Add lint configuration and CI and fix the identified errors #14

Merged
june merged 10 commits from lint_and_ci into main 2024-12-01 22:26:24 +01:00
15 changed files with 759 additions and 761 deletions
Showing only changes of commit 4060dbbe21 - Show all commits

View file

@ -1,5 +1,5 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/ccchoir/compose.yaml.j2') }}" docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/ccchoir/compose.yaml.j2') }}"
docker_compose__configuration_files: [] docker_compose__configuration_files: [ ]
certbot__version_spec: "" certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de certbot__acme_account_email_address: le-admin@hamburg.ccc.de

View file

@ -1,5 +1,5 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pad/compose.yaml.j2') }}" docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pad/compose.yaml.j2') }}"
docker_compose__configuration_files: [] docker_compose__configuration_files: [ ]
certbot__version_spec: "" certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de certbot__acme_account_email_address: le-admin@hamburg.ccc.de

View file

@ -1,5 +1,5 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pretalx/compose.yaml.j2') }}" docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pretalx/compose.yaml.j2') }}"
docker_compose__configuration_files: [] docker_compose__configuration_files: [ ]
certbot__version_spec: "" certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de certbot__acme_account_email_address: le-admin@hamburg.ccc.de

View file

@ -1,5 +1,5 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/zammad/compose.yaml.j2') }}" docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/zammad/compose.yaml.j2') }}"
docker_compose__configuration_files: [] docker_compose__configuration_files: [ ]
certbot__version_spec: "" certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de certbot__acme_account_email_address: le-admin@hamburg.ccc.de

View file

@ -1,10 +1,9 @@
apiVersion: 1 apiVersion: 1
datasources: datasources:
- name: Prometheus - name: Prometheus
type: prometheus type: prometheus
url: http://prometheus:9090 url: http://prometheus:9090
isDefault: true isDefault: true
access: proxy access: proxy
editable: true editable: true

