fix all ansible-lint yaml errors (except for line-length)

2024-11-23 02:49:23 +01:00 · 2024-11-23 02:49:23 +01:00 · 4060dbbe21
parent a6453711d8
commit 4060dbbe21
15 changed files with 759 additions and 761 deletions
--- a/inventories/chaosknoten/host_vars/ccchoir.yaml
+++ b/inventories/chaosknoten/host_vars/ccchoir.yaml
@ -1,5 +1,5 @@
 docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/ccchoir/compose.yaml.j2') }}"
-docker_compose__configuration_files: []
+docker_compose__configuration_files: [ ]
 certbot__version_spec: ""
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de
--- a/inventories/chaosknoten/host_vars/pad.yaml
+++ b/inventories/chaosknoten/host_vars/pad.yaml
@ -1,5 +1,5 @@
 docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pad/compose.yaml.j2') }}"
-docker_compose__configuration_files: []
+docker_compose__configuration_files: [ ]
 certbot__version_spec: ""
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de
--- a/inventories/chaosknoten/host_vars/pretalx.yaml
+++ b/inventories/chaosknoten/host_vars/pretalx.yaml
@ -1,5 +1,5 @@
 docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pretalx/compose.yaml.j2') }}"
-docker_compose__configuration_files: []
+docker_compose__configuration_files: [ ]
 certbot__version_spec: ""
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de
--- a/inventories/chaosknoten/host_vars/zammad.yaml
+++ b/inventories/chaosknoten/host_vars/zammad.yaml
@ -1,5 +1,5 @@
 docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/zammad/compose.yaml.j2') }}"
-docker_compose__configuration_files: []
+docker_compose__configuration_files: [ ]
 certbot__version_spec: ""
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de
--- a/playbooks/files/chaosknoten/configs/grafana/docker_compose/grafana-datasource.yml
+++ b/playbooks/files/chaosknoten/configs/grafana/docker_compose/grafana-datasource.yml
@ -1,10 +1,9 @@
 apiVersion: 1
 datasources:
- name: Prometheus
+  - name: Prometheus
-  type: prometheus
+    type: prometheus
-  url: http://prometheus:9090 
+    url: http://prometheus:9090
-  isDefault: true
+    isDefault: true
-  access: proxy
+    access: proxy
-  editable: true
+    editable: true
--- a/playbooks/files/chaosknoten/configs/grafana/docker_compose/prometheus.yml
+++ b/playbooks/files/chaosknoten/configs/grafana/docker_compose/prometheus.yml
@ -5,110 +5,110 @@ global:
 alerting:
  alertmanagers:
-  - scheme: http
+    - scheme: http
-    timeout: 10s
+      timeout: 10s
-    static_configs:
+      static_configs:
-    - targets:
+        - targets:
-      - "alertmanager:9093"
+            - "alertmanager:9093"
 rule_files:
  - "/etc/prometheus/rules/*.rules.yaml"
 scrape_configs:
- job_name: prometheus
+  - job_name: prometheus
-  honor_timestamps: true
+    honor_timestamps: true
-  metrics_path: /metrics
+    metrics_path: /metrics
-  scheme: http
+    scheme: http
-  static_configs:
+    static_configs:
-  - targets:
+      - targets:
-    - localhost:9090
+          - localhost:9090
- job_name: alertmanager
+  - job_name: alertmanager
-  honor_timestamps: true
+    honor_timestamps: true
-  metrics_path: /metrics
+    metrics_path: /metrics
-  scheme: http
+    scheme: http
-  static_configs:
+    static_configs:
-  - targets:
+      - targets:
-    - alertmanager:9093
+          - alertmanager:9093
- job_name: c3lingo
+  - job_name: c3lingo
-  honor_timestamps: true
+    honor_timestamps: true
-  scrape_interval: 5s
+    scrape_interval: 5s
-  scrape_timeout: 1s
+    scrape_timeout: 1s
-  metrics_path: /mumblestats/metrics
+    metrics_path: /mumblestats/metrics
-  scheme: https
+    scheme: https
-  static_configs:
+    static_configs:
-  - targets:
+      - targets:
-    - mumble.c3lingo.org:443
+          - mumble.c3lingo.org:443
- job_name: mumble
+  - job_name: mumble
-  honor_timestamps: true
+    honor_timestamps: true
-  scrape_interval: 5s
+    scrape_interval: 5s
-  scrape_timeout: 1s
+    scrape_timeout: 1s
-  metrics_path: /metrics
+    metrics_path: /metrics
-  scheme: https
+    scheme: https
-  static_configs:
+    static_configs:
-  - targets:
+      - targets:
-    - mumble.hamburg.ccc.de:443
+          - mumble.hamburg.ccc.de:443
- job_name: opnsense-ccchh
+  - job_name: opnsense-ccchh
-  honor_timestamps: true
