Fix new ansible-lint errors

Quite a few changes here, hopefully they work!

ansible/.ansible-lint

@@ -2,6 +2,10 @@ skip_list:
   - command-instead-of-shell
   - no-handler
   - git-latest
+  - fqcn
+  - name[casing]
+  - name[play]
+  - no-changed-when
 
 exclude_paths:
   - galaxy_roles/

ansible/group_vars/all/docker.yml

@@ -2,7 +2,7 @@ docker_user:
   id: 3000
   name: dockeruser
 
-docker_compose_file_mask: 0664
-docker_compose_directory_mask: 0775
+docker_compose_file_mask: "664"
+docker_compose_directory_mask: "775"
 
 docker_update_command: docker-compose pull && docker-compose down --remove-orphans && docker-compose rm && docker-compose up -d

ansible/group_vars/all/me.yml

@@ -0,0 +1,4 @@
+me:
+  user: jake
+  home: /home/jake
+  name: Jake Howard

ansible/group_vars/all/user.yml

@@ -1,3 +0,0 @@
-user: jake
-home: /home/{{ user }}
-name: Jake Howard

ansible/group_vars/all/vps-hosts.yml

@@ -1,4 +1,4 @@
-"hosts":
+"vps_hosts":
   "casey_ip": "213.219.38.11"
   "grimes_ip": "104.238.172.209"
   "walker_ip": "192.248.168.230"

ansible/group_vars/all/wireguard.yml

@@ -1,5 +1,5 @@
 wireguard:
-  public_ip: "{{ hosts.casey_ip }}"
+  public_ip: "{{ vps_hosts.casey_ip }}"
   port: 51820
   cidr: 10.23.0.0/24
   server:

ansible/main.yml

@@ -40,7 +40,7 @@
       vars:
         docker_install_compose_plugin: "{{ ansible_os_family == 'Debian' }}"
         docker_users:
-          - "{{ user }}"
+          - "{{ me.user }}"
     - docker_cleanup
 
 - hosts:

ansible/roles/aurto/tasks/nginx.yml

@@ -16,7 +16,7 @@
     password: aurto
     owner: http
     group: http
-    mode: 0600
+    mode: "600"
   become: true
   notify: restart nginx
 
@@ -24,6 +24,6 @@
   template:
     src: files/nginx.conf
     dest: /etc/nginx/nginx.conf
-    mode: "0600"
+    mode: "600"
   become: true
   notify: restart nginx

ansible/roles/base/files/sshd_config

@@ -2,7 +2,7 @@
 # Change to a high/odd port if this server is exposed to the internet directly
 Port {{ ssh_port }}
 
-AllowUsers {% if hostname_slug in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
+AllowUsers {% if hostname_slug in pve_hosts %}{{ me.user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ me.user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
 
 # Bind to all interfaces (change to specific interface if needed)
 ListenAddress 0.0.0.0

ansible/roles/base/tasks/ssh.yml

@@ -21,13 +21,13 @@
     dest: /etc/ssh/sshd_config
     validate: /usr/sbin/sshd -t -f %s
     backup: true
-    mode: 0644
+    mode: "644"
   become: true
   register: sshd_config
 
 - name: Set up authorized keys
   ansible.posix.authorized_key:
-    user: "{{ user }}"
+    user: "{{ me.user }}"
     state: present
     key: "{{ lookup('file', item) }}"
   loop:

ansible/roles/base/tasks/user.yml

@@ -1,15 +1,15 @@
 - name: Make me
   user:
-    name: "{{ user }}"
-    home: "{{ home }}"
-    comment: "{{ name }}"
+    name: "{{ me.user }}"
+    home: "{{ me.home }}"
+    comment: "{{ me.name }}"
     shell: /bin/bash
     system: true
   become: true
 
 - name: Give user sudo access
   user:
-    name: "{{ user }}"
+    name: "{{ me.user }}"
     groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
     append: true
   become: true

ansible/roles/docker_cleanup/tasks/main.yml

@@ -21,14 +21,14 @@
 
 - name: Add user to docker user group
   user:
-    name: "{{ user }}"
+    name: "{{ me.user }}"
     groups: "{{ docker_user.name }}"
     append: true
   become: true
 
 - name: Add user to docker group
   user:
-    name: "{{ user }}"
+    name: "{{ me.user }}"
     groups: docker
     append: true
   become: true
@@ -44,8 +44,8 @@
   copy:
     src: ./files/docker-utils
     dest: "{{ home }}"
-    mode: 0755
-    directory_mode: 0755
+    mode: "755"
+    directory_mode: "755"
 
 - name: override docker service for zfs dependencies
   include_tasks: zfs-override.yml

ansible/roles/fail2ban_ssh/tasks/main.yml

@@ -1,7 +1,7 @@
 - name: Make user
   user:
     name: "{{ f2b_user }}"
-    comment: "{{ name }}"
+    comment: "{{ me.user }}"
     shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
     system: false
   become: true
@@ -22,7 +22,7 @@
   template:
     src: files/f2b-entrypoint.sh
     dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
-    mode: 0755
+    mode: "755"
   become: true
   register: sshd_config
 

ansible/roles/forrest/files/prometheus/prometheus.yml

@@ -98,7 +98,7 @@ scrape_configs:
       module: [https_redir]
     static_configs:
       - targets:
-          - http://{{ hosts.casey_ip }}
+          - http://{{ vps_hosts.casey_ip }}
     relabel_configs:
       - source_labels: [__address__]
         target_label: __param_target

ansible/roles/gateway/files/nginx-fail2ban-jail.conf

@@ -6,9 +6,9 @@ maxretry = 100
 filter   = nginx-tcp
 logpath  = /var/log/nginx/ips.log
 port     = http,https,8448
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
 
