Chore/Upgrade ansible-lint profile to safety

andre-gonzalez · Jul 18, 2024 · a6b79b8 · a6b79b8
1 parent c600dad
commit a6b79b8
Show file tree

Hide file tree

Showing 36 changed files with 91 additions and 77 deletions.
diff --git a/.config/ansible-lint-ignore.txt b/.config/ansible-lint-ignore.txt
@@ -0,0 +1,3 @@
+# To skip a rule just enter filename and tag, like "playbook.yml package-latest"
+
+roles/light_workstation/tasks/dotfiles.yml command-instead-of-module
diff --git a/.ansible-lint → .config/ansible-lint.yml b/.ansible-lint → .config/ansible-lint.yml
@@ -1,5 +1,5 @@
 ---
-profile: min # min, basic, moderate,safety, shared, production
+profile: safety # min, basic, moderate, safety, shared, production
 
 # Allows dumping of results in SARIF format
 # sarif_file: result.sarif
@@ -57,15 +57,16 @@ use_default_rules: true
 # still visible, making it easier to address later.
 skip_list:
   - ignore-errors
+  - schema[tasks]
 
 # Ansible-lint does not automatically load rules that have the 'opt-in' tag.
 # You must enable opt-in rules by listing each rule 'id' below.
 enable_list:
-  - args
-  - empty-string-compare # opt-in
-  - no-log-password # opt-in
-  - no-same-owner # opt-in
-  - name[prefix] # opt-in
+  # - args
+  # - empty-string-compare # opt-in
+  # - no-log-password # opt-in
+  # - no-same-owner # opt-in
+  # - name[prefix] # opt-in
   # add yaml here if you want to avoid ignoring yaml checks when yamllint
   # library is missing. Normally its absence just skips using that rule.
   - yaml

diff --git a/roles/base/tasks/cron.yml → roles/base/tasks/Cron.yml b/roles/base/tasks/cron.yml → roles/base/tasks/Cron.yml
diff --git a/roles/base/tasks/debug.yml → roles/base/tasks/Debug.yml b/roles/base/tasks/debug.yml → roles/base/tasks/Debug.yml
diff --git a/roles/base/tasks/fish.yml → roles/base/tasks/Fish.yml b/roles/base/tasks/fish.yml → roles/base/tasks/Fish.yml
diff --git a/roles/base/tasks/locale.yml → roles/base/tasks/Locale.yml b/roles/base/tasks/locale.yml → roles/base/tasks/Locale.yml
@@ -1,5 +1,5 @@
 ---
-- name: Install locale package when distribution is Ubuntu
+- name: Locale | Install locale package when distribution is Ubuntu
   tags:
     - locale
   ansible.builtin.package:
@@ -9,14 +9,14 @@
   become: true
   when: ansible_distribution in ["Ubuntu", "Debian"]
 
-- name: Set timezone to "{{ timezone }}"
+- name: Locale | Set timezone to "{{ timezone }}"
   tags:
     - timezone
   community.general.timezone:
     name: "{{ timezone }}"
   become: true
 
-- name: Ensure the locale exists
+- name: Locale | Ensure the locale exists
   tags:
     - locale
   community.general.locale_gen:

diff --git a/roles/base/tasks/neovim.yml → roles/base/tasks/Neovim.yml b/roles/base/tasks/neovim.yml → roles/base/tasks/Neovim.yml
diff --git a/roles/base/tasks/network.yml → roles/base/tasks/Network.yml b/roles/base/tasks/network.yml → roles/base/tasks/Network.yml
diff --git a/roles/base/tasks/packages.yml → roles/base/tasks/Packages.yml b/roles/base/tasks/packages.yml → roles/base/tasks/Packages.yml
diff --git a/roles/base/tasks/ssh.yml → roles/base/tasks/SSH.yml b/roles/base/tasks/ssh.yml → roles/base/tasks/SSH.yml
diff --git a/roles/base/tasks/security.yml → roles/base/tasks/Security.yml b/roles/base/tasks/security.yml → roles/base/tasks/Security.yml
diff --git a/roles/base/tasks/tailscale.yml → roles/base/tasks/Tailscale.yml b/roles/base/tasks/tailscale.yml → roles/base/tasks/Tailscale.yml
@@ -126,7 +126,7 @@
     seconds: 5
   when: nonsensitive_stdout is not skipped
 
-- name: Install | Clear State Upon Error
+- name: Tailscale | Clear State Upon Error
   tags:
     - tailscale
   ansible.builtin.file:

diff --git a/roles/base/tasks/ufw.yml → roles/base/tasks/UFW.yml b/roles/base/tasks/ufw.yml → roles/base/tasks/UFW.yml
diff --git a/roles/base/tasks/users.yml → roles/base/tasks/Users.yml b/roles/base/tasks/users.yml → roles/base/tasks/Users.yml
@@ -1,42 +1,42 @@
 ---
-- name: Create frank group
+- name: Users | Create frank group
   tags:
     - users
   ansible.builtin.group:
     name: frank
     state: present
 