+    honor_timestamps: true
-  metrics_path: /metrics
+    metrics_path: /metrics
-  scheme: http
+    scheme: http
-  static_configs:
+    static_configs:
-  - targets:
+      - targets:
-    - 185.161.129.132:9100
+          - 185.161.129.132:9100
- job_name: jitsi
+  - job_name: jitsi
-  honor_timestamps: true
+    honor_timestamps: true
-  scrape_interval: 5s
+    scrape_interval: 5s
-  scrape_timeout: 1s
+    scrape_timeout: 1s
-  metrics_path: /metrics
+    metrics_path: /metrics
-  scheme: http
+    scheme: http
-  static_configs:
+    static_configs:
-  - targets:
+      - targets:
-    - jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
+          - jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
- job_name: 'pve'
+  - job_name: 'pve'
-  static_configs:
+    static_configs:
-    - targets:
+      - targets:
-      - 212.12.48.126  # chaosknoten
+          - 212.12.48.126  # chaosknoten
-  metrics_path: /pve
+    metrics_path: /pve
-  params:
+    params:
-    module: [default]
+      module: [ default ]
-    cluster: ['1']
+      cluster: [ '1' ]
-    node: ['1']
+      node: [ '1' ]
-  relabel_configs:
+    relabel_configs:
-    - source_labels: [__address__]
+      - source_labels: [ __address__ ]
-      target_label: __param_target
+        target_label: __param_target
-    - source_labels: [__param_target]
+      - source_labels: [ __param_target ]
-      target_label: instance
+        target_label: instance
-    - target_label: __address__
+      - target_label: __address__
-      replacement: pve-exporter:9221
+        replacement: pve-exporter:9221
- job_name: hosts
+  - job_name: hosts
-  static_configs:
+    static_configs:
-    # Wieske Chaosknoten VMs
+      # Wieske Chaosknoten VMs
-    - labels:
+      - labels:
-        site: wieske
+          site: wieske
-        type: virtual_machine
+          type: virtual_machine
-        hypervisor: chaosknoten
+          hypervisor: chaosknoten
-      targets:
+        targets:
-        - netbox-intern.hamburg.ccc.de:9100
+          - netbox-intern.hamburg.ccc.de:9100
-        - matrix-intern.hamburg.ccc.de:9100
+          - matrix-intern.hamburg.ccc.de:9100
-        - public-web-static-intern.hamburg.ccc.de:9100
+          - public-web-static-intern.hamburg.ccc.de:9100
-        - git-intern.hamburg.ccc.de:9100
+          - git-intern.hamburg.ccc.de:9100
-        - forgejo-actions-runner-intern.hamburg.ccc.de:9100
+          - forgejo-actions-runner-intern.hamburg.ccc.de:9100
-        - eh22-wiki-intern.hamburg.ccc.de:9100
+          - eh22-wiki-intern.hamburg.ccc.de:9100
-        - nix-box-june-intern.hamburg.ccc.de:9100
+          - nix-box-june-intern.hamburg.ccc.de:9100
-        - mjolnir-intern.hamburg.ccc.de:9100
+          - mjolnir-intern.hamburg.ccc.de:9100
-        - woodpecker-intern.hamburg.ccc.de:9100
+          - woodpecker-intern.hamburg.ccc.de:9100
-        - penpot-intern.hamburg.ccc.de:9100
+          - penpot-intern.hamburg.ccc.de:9100
-        - jitsi.hamburg.ccc.de:9100
+          - jitsi.hamburg.ccc.de:9100
-        - onlyoffice-intern.hamburg.ccc.de:9100
+          - onlyoffice-intern.hamburg.ccc.de:9100
-        - ccchoir-intern.hamburg.ccc.de:9100
+          - ccchoir-intern.hamburg.ccc.de:9100
-        - tickets-intern.hamburg.ccc.de:9100
+          - tickets-intern.hamburg.ccc.de:9100
-        - keycloak-intern.hamburg.ccc.de:9100
+          - keycloak-intern.hamburg.ccc.de:9100
-        - onlyoffice-intern.hamburg.ccc.de:9100
+          - onlyoffice-intern.hamburg.ccc.de:9100
-        - pad-intern.hamburg.ccc.de:9100
+          - pad-intern.hamburg.ccc.de:9100
-        - wiki-intern.hamburg.ccc.de:9100
+          - wiki-intern.hamburg.ccc.de:9100
-        - zammad-intern.hamburg.ccc.de:9100
+          - zammad-intern.hamburg.ccc.de:9100
-        - pretalx-intern.hamburg.ccc.de:9100
+          - pretalx-intern.hamburg.ccc.de:9100
-    - labels:
+      - labels:
-        site: wieske
+          site: wieske
-        type: physical_machine
+          type: physical_machine
-      targets:
+        targets:
-        - chaosknoten.hamburg.ccc.de:9100
+          - chaosknoten.hamburg.ccc.de:9100
--- a/playbooks/files/chaosknoten/configs/grafana/docker_compose/prometheus_alerts.rules.yaml