 [traefik]
 enabled = true
 port     = http,https,8448
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}

ansible/roles/gateway/tasks/wireguard.yml

@@ -32,16 +32,16 @@
   file:
     path: "{{ home }}/wireguard-clients"
     state: directory
-    owner: "{{ user }}"
-    mode: 0700
+    owner: "{{ me.user }}"
+    mode: "700"
 
 - name: Wireguard client configuration
   template:
     src: files/wireguard-client.conf
     dest: "{{ home }}/wireguard-clients/{{ item.key }}.conf"
-    owner: "{{ user }}"
-    mode: 0600
-  loop: "{{ wireguard.clients|dict2items }}"
+    owner: "{{ me.user }}"
+    mode: "600"
+  loop: "{{ wireguard.clients | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
 

ansible/roles/mastodon/tasks/main.yml

@@ -34,5 +34,5 @@
     minute: 0
     weekday: 1
     job: /opt/mastodon/purge-media.sh
-    user: "{{ user }}"
+    user: "{{ me.user }}"
   become: true

ansible/roles/nebula/vars/main.yml

@@ -1,4 +1,4 @@
-nebula_lighthouse_public_ip: "{{ hosts.casey_ip }}"
+nebula_lighthouse_public_ip: "{{ vps_hosts.casey_ip }}"
 nebula_lighthouse_ip: "{{ nebula.clients.casey.ip }}"
 nebula_lighthouse_port: 6328
 

ansible/roles/pihole/files/internal-alias.conf

@@ -1 +1 @@
-alias={{ hosts.casey_ip }},{{ pve_hosts.ingress.external_ip }}
+alias={{ vps_hosts.casey_ip }},{{ pve_hosts.ingress.external_ip }}

ansible/roles/pihole/tasks/main.yml

@@ -5,7 +5,7 @@
   template:
     src: files/internal-alias.conf
     dest: /etc/dnsmasq.d/internal-alias.conf
-    mode: 0644
+    mode: "644"
   notify: restart pihole FTL
   become: true
 
@@ -13,6 +13,6 @@
   template:
     src: files/setup-vars.conf
     dest: /etc/pihole/setupVars.conf
-    mode: 0644
+    mode: "644"
   notify: restart pihole FTL
   become: true

ansible/roles/qbittorrent/tasks/qbittorrent.yml

@@ -19,7 +19,7 @@
 - name: Set configuration
   ini_file:
     path: "{{ qbittorrent_user.home }}/.config/qBittorrent/qBittorrent.conf"
-    mode: 0700
+    mode: "700"
     owner: "{{ qbittorrent_user.name }}"
     section: "{{ item.section }}"
     option: "{{ item.option }}"

ansible/roles/traefik/files/fail2ban/traefik-jail.conf

@@ -6,5 +6,5 @@ maxretry = 5
 filter   = traefik
 logpath = /tmp/traefik-logs/access.log
 port     = http,https
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
 action = gateway

ansible/roles/traefik/tasks/fail2ban.yml

@@ -2,7 +2,7 @@
   template:
     src: files/fail2ban/traefik-jail.conf
     dest: /etc/fail2ban/jail.d/traefik.conf
-    mode: 0644
+    mode: "644"
   become: true
   notify: restart fail2ban
 
@@ -10,7 +10,7 @@
   template:
     src: files/fail2ban/traefik-filter.conf
     dest: /etc/fail2ban/filter.d/traefik.conf
-    mode: 0644
+    mode: "644"
   become: true
   notify: restart fail2ban
 
@@ -18,7 +18,7 @@
   template:
     src: files/fail2ban/remote-action.conf
     dest: /etc/fail2ban/action.d/gateway.conf
-    mode: 0644
+    mode: "644"
   become: true
   notify: restart fail2ban
 

ansible/roles/upload/tasks/main.yml

@@ -24,7 +24,7 @@
     path: /opt/upload/htpasswd.txt
     name: jake
     password: "{{ superuser_upload_password }}"
-    mode: 0640
+    mode: "640"
     owner: "{{ docker_user.name }}"
   become: true
 
@@ -33,5 +33,5 @@
     path: /opt/upload/htpasswd.txt
     name: nextcloud
     password: "{{ nextcloud_upload_password }}"
-    mode: 0640
+    mode: "640"
   become: true

ansible/roles/zfs/tasks/main.yml

@@ -18,7 +18,7 @@
 - name: Give user passwordless access to ZFS commands
   lineinfile:
     path: /etc/sudoers
-    line: "{{ user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
+    line: "{{ me.user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
   become: true
 
 - name: Sanoid

terraform/context.tf

@@ -1,10 +1,10 @@
 resource "local_file" "hosts" {
   content = yamlencode({
-    hosts : {
+    vps_hosts : {
       casey_ip : linode_instance.casey.ip_address,
       walker_ip : vultr_instance.walker.main_ip,
       grimes_ip : vultr_instance.grimes.main_ip,
     }
   })
-  filename = "${path.module}/../ansible/group_vars/all/hosts.yml"
+  filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml"
 }

yamllint.yml

@@ -3,7 +3,7 @@ extends: default
 ignore: |
   ansible/galaxy_roles
   ansible/galaxy_collections
-  ansible/group_vars/all/hosts.yml
+  ansible/group_vars/all/vps-hosts.yml
   ansible/roles/traefik/files/traefik.yml
   ansible/roles/nebula/files/nebula.yml