View file

@ -5,110 +5,110 @@ global:
alerting: alerting:
alertmanagers: alertmanagers:
- scheme: http - scheme: http
timeout: 10s timeout: 10s
static_configs: static_configs:
- targets: - targets:
- "alertmanager:9093" - "alertmanager:9093"
rule_files: rule_files:
- "/etc/prometheus/rules/*.rules.yaml" - "/etc/prometheus/rules/*.rules.yaml"
scrape_configs: scrape_configs:
- job_name: prometheus - job_name: prometheus
honor_timestamps: true honor_timestamps: true
metrics_path: /metrics metrics_path: /metrics
scheme: http scheme: http
static_configs: static_configs:
- targets: - targets:
- localhost:9090 - localhost:9090
- job_name: alertmanager - job_name: alertmanager
honor_timestamps: true honor_timestamps: true
metrics_path: /metrics metrics_path: /metrics
scheme: http scheme: http
static_configs: static_configs:
- targets: - targets:
- alertmanager:9093 - alertmanager:9093
- job_name: c3lingo - job_name: c3lingo
honor_timestamps: true honor_timestamps: true
scrape_interval: 5s scrape_interval: 5s
scrape_timeout: 1s scrape_timeout: 1s
metrics_path: /mumblestats/metrics metrics_path: /mumblestats/metrics
scheme: https scheme: https
static_configs: static_configs:
- targets: - targets:
- mumble.c3lingo.org:443 - mumble.c3lingo.org:443
- job_name: mumble - job_name: mumble
honor_timestamps: true honor_timestamps: true
scrape_interval: 5s scrape_interval: 5s
scrape_timeout: 1s scrape_timeout: 1s
metrics_path: /metrics metrics_path: /metrics
scheme: https scheme: https
static_configs: static_configs:
- targets: - targets:
- mumble.hamburg.ccc.de:443 - mumble.hamburg.ccc.de:443
- job_name: opnsense-ccchh - job_name: opnsense-ccchh
honor_timestamps: true honor_timestamps: true
metrics_path: /metrics metrics_path: /metrics
scheme: http scheme: http
static_configs: static_configs:
- targets: - targets:
- 185.161.129.132:9100 - 185.161.129.132:9100
- job_name: jitsi - job_name: jitsi
honor_timestamps: true honor_timestamps: true
scrape_interval: 5s scrape_interval: 5s
scrape_timeout: 1s scrape_timeout: 1s
metrics_path: /metrics metrics_path: /metrics
scheme: http scheme: http
static_configs: static_configs:
- targets: - targets:
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge - jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
- job_name: 'pve' - job_name: 'pve'
static_configs: static_configs:
- targets: - targets:
- 212.12.48.126 # chaosknoten - 212.12.48.126 # chaosknoten
metrics_path: /pve metrics_path: /pve
params: params:
module: [default] module: [ default ]
cluster: ['1'] cluster: [ '1' ]
node: ['1'] node: [ '1' ]
relabel_configs: relabel_configs:
- source_labels: [__address__] - source_labels: [ __address__ ]
target_label: __param_target target_label: __param_target
- source_labels: [__param_target] - source_labels: [ __param_target ]
target_label: instance target_label: instance
- target_label: __address__ - target_label: __address__
replacement: pve-exporter:9221 replacement: pve-exporter:9221
- job_name: hosts - job_name: hosts
static_configs: static_configs:
# Wieske Chaosknoten VMs # Wieske Chaosknoten VMs
- labels: - labels:
site: wieske site: wieske
type: virtual_machine type: virtual_machine
hypervisor: chaosknoten hypervisor: chaosknoten
targets: targets:
- netbox-intern.hamburg.ccc.de:9100 - netbox-intern.hamburg.ccc.de:9100
- matrix-intern.hamburg.ccc.de:9100 - matrix-intern.hamburg.ccc.de:9100
- public-web-static-intern.hamburg.ccc.de:9100 - public-web-static-intern.hamburg.ccc.de:9100
- git-intern.hamburg.ccc.de:9100 - git-intern.hamburg.ccc.de:9100
- forgejo-actions-runner-intern.hamburg.ccc.de:9100 - forgejo-actions-runner-intern.hamburg.ccc.de:9100
- eh22-wiki-intern.hamburg.ccc.de:9100 - eh22-wiki-intern.hamburg.ccc.de:9100
- nix-box-june-intern.hamburg.ccc.de:9100 - nix-box-june-intern.hamburg.ccc.de:9100
- mjolnir-intern.hamburg.ccc.de:9100 - mjolnir-intern.hamburg.ccc.de:9100
- woodpecker-intern.hamburg.ccc.de:9100 - woodpecker-intern.hamburg.ccc.de:9100
- penpot-intern.hamburg.ccc.de:9100 - penpot-intern.hamburg.ccc.de:9100
- jitsi.hamburg.ccc.de:9100 - jitsi.hamburg.ccc.de:9100
- onlyoffice-intern.hamburg.ccc.de:9100 - onlyoffice-intern.hamburg.ccc.de:9100
- ccchoir-intern.hamburg.ccc.de:9100 - ccchoir-intern.hamburg.ccc.de:9100
- tickets-intern.hamburg.ccc.de:9100 - tickets-intern.hamburg.ccc.de:9100
- keycloak-intern.hamburg.ccc.de:9100 - keycloak-intern.hamburg.ccc.de:9100
- onlyoffice-intern.hamburg.ccc.de:9100 - onlyoffice-intern.hamburg.ccc.de:9100
- pad-intern.hamburg.ccc.de:9100 - pad-intern.hamburg.ccc.de:9100
- wiki-intern.hamburg.ccc.de:9100 - wiki-intern.hamburg.ccc.de:9100
- zammad-intern.hamburg.ccc.de:9100 - zammad-intern.hamburg.ccc.de:9100
- pretalx-intern.hamburg.ccc.de:9100 - pretalx-intern.hamburg.ccc.de:9100
- labels: - labels:
site: wieske site: wieske
type: physical_machine type: physical_machine
targets: targets:
- chaosknoten.hamburg.ccc.de:9100 - chaosknoten.hamburg.ccc.de:9100