-- name: Create ansible group
+- name: Users | Create ansible group
   tags:
     - users
   ansible.builtin.group:
     name: ansible
     state: present
 
-- name: Set fact for Debian
+- name: Users | Set fact for Debian
   tags:
     - users
   ansible.builtin.set_fact:
-    sudo_group: sudo
+    base_sudo_group: sudo
   when: ansible_os_family == "Debian"
 
-- name: Set fact for ArchLinux
+- name: Users | Set fact for ArchLinux
   tags:
     - users
   ansible.builtin.set_fact:
-    sudo_group: wheel
+    base_sudo_group: wheel
   when: ansible_os_family == "Archlinux"
 
-- name: Users | frank | create user
+- name: Users | Create user {{ lookup('env', 'USER') }}
   tags:
     - users
   ansible.builtin.user:
     name: frank
     group: frank
-    groups: adm,{{ sudo_group }}
+    groups: adm,{{ base_sudo_group }}
     state: present
 
-- name: Create ansible user
+- name: Users | Create ansible user
   tags:
     - users
     - ansible
@@ -45,7 +45,7 @@
     system: true
   become: true
 
-- name: Copy sudoers_ansible
+- name: Users | Copy sudoers_ansible
   tags:
     - users
     - ansible

diff --git a/roles/base/tasks/keyboard-layout.yml b/roles/base/tasks/keyboard-layout.yml
@@ -1,5 +1,5 @@
 ---
-- name: Copy file vconsole.conf
+- name: keyboard-layout | Copy file vconsole.conf
   tags:
     - keyboard
   ansible.builtin.copy:

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
@@ -1,16 +1,16 @@
 ---
 - name: Base | Include tasks from debug play
-  ansible.builtin.include_tasks: tasks/debug.yml
+  ansible.builtin.include_tasks: tasks/Debug.yml
   tags:
     - debug
 
 - name: Base | Include tasks from users play
-  ansible.builtin.include_tasks: tasks/users.yml
+  ansible.builtin.include_tasks: tasks/Users.yml
   tags:
     - users
 
 - name: Base | Include tasks from ssh play
-  ansible.builtin.include_tasks: tasks/ssh.yml
+  ansible.builtin.include_tasks: tasks/SSH.yml
   tags:
     - ssh
 
@@ -20,55 +20,55 @@
     - keyboard
 
 - name: Base | Include tasks from locale play
-  ansible.builtin.include_tasks: tasks/locale.yml
+  ansible.builtin.include_tasks: tasks/Locale.yml
   tags:
     - timezone
     - locale
 
 - name: Base | Include tasks from cron play
-  ansible.builtin.include_tasks: tasks/cron.yml
+  ansible.builtin.include_tasks: tasks/Cron.yml
   tags:
     - cron
 
 - name: Base | Include tasks from packages play
-  ansible.builtin.include_tasks: tasks/packages.yml
+  ansible.builtin.include_tasks: tasks/Packages.yml
   tags:
     - packages
     - nvidia
 
 - name: Base | Include tasks from fish play
-  ansible.builtin.include_tasks: tasks/fish.yml
+  ansible.builtin.include_tasks: tasks/Fish.yml
   tags:
     - fish
 
 - name: Base | Include tasks from security play
-  ansible.builtin.include_tasks: tasks/security.yml
+  ansible.builtin.include_tasks: tasks/Security.yml
   tags:
     - security
     - fail2ban
     - apparmor
 
 - name: Base | Include tasks from ufw play
-  ansible.builtin.include_tasks: tasks/ufw.yml
+  ansible.builtin.include_tasks: tasks/UFW.yml
   tags:
     - ufw
 
 - name: Base | Include tasks from neovim play
-  ansible.builtin.include_tasks: tasks/neovim.yml
+  ansible.builtin.include_tasks: tasks/Neovim.yml
   tags:
     - neovim
     - git
     - aur
 
 - name: Base | Include tasks from network play
-  ansible.builtin.include_tasks: tasks/network.yml
+  ansible.builtin.include_tasks: tasks/Network.yml
   tags:
     - network
     - netbook
     - samsung_expert
     - aur
 