+++ b/playbooks/files/chaosknoten/configs/grafana/docker_compose/prometheus_alerts.rules.yaml
--- a/playbooks/files/chaosknoten/configs/lists/compose/compose.yaml
+++ b/playbooks/files/chaosknoten/configs/lists/compose/compose.yaml
@ -5,21 +5,21 @@ services:
    container_name: mailman-core
    hostname: mailman-core
    volumes:
-    - /opt/mailman/core:/opt/mailman/
+      - /opt/mailman/core:/opt/mailman/
    stop_grace_period: 30s
    links:
-    - database:database
+      - database:database
    depends_on:
-    - database
+      - database
    environment:
-    - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
+      - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
-    - DATABASE_TYPE=postgres
+      - DATABASE_TYPE=postgres
-    - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
+      - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
-    - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
+      - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
-    - MTA=postfix
+      - MTA=postfix
    ports:
-    - "127.0.0.1:8001:8001" # API
+      - "127.0.0.1:8001:8001" # API
-    - "127.0.0.1:8024:8024" # LMTP - incoming emails
+      - "127.0.0.1:8024:8024" # LMTP - incoming emails
    networks:
      mailman:
@ -29,36 +29,36 @@ services:
    container_name: mailman-web
    hostname: mailman-web
    depends_on:
-    - database
+      - database
    links:
-    - mailman-core:mailman-core
+      - mailman-core:mailman-core
-    - database:database
+      - database:database
    volumes:
-    - /opt/mailman/web:/opt/mailman-web-data
+      - /opt/mailman/web:/opt/mailman-web-data
    environment:
-    - DATABASE_TYPE=postgres
+      - DATABASE_TYPE=postgres
-    - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
+      - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
-    - "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
+      - "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
-    - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
+      - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
-    - SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
+      - SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
-    - SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
+      - SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
-    - MAILMAN_ADMIN_USER=ccchh-admin
+      - MAILMAN_ADMIN_USER=ccchh-admin
-    - MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
+      - MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
    ports:
-    - "127.0.0.1:8000:8000" # HTTP
+      - "127.0.0.1:8000:8000" # HTTP
-    - "127.0.0.1:8080:8080" # uwsgi
+      - "127.0.0.1:8080:8080" # uwsgi
    networks:
      mailman:
  database:
    restart: unless-stopped
    environment:
-    - POSTGRES_DB=mailmandb
+      - POSTGRES_DB=mailmandb
-    - POSTGRES_USER=mailman
+      - POSTGRES_USER=mailman
-    - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
+      - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
    image: postgres:12-alpine
    volumes:
-    - /opt/mailman/database:/var/lib/postgresql/data
+      - /opt/mailman/database:/var/lib/postgresql/data
    networks:
      mailman:
@ -68,5 +68,5 @@ networks:
    ipam:
      driver: default
      config:
-      -
+        -
-        subnet: 172.19.199.0/24
+          subnet: 172.19.199.0/24
--- a/playbooks/roles/apt_update_and_upgrade/tasks/main.yaml
+++ b/playbooks/roles/apt_update_and_upgrade/tasks/main.yaml
@ -1,15 +1,15 @@
 - name: update, upgrade and potentially reboot
  become: true
  block:
-  - name: apt-get update
+    - name: apt-get update
-    ansible.builtin.apt:
+      ansible.builtin.apt:
-      update-cache: true
+        update-cache: true
-  - name: apt-get dist-upgrade
+    - name: apt-get dist-upgrade
-    ansible.builtin.apt:
+      ansible.builtin.apt:
-      upgrade: dist
+        upgrade: dist
-    register: apt_update_and_upgrade__upgrade_result
+      register: apt_update_and_upgrade__upgrade_result
-  - name: reboot, after package upgrade
+    - name: reboot, after package upgrade
-    ansible.builtin.reboot:
+      ansible.builtin.reboot:
-    when: apt_update_and_upgrade__upgrade_result.changed
+      when: apt_update_and_upgrade__upgrade_result.changed
