check.yaml: add logic for printing all .dpkg-* files

check.yaml: introduce check playbook with it printing host distro info
This playbook is for checking various host parameters.
2024-12-02 00:32:51 +01:00 · 2024-12-02 00:32:51 +01:00 · 2024-12-01 22:20:15 +01:00 · 2024-12-01 04:38:07 +01:00 · 2024-12-01 04:16:42 +01:00 · 2024-11-24 01:08:13 +01:00
22 changed files with 868 additions and 763 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -0,0 +1,6 @@
+skip_list:
+  - "yaml[line-length]"
+  - "name[casing]"
+
+exclude_paths:
+  - .forgejo/
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,15 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = space
+charset = utf-8
+
+[*.md]
+indent_size = 2
+trim_trailing_whitespace = false
+
+[*.yaml]
+indent_size = 2
--- a/.forgejo/workflows/lint.yaml
+++ b/.forgejo/workflows/lint.yaml
@ -0,0 +1,32 @@
+# Links & Resources:
+# https://github.com/ansible/ansible-lint?tab=readme-ov-file#using-ansible-lint-as-a-github-action
+# https://github.com/ansible/ansible-lint/blob/main/action.yml
+on:
+  pull_request:
+  push:
+
+jobs:
+  ansible-lint:
+    name: Ansible Lint
+    runs-on: docker
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install pip
+        run: |
+          apt update
+          apt install -y pip
+      - name: Install python jmespath
+        run: |
+          pip install jmespath
+        env:
+          PIP_BREAK_SYSTEM_PACKAGES: 1
+      # Don't let it setup python as the then called setup-python action doesn't
+      # work in our environmnet.
+      # Rather manually setup python (pip) before instead.
+      - name: Run ansible-lint
+        uses: https://github.com/ansible/ansible-lint@main
+        with:
+          setup_python: "false"
+          requirements_file: "requirements.yml"
+        env:
+          PIP_BREAK_SYSTEM_PACKAGES: 1
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@ -0,0 +1,6 @@
+rules:
+  brackets:
+    min-spaces-inside: 1
+    max-spaces-inside: 1
+    min-spaces-inside-empty: 1
+    max-spaces-inside-empty: 1
--- a/playbooks/check.yaml
+++ b/playbooks/check.yaml
@ -0,0 +1,31 @@
+---
+- name: Host information
+  hosts: all
+  tasks:
+    - name: Print OS distribution and version
+      ansible.builtin.debug:
+        msg: "{{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_version'] }} ({{ ansible_facts['distribution_release'] }})"
+
+    - name: Find all .dpkg-* files
+      ansible.builtin.find:
+        paths: /etc
+        file_type: file
+        recurse: true
+        use_regex: false
+        patterns:
+          - "*.dpkg-*"
+      become: true
+      register: check__dpkg_files
+
+    - name: Create variable for list of all .dpkg-* files
+      ansible.builtin.set_fact:
+        check__dpkg_files_list: [ ]
+
+    - name: Populate list of all .dpkg-* files
+      ansible.builtin.set_fact:
+        check__dpkg_files_list: "{{ check__dpkg_files_list + [ item.path ] }}"
+      loop: "{{ check__dpkg_files.files }}"
+    
+    - name: Print .dpkg-* files list
+      ansible.builtin.debug:
+        var: check__dpkg_files_list
--- a/playbooks/files/chaosknoten/configs/grafana/docker_compose/grafana-datasource.yml
+++ b/playbooks/files/chaosknoten/configs/grafana/docker_compose/grafana-datasource.yml
@ -7,4 +7,3 @@ datasources:
    isDefault: true
    access: proxy
    editable: true
-
--- a/playbooks/roles/apt_update_and_upgrade/handlers/main.yaml
+++ b/playbooks/roles/apt_update_and_upgrade/handlers/main.yaml
@ -0,0 +1,3 @@
+- name: reboot the system
+  become: true
+  ansible.builtin.reboot:
--- a/playbooks/roles/apt_update_and_upgrade/tasks/main.yaml
+++ b/playbooks/roles/apt_update_and_upgrade/tasks/main.yaml
@ -9,7 +9,5 @@
      ansible.builtin.apt:
        upgrade: dist
      register: apt_update_and_upgrade__upgrade_result
-
-  - name: reboot, after package upgrade
-    ansible.builtin.reboot:
-    when: apt_update_and_upgrade__upgrade_result.changed
+      notify:
+        - reboot the system
--- a/playbooks/roles/deploy_ssh_server_config/handlers/main.yaml
+++ b/playbooks/roles/deploy_ssh_server_config/handlers/main.yaml
@ -0,0 +1,3 @@
+- name: reboot the system
+  become: true
+  ansible.builtin.reboot:
--- a/playbooks/roles/deploy_ssh_server_config/tasks/main.yaml
+++ b/playbooks/roles/deploy_ssh_server_config/tasks/main.yaml
@ -7,17 +7,30 @@
      ansible.builtin.template:
        force: true
        dest: /etc/ssh/sshd_config
-      mode: 0644
+        mode: "0644"
        owner: root
        group: root
        src: sshd_config.j2
-    register: deploy_ssh_server_config__ssh_config_copy_result
+      notify:
+        # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
+        - reboot the system