 - name: Base | Include tasks from tailscale play
-  ansible.builtin.include_tasks: tasks/tailscale.yml
+  ansible.builtin.include_tasks: tasks/Tailscale.yml
   tags:
     - tailscale
diff --git a/roles/base/tasks/tailscale-arch.yml b/roles/base/tasks/tailscale-arch.yml
@@ -1,5 +1,5 @@
 ---
-- name: Arch | Install Tailscale
+- name: tailscale-arch | Tailscale | Install Tailscale
   become: true
   community.general.pacman:
     name: "{{ tailscale_package }}"

diff --git a/roles/base/tasks/tailscale-debian.yml b/roles/base/tasks/tailscale-debian.yml
@@ -1,12 +1,12 @@
 ---
-- name: Debian | Apt Dependencies
+- name: tailscale-debian | Tailscale | Apt Dependencies
   become: true
   ansible.builtin.apt:
     name: "{{ tailscale_apt_dependencies }}"
     cache_valid_time: 3600
     state: present
 
-- name: Debian | Legacy Apt Dependencies
+- name: tailscale-debian | Tailscale | Legacy Apt Dependencies
   become: true
   ansible.builtin.apt:
     name: "{{ tailscale_legacy_apt_dependencies }}"
@@ -16,20 +16,20 @@
     - ansible_distribution_major_version != "testing"
     - ansible_distribution_major_version != "n/a"
 
-- name: Debian | Add Tailscale Signing Key
+- name: tailscale-debian | Tailscale | Add Tailscale Signing Key
   become: true
   ansible.builtin.get_url:
     url: "{{ tailscale_apt_signkey }}"
     dest: "{{ tailscale_apt_keyring_path }}"
     mode: "0644"
 
-- name: Debian | Add Tailscale Deb
+- name: tailscale-debian | Tailscale | Add Tailscale Deb
   become: true
   ansible.builtin.apt_repository:
     repo: "{{ tailscale_apt_deb }}"
     state: present
 
-- name: Debian | Install Tailscale
+- name: tailscale-debian | Tailscale | Install Tailscale
   become: true
   ansible.builtin.apt:
     name: "{{ tailscale_package }}"

diff --git a/roles/base/vars/Archlinux.yml b/roles/base/vars/Archlinux.yml
@@ -1,2 +1,2 @@
 ---
-sudo_group: wheel
+base_sudo_group: wheel
diff --git a/roles/base/vars/Debian.yml b/roles/base/vars/Debian.yml
@@ -1,2 +1,2 @@
 ---
-sudo_group: sudo
+base_sudo_group: sudo
diff --git a/roles/base/vars/Ubuntu.yml b/roles/base/vars/Ubuntu.yml
@@ -1,2 +1,2 @@
 ---
-sudo_group: sudo
+base_sudo_group: sudo
diff --git a/roles/heavy_workstation/tasks/docker.yml → roles/heavy_workstation/tasks/Docker.yml b/roles/heavy_workstation/tasks/docker.yml → roles/heavy_workstation/tasks/Docker.yml
diff --git a/roles/heavy_workstation/tasks/insync.yml → roles/heavy_workstation/tasks/Insync.yml b/roles/heavy_workstation/tasks/insync.yml → roles/heavy_workstation/tasks/Insync.yml
diff --git a/roles/heavy_workstation/tasks/libvirt.yml → roles/heavy_workstation/tasks/Libvirt.yml b/roles/heavy_workstation/tasks/libvirt.yml → roles/heavy_workstation/tasks/Libvirt.yml
diff --git a/roles/heavy_workstation/tasks/portmaster.yml → roles/heavy_workstation/tasks/Portmaster.yml b/roles/heavy_workstation/tasks/portmaster.yml → roles/heavy_workstation/tasks/Portmaster.yml
@@ -1,5 +1,5 @@
 ---
-- name: Install aur packages
+- name: Portmaster | Install aur packages
   tags:
     - portmaster
   kewlfft.aur.aur:
@@ -11,7 +11,7 @@
   when: ansible_distribution == "Archlinux"
   ignore_errors: true
 
-- name: Generate a file to start portmaster
+- name: Portmaster | Generate a file to start portmaster
   tags:
     - portmaster
   ansible.builtin.blockinfile:

diff --git a/roles/heavy_workstation/tasks/smtpd.yml → roles/heavy_workstation/tasks/SMTPD.yml b/roles/heavy_workstation/tasks/smtpd.yml → roles/heavy_workstation/tasks/SMTPD.yml
diff --git a/roles/heavy_workstation/tasks/samba.yml → roles/heavy_workstation/tasks/Samba.yml b/roles/heavy_workstation/tasks/samba.yml → roles/heavy_workstation/tasks/Samba.yml
@@ -1,5 +1,5 @@
 ---
-- name: Install samba packages
+- name: Samba | Install samba packages
   tags:
     - samba
   ansible.builtin.package:
@@ -12,15 +12,15 @@
   become: true
   when: ansible_distribution == "Archlinux"
 
-- name: Ensure group sambausers exists
+- name: Samba | Ensure group sambausers exists
   tags:
     - samba
   ansible.builtin.group:
     name: sambausers
     state