View file

@ -5,21 +5,21 @@ services:
container_name: mailman-core container_name: mailman-core
hostname: mailman-core hostname: mailman-core
volumes: volumes:
- /opt/mailman/core:/opt/mailman/ - /opt/mailman/core:/opt/mailman/
stop_grace_period: 30s stop_grace_period: 30s
links: links:
- database:database - database:database
depends_on: depends_on:
- database - database
environment: environment:
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
- DATABASE_TYPE=postgres - DATABASE_TYPE=postgres
- DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86 - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
- MTA=postfix - MTA=postfix
ports: ports:
- "127.0.0.1:8001:8001" # API - "127.0.0.1:8001:8001" # API
- "127.0.0.1:8024:8024" # LMTP - incoming emails - "127.0.0.1:8024:8024" # LMTP - incoming emails
networks: networks:
mailman: mailman:
@ -29,36 +29,36 @@ services:
container_name: mailman-web container_name: mailman-web
hostname: mailman-web hostname: mailman-web
depends_on: depends_on:
- database - database
links: links:
- mailman-core:mailman-core - mailman-core:mailman-core
- database:database - database:database
volumes: volumes:
- /opt/mailman/web:/opt/mailman-web-data - /opt/mailman/web:/opt/mailman-web-data
environment: environment:
- DATABASE_TYPE=postgres - DATABASE_TYPE=postgres
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
- "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org" - "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86 - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
- SERVE_FROM_DOMAIN=lists.hamburg.ccc.de - SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
- SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt - SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
- MAILMAN_ADMIN_USER=ccchh-admin - MAILMAN_ADMIN_USER=ccchh-admin
- MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de - MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
ports: ports:
- "127.0.0.1:8000:8000" # HTTP - "127.0.0.1:8000:8000" # HTTP
- "127.0.0.1:8080:8080" # uwsgi - "127.0.0.1:8080:8080" # uwsgi
networks: networks:
mailman: mailman:
database: database:
restart: unless-stopped restart: unless-stopped
environment: environment:
- POSTGRES_DB=mailmandb - POSTGRES_DB=mailmandb
- POSTGRES_USER=mailman - POSTGRES_USER=mailman
- POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
image: postgres:12-alpine image: postgres:12-alpine
volumes: volumes:
- /opt/mailman/database:/var/lib/postgresql/data - /opt/mailman/database:/var/lib/postgresql/data
networks: networks:
mailman: mailman:
@ -68,5 +68,5 @@ networks:
ipam: ipam:
driver: default driver: default
config: config:
- -
subnet: 172.19.199.0/24 subnet: 172.19.199.0/24

View file

@ -1,15 +1,15 @@
- name: update, upgrade and potentially reboot - name: update, upgrade and potentially reboot
become: true become: true
block: block:
- name: apt-get update - name: apt-get update
ansible.builtin.apt: ansible.builtin.apt:
update-cache: true update-cache: true
- name: apt-get dist-upgrade - name: apt-get dist-upgrade
ansible.builtin.apt: ansible.builtin.apt:
upgrade: dist upgrade: dist
register: apt_update_and_upgrade__upgrade_result register: apt_update_and_upgrade__upgrade_result
- name: reboot, after package upgrade - name: reboot, after package upgrade
ansible.builtin.reboot: ansible.builtin.reboot:
when: apt_update_and_upgrade__upgrade_result.changed when: apt_update_and_upgrade__upgrade_result.changed

View file

@ -3,21 +3,21 @@
become: true become: true
block: block:
- name: deploy `sshd_config` - name: deploy `sshd_config`
ansible.builtin.template: ansible.builtin.template:
force: true force: true
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
mode: 0644 mode: "0644"
owner: root owner: root
group: root group: root
src: sshd_config.j2 src: sshd_config.j2
register: deploy_ssh_server_config__ssh_config_copy_result register: deploy_ssh_server_config__ssh_config_copy_result
- name: deactivate short moduli - name: deactivate short moduli
ansible.builtin.shell: ansible.builtin.shell:
cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli
# Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection. # Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
- name: reboot, if ssh server config got changed - name: reboot, if ssh server config got changed
ansible.builtin.reboot: ansible.builtin.reboot:
when: deploy_ssh_server_config__ssh_config_copy_result.changed when: deploy_ssh_server_config__ssh_config_copy_result.changed