--- a/playbooks/roles/deploy_ssh_server_config/tasks/main.yaml
+++ b/playbooks/roles/deploy_ssh_server_config/tasks/main.yaml
@ -3,21 +3,21 @@
  become: true
  block:
-  - name: deploy `sshd_config`
+    - name: deploy `sshd_config`
-    ansible.builtin.template:
+      ansible.builtin.template:
-      force: true
+        force: true
-      dest: /etc/ssh/sshd_config
+        dest: /etc/ssh/sshd_config
-      mode: 0644
+        mode: "0644"
-      owner: root
+        owner: root
-      group: root
+        group: root
-      src: sshd_config.j2
+        src: sshd_config.j2
-    register: deploy_ssh_server_config__ssh_config_copy_result
+      register: deploy_ssh_server_config__ssh_config_copy_result
-  - name: deactivate short moduli
+    - name: deactivate short moduli
-    ansible.builtin.shell:
+      ansible.builtin.shell:
-      cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli
+        cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli
-  # Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
+    # Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
-  - name: reboot, if ssh server config got changed
+    - name: reboot, if ssh server config got changed
-    ansible.builtin.reboot:
+      ansible.builtin.reboot:
-    when: deploy_ssh_server_config__ssh_config_copy_result.changed
+      when: deploy_ssh_server_config__ssh_config_copy_result.changed
--- a/playbooks/roles/infrastructure_authorized_keys/tasks/main.yaml
+++ b/playbooks/roles/infrastructure_authorized_keys/tasks/main.yaml
@ -4,4 +4,3 @@
    user: chaos
    exclusive: true
    key: https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys
--- a/playbooks/roles/nextcloud/meta/main.yaml
+++ b/playbooks/roles/nextcloud/meta/main.yaml
@ -11,10 +11,10 @@ dependencies:
  - role: nginx
    vars:
      nginx__version_spec: "{{ nextcloud__nginx_version_spec }}"
-      nginx__configurations: 
+      nginx__configurations:
        - name: "{{ nextcloud__fqdn }}"
          content: "{{ lookup('ansible.builtin.template', 'nginx_nextcloud.conf.j2') }}"
  - role: docker_compose
    vars:
      docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'compose.yaml.j2') }}"
-      docker_compose__configuration_files: []
+      docker_compose__configuration_files: [ ]
--- a/playbooks/roles/nginx/defaults/main.yaml
+++ b/playbooks/roles/nginx/defaults/main.yaml
@ -1,5 +1,5 @@
 nginx__deploy_redirect_conf: true
 nginx__deploy_tls_conf: true
-nginx__configurations: []
+nginx__configurations: [ ]
 nginx__use_custom_nginx_conf: false
 nginx__custom_nginx_conf: ""
--- a/playbooks/roles/nginx/tasks/main/config_deploy.yaml
+++ b/playbooks/roles/nginx/tasks/main/config_deploy.yaml
@ -11,7 +11,7 @@
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/nginx.conf.ansiblesave
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
        remote_src: true
@ -22,7 +22,7 @@
      ansible.builtin.copy:
        content: "{{ nginx__custom_nginx_conf }}"
        dest: "/etc/nginx/nginx.conf"
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
      become: true
@ -36,7 +36,7 @@
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/nginx.conf
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
        remote_src: true
@ -55,7 +55,7 @@
  ansible.builtin.get_url:
    force: true
    dest: /etc/nginx-mozilla-dhparam
-    mode: 0644
+    mode: "0644"
    url: https://ssl-config.mozilla.org/ffdhe2048.txt
  become: true
  notify: Restart `nginx.service`
@ -71,7 +71,7 @@
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/conf.d/tls.conf
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
        src: tls.conf
@ -89,7 +89,7 @@
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/conf.d/redirect.conf
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
        src: redirect.conf
@ -104,7 +104,7 @@
  ansible.builtin.copy:
    content: "{{ item.content }}"
    dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
-    mode: 0644
+    mode: "0644"
    owner: root
    group: root
  become: true
--- a/requirements.yml
+++ b/requirements.yml
@ -2,4 +2,4 @@ collections:
  # Install a collection from Ansible Galaxy.
  - name: debops.debops
    version: ">=3.1.0"
-    source: https://galaxy.ansible.com
+    source: https://galaxy.ansible.com