    - name: deactivate short moduli
      ansible.builtin.shell:
-      cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli
+        executable: /bin/bash
+        cmd: |
+          set -eo pipefail

-  # Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
-  - name: reboot, if ssh server config got changed
-    ansible.builtin.reboot:
-    when: deploy_ssh_server_config__ssh_config_copy_result.changed
+          awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp
+          if diff /etc/ssh/moduli /etc/ssh/moduli.tmp; then
+            rm /etc/ssh/moduli.tmp
+          else
+            mv /etc/ssh/moduli.tmp /etc/ssh/moduli
+            echo "ansible-changed: changed /etc/ssh/moduli"
+          fi
+      register: result
+      changed_when:
+        - '"ansible-changed" in result.stdout'
+      notify:
+        # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
+        - reboot the system
--- a/playbooks/roles/infrastructure_authorized_keys/tasks/main.yaml
+++ b/playbooks/roles/infrastructure_authorized_keys/tasks/main.yaml
@ -4,4 +4,3 @@
    user: chaos
    exclusive: true
    key: https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys
-    
--- a/playbooks/roles/nginx/tasks/main/config_deploy.yaml
+++ b/playbooks/roles/nginx/tasks/main/config_deploy.yaml
@ -7,11 +7,11 @@
  when: nginx__use_custom_nginx_conf
  block:
    - name: when no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
-      when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists == false
+      when: not nginx__nginx_conf_ansiblesave_stat_result.stat.exists
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/nginx.conf.ansiblesave
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
        remote_src: true
@ -22,7 +22,7 @@
      ansible.builtin.copy:
        content: "{{ nginx__custom_nginx_conf }}"
        dest: "/etc/nginx/nginx.conf"
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
      become: true
@ -36,7 +36,7 @@
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/nginx.conf
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
        remote_src: true
@ -55,7 +55,7 @@
  ansible.builtin.get_url:
    force: true
    dest: /etc/nginx-mozilla-dhparam
-    mode: 0644
+    mode: "0644"
    url: https://ssl-config.mozilla.org/ffdhe2048.txt
  become: true
  notify: Restart `nginx.service`
@ -71,7 +71,7 @@
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/conf.d/tls.conf
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
        src: tls.conf
@ -89,7 +89,7 @@
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/conf.d/redirect.conf
-        mode: 0644
+        mode: "0644"
        owner: root
        group: root
        src: redirect.conf
@ -104,7 +104,7 @@
  ansible.builtin.copy:
    content: "{{ item.content }}"
    dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
-    mode: 0644
+    mode: "0644"
    owner: root
    group: root
  become: true
Author	SHA1	Message	Date
June	dffb5e307a	check.yaml: add logic for printing all .dpkg-* files Some checks failed / Ansible Lint (push) Failing after 1m40s Details	2024-12-02 00:32:51 +01:00
June	dc0017c79a	check.yaml: introduce check playbook with it printing host distro info This playbook is for checking various host parameters.	2024-12-02 00:32:51 +01:00
June	e6d6d9eed0	report changed properly for "deactivate short moduli" task Some checks failed / Ansible Lint (pull_request) Successful in 1m34s Details / Ansible Lint (push) Failing after 1m29s Details This fixes the ansible-lint no-changed-when complaint and also allows to notify the reboot handler.	2024-12-01 22:20:15 +01:00
June	e3a29c422a	convert two reboot tasks running on changed to handlers Some checks failed / Ansible Lint (push) Failing after 1m37s Details This fixes ansible-lint no-handler complaints.	2024-12-01 04:38:07 +01:00
June	db02969168	add CI running ansible-lint Some checks failed / Ansible Lint (push) Failing after 1m32s Details	2024-12-01 04:16:42 +01:00
June	d3d37e2e4c	exclude .forgejo/ directory from ansible-lint	2024-11-24 01:08:13 +01:00
June	cf5e6c4e1a	fix ansible-lint error by not comparing to literal false	2024-11-23 02:56:16 +01:00
June	bb24e6fd5a	disable name[casing] check in ansible-lint config	2024-11-23 02:53:06 +01:00
June	4ff826e508	add .ansible-lint config with setting to skip yaml line-length check	2024-11-23 02:50:37 +01:00
June	4060dbbe21	fix all ansible-lint yaml errors (except for line-length)	2024-11-23 02:49:23 +01:00
June	a6453711d8	add .yamllint.yaml for some nicer yaml configuration for ansible-lint	2024-11-23 02:31:31 +01:00
June	6dcf254a24	add .editorconfig to ensure some style and format consistency	2024-11-23 02:11:48 +01:00