View file

@ -4,4 +4,3 @@
user: chaos user: chaos
exclusive: true exclusive: true
key: https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys key: https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys

View file

@ -11,10 +11,10 @@ dependencies:
- role: nginx - role: nginx
vars: vars:
nginx__version_spec: "{{ nextcloud__nginx_version_spec }}" nginx__version_spec: "{{ nextcloud__nginx_version_spec }}"
nginx__configurations: nginx__configurations:
- name: "{{ nextcloud__fqdn }}" - name: "{{ nextcloud__fqdn }}"
content: "{{ lookup('ansible.builtin.template', 'nginx_nextcloud.conf.j2') }}" content: "{{ lookup('ansible.builtin.template', 'nginx_nextcloud.conf.j2') }}"
- role: docker_compose - role: docker_compose
vars: vars:
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'compose.yaml.j2') }}" docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'compose.yaml.j2') }}"
docker_compose__configuration_files: [] docker_compose__configuration_files: [ ]

View file

@ -1,5 +1,5 @@
nginx__deploy_redirect_conf: true nginx__deploy_redirect_conf: true
nginx__deploy_tls_conf: true nginx__deploy_tls_conf: true
nginx__configurations: [] nginx__configurations: [ ]
nginx__use_custom_nginx_conf: false nginx__use_custom_nginx_conf: false
nginx__custom_nginx_conf: "" nginx__custom_nginx_conf: ""

View file

@ -11,7 +11,7 @@
ansible.builtin.copy: ansible.builtin.copy:
force: true force: true
dest: /etc/nginx/nginx.conf.ansiblesave dest: /etc/nginx/nginx.conf.ansiblesave
mode: 0644 mode: "0644"
owner: root owner: root
group: root group: root
remote_src: true remote_src: true
@ -22,7 +22,7 @@
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ nginx__custom_nginx_conf }}" content: "{{ nginx__custom_nginx_conf }}"
dest: "/etc/nginx/nginx.conf" dest: "/etc/nginx/nginx.conf"
mode: 0644 mode: "0644"
owner: root owner: root
group: root group: root
become: true become: true
@ -36,7 +36,7 @@
ansible.builtin.copy: ansible.builtin.copy:
force: true force: true
dest: /etc/nginx/nginx.conf dest: /etc/nginx/nginx.conf
mode: 0644 mode: "0644"
owner: root owner: root
group: root group: root
remote_src: true remote_src: true
@ -55,7 +55,7 @@
ansible.builtin.get_url: ansible.builtin.get_url:
force: true force: true
dest: /etc/nginx-mozilla-dhparam dest: /etc/nginx-mozilla-dhparam
mode: 0644 mode: "0644"
url: https://ssl-config.mozilla.org/ffdhe2048.txt url: https://ssl-config.mozilla.org/ffdhe2048.txt
become: true become: true
notify: Restart `nginx.service` notify: Restart `nginx.service`
@ -71,7 +71,7 @@
ansible.builtin.copy: ansible.builtin.copy:
force: true force: true
dest: /etc/nginx/conf.d/tls.conf dest: /etc/nginx/conf.d/tls.conf
mode: 0644 mode: "0644"
owner: root owner: root
group: root group: root
src: tls.conf src: tls.conf
@ -89,7 +89,7 @@
ansible.builtin.copy: ansible.builtin.copy:
force: true force: true
dest: /etc/nginx/conf.d/redirect.conf dest: /etc/nginx/conf.d/redirect.conf
mode: 0644 mode: "0644"
owner: root owner: root
group: root group: root
src: redirect.conf src: redirect.conf
@ -104,7 +104,7 @@
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ item.content }}" content: "{{ item.content }}"
dest: "/etc/nginx/conf.d/{{ item.name }}.conf" dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
mode: 0644 mode: "0644"
owner: root owner: root
group: root group: root
become: true become: true

View file

@ -2,4 +2,4 @@ collections:
# Install a collection from Ansible Galaxy. # Install a collection from Ansible Galaxy.
- name: debops.debops - name: debops.debops
version: ">=3.1.0" version: ">=3.1.0"
source: https://galaxy.ansible.com source: https://galaxy.ansible.com