enabled = true
port = http,https,8448
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}

View file

@ -32,15 +32,15 @@
file:
path: "{{ home }}/wireguard-clients"
state: directory
owner: "{{ user }}"
mode: 0700
owner: "{{ me.user }}"
mode: "700"
- name: Wireguard client configuration
template:
src: files/wireguard-client.conf
dest: "{{ home }}/wireguard-clients/{{ item.key }}.conf"
owner: "{{ user }}"
mode: 0600
owner: "{{ me.user }}"
mode: "600"
loop: "{{ wireguard.clients | dict2items }}"
loop_control:
label: "{{ item.key }}"

View file

@ -34,5 +34,5 @@
minute: 0
weekday: 1
job: /opt/mastodon/purge-media.sh
user: "{{ user }}"
user: "{{ me.user }}"
become: true

View file

@ -1,4 +1,4 @@
nebula_lighthouse_public_ip: "{{ hosts.casey_ip }}"
nebula_lighthouse_public_ip: "{{ vps_hosts.casey_ip }}"
nebula_lighthouse_ip: "{{ nebula.clients.casey.ip }}"
nebula_lighthouse_port: 6328

View file

@ -1 +1 @@
alias={{ hosts.casey_ip }},{{ pve_hosts.ingress.external_ip }}
alias={{ vps_hosts.casey_ip }},{{ pve_hosts.ingress.external_ip }}

View file

@ -5,7 +5,7 @@
template:
src: files/internal-alias.conf
dest: /etc/dnsmasq.d/internal-alias.conf
mode: 0644
mode: "644"
notify: restart pihole FTL
become: true
@ -13,6 +13,6 @@
template:
src: files/setup-vars.conf
dest: /etc/pihole/setupVars.conf
mode: 0644
mode: "644"
notify: restart pihole FTL
become: true

View file

@ -19,7 +19,7 @@
- name: Set configuration
ini_file:
path: "{{ qbittorrent_user.home }}/.config/qBittorrent/qBittorrent.conf"
mode: 0700
mode: "700"
owner: "{{ qbittorrent_user.name }}"
section: "{{ item.section }}"
option: "{{ item.option }}"

View file

@ -6,5 +6,5 @@ maxretry = 5
filter = traefik
logpath = /tmp/traefik-logs/access.log
port = http,https
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
action = gateway

View file

@ -2,7 +2,7 @@
template:
src: files/fail2ban/traefik-jail.conf
dest: /etc/fail2ban/jail.d/traefik.conf
mode: 0644
mode: "644"
become: true
notify: restart fail2ban
@ -10,7 +10,7 @@
template:
src: files/fail2ban/traefik-filter.conf
dest: /etc/fail2ban/filter.d/traefik.conf
mode: 0644
mode: "644"
become: true
notify: restart fail2ban
@ -18,7 +18,7 @@
template:
src: files/fail2ban/remote-action.conf
dest: /etc/fail2ban/action.d/gateway.conf
mode: 0644
mode: "644"
become: true
notify: restart fail2ban

View file

@ -24,7 +24,7 @@
path: /opt/upload/htpasswd.txt
name: jake
password: "{{ superuser_upload_password }}"
mode: 0640
mode: "640"
owner: "{{ docker_user.name }}"
become: true
@ -33,5 +33,5 @@
path: /opt/upload/htpasswd.txt
name: nextcloud
password: "{{ nextcloud_upload_password }}"
mode: 0640
mode: "640"
become: true

View file

@ -18,7 +18,7 @@
- name: Give user passwordless access to ZFS commands
lineinfile:
path: /etc/sudoers
line: "{{ user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
line: "{{ me.user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
become: true
- name: Sanoid

View file

@ -1,10 +1,10 @@
resource "local_file" "hosts" {
content = yamlencode({
hosts : {
vps_hosts : {
casey_ip : linode_instance.casey.ip_address,
walker_ip : vultr_instance.walker.main_ip,
grimes_ip : vultr_instance.grimes.main_ip,
}
})
filename = "${path.module}/../ansible/group_vars/all/hosts.yml"
filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml"
}

View file

@ -3,7 +3,7 @@ extends: default
ignore: |
ansible/galaxy_roles
ansible/galaxy_collections
ansible/group_vars/all/hosts.yml
ansible/group_vars/all/vps-hosts.yml
ansible/roles/traefik/files/traefik.yml
ansible/roles/nebula/files/nebula.yml