From ef9d3d0beb649c319fa34c7725dfb70b559e41e7 Mon Sep 17 00:00:00 2001 From: Paul Brinkmeier Date: Thu, 15 Sep 2022 13:48:59 +0200 Subject: [PATCH] Fix ansible-lint failures --- ansible/group_vars/misc/vars.yaml | 2 +- ansible/playbooks/misc-docker.yaml | 26 ++++++------ ansible/playbooks/misc-setup.yaml | 36 ++++++++-------- ansible/playbooks/misc-sites.yaml | 6 ++- .../checkout_static_sites/tasks/main.yaml | 4 +- ansible/roles/docker/tasks/main.yaml | 41 ++++++++++--------- ansible/roles/install_nix/tasks/main.yaml | 2 +- 7 files changed, 63 insertions(+), 54 deletions(-) diff --git a/ansible/group_vars/misc/vars.yaml b/ansible/group_vars/misc/vars.yaml index 2363063..7930727 100644 --- a/ansible/group_vars/misc/vars.yaml +++ b/ansible/group_vars/misc/vars.yaml @@ -1,3 +1,3 @@ --- ansible_user: andi -ansible_python_interpreter: /usr/bin/python3 \ No newline at end of file +ansible_python_interpreter: /usr/bin/python3 diff --git a/ansible/playbooks/misc-docker.yaml b/ansible/playbooks/misc-docker.yaml index 7d2f46f..ace7a55 100644 --- a/ansible/playbooks/misc-docker.yaml +++ b/ansible/playbooks/misc-docker.yaml @@ -1,12 +1,13 @@ --- -- hosts: misc +- name: Update Docker configuration on shamash + hosts: misc tasks: - name: Add users for running containers - become: yes + become: true ansible.builtin.user: name: "{{ item.name }}" uid: "{{ item.uid }}" - create_home: no + create_home: false state: present loop: - name: jupyter @@ -17,13 +18,13 @@ state: present # All services that are behind Caddy need to be in this network - name: Create Caddy network - become: yes + become: true docker_network: name: caddy-network state: present - name: Upload docker configuration - become: yes - copy: + become: true + ansible.builtin.copy: src: ../../docker dest: /etc/pbri # Files should inaccessible to non-root users. @@ -31,19 +32,19 @@ # Directories should be listable directory_mode: u=rwx,g=rx,o=rx - name: Create directory for docker volumes - become: yes - file: + become: true + ansible.builtin.file: path: /var/lib/pbri/docker state: directory # Hide contents from non-root users mode: u=rwx,g=,o= - name: Set up docker stuff - become: yes + become: true docker_compose: project_src: "/etc/pbri/docker/{{ item.name }}" state: "{{ item.state }}" - build: yes - debug: yes + build: true + debug: true loop: - name: caddy state: present @@ -54,11 +55,10 @@ - name: codi state: present - name: Add Notebooks folder - become: yes + become: true ansible.builtin.file: path: /home/jupyter/Notebooks owner: jupyter group: jupyter state: directory mode: 0755 - diff --git a/ansible/playbooks/misc-setup.yaml b/ansible/playbooks/misc-setup.yaml index ee425cd..f0b8024 100644 --- a/ansible/playbooks/misc-setup.yaml +++ b/ansible/playbooks/misc-setup.yaml @@ -1,39 +1,41 @@ --- -- hosts: misc +- name: Basic setup for shamash (packages, Docker, Nix, sshd) + hosts: misc tasks: - name: Install basic packages - become: yes - apt: + become: true + ansible.builtin.apt: name: - vim - git - htop - tmux - update_cache: yes + update_cache: true tags: - apt - - include_role: + - name: Install and set up Docker and docker-compose + ansible.builtin.include_role: name: docker - - include_role: + - name: Install and set up Nix + ansible.builtin.include_role: name: install_nix - name: Install pip prerequisites - become: yes - apt: + become: true + ansible.builtin.apt: name: - python3-pip - python3-setuptools - python3-virtualenv - name: Install global python docker package - become: yes - pip: + become: true + ansible.builtin.pip: name: - docker - docker-compose - requests - name: Configure sshd - register: sshdconfig - become: yes - copy: + become: true + ansible.builtin.copy: dest: /etc/ssh/sshd_config.d/00_pbri.conf mode: u=rw,g=r,o=r # Included by /etc/ssh/sshd_config before other configuration @@ -44,9 +46,11 @@ AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no validate: /usr/sbin/sshd -T -f %s + notify: + - Restart sshd + + handlers: - name: Restart sshd - when: sshdconfig.changed - become: yes - service: + ansible.builtin.service: name: sshd state: restarted diff --git a/ansible/playbooks/misc-sites.yaml b/ansible/playbooks/misc-sites.yaml index 6be0e77..55af3cd 100644 --- a/ansible/playbooks/misc-sites.yaml +++ b/ansible/playbooks/misc-sites.yaml @@ -1,7 +1,9 @@ --- -- hosts: misc +- name: Check out static sites hosted on shamash + hosts: misc tasks: - - include_role: + - name: Check out static sites + ansible.builtin.include_role: name: checkout_static_sites vars: checkout_static_sites: diff --git a/ansible/roles/checkout_static_sites/tasks/main.yaml b/ansible/roles/checkout_static_sites/tasks/main.yaml index 42e099f..5217987 100644 --- a/ansible/roles/checkout_static_sites/tasks/main.yaml +++ b/ansible/roles/checkout_static_sites/tasks/main.yaml @@ -1,6 +1,6 @@ --- - name: Create static site directories - become: yes + become: true ansible.builtin.file: path: "{{ item.path }}" state: directory @@ -9,7 +9,7 @@ group: "{{ item.owner }}" loop: "{{ checkout_static_sites.checkouts }}" - name: Check out static site repositories - become: yes + become: true become_user: "{{ item.owner }}" ansible.builtin.git: dest: "{{ item.path }}" diff --git a/ansible/roles/docker/tasks/main.yaml b/ansible/roles/docker/tasks/main.yaml index 93ee022..8c71d08 100644 --- a/ansible/roles/docker/tasks/main.yaml +++ b/ansible/roles/docker/tasks/main.yaml @@ -1,38 +1,41 @@ --- - name: Install Docker installation prerequisites - become: yes - apt: - update_cache: yes - state: latest + become: true + ansible.builtin.apt: + update_cache: true + # Don't upgrade, only make sure that the packages are present + # state: latest name: - ca-certificates - curl - gnupg - lsb-release -- name: Add Docker GPG key - become: yes - shell: "curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg" +- name: Add Docker GPG key # noqa command-instead-of-module risky-shell-pipe + become: true + ansible.builtin.shell: "curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg" args: creates: /usr/share/keyrings/docker-archive-keyring.gpg -- name: Retrieve dpkg architecture - shell: dpkg --print-architecture +- name: Retrieve dpkg architecture # noqa command-instead-of-shell + ansible.builtin.shell: dpkg --print-architecture register: dpkg_architecture - changed_when: False + changed_when: false - name: Add Docker apt repository - become: yes - template: + become: true + ansible.builtin.template: src: docker.list.j2 dest: /etc/apt/sources.list.d/docker.list + mode: 0644 - name: Install Docker - become: yes - apt: - update_cache: yes - state: latest + become: true + ansible.builtin.apt: + update_cache: true + # Don't upgrade, only make sure that the packages are present + # state: latest name: - - docker-ce - - docker-ce-cli - - containerd.io + - docker-ce + - docker-ce-cli + - containerd.io diff --git a/ansible/roles/install_nix/tasks/main.yaml b/ansible/roles/install_nix/tasks/main.yaml index 5e8034d..53f497e 100644 --- a/ansible/roles/install_nix/tasks/main.yaml +++ b/ansible/roles/install_nix/tasks/main.yaml @@ -1,7 +1,7 @@ --- # Obvious race condition here that we are just going to ignore - name: Copy Nix installation script - become: yes + become: true ansible.builtin.copy: src: install-nix dest: /etc/pbri/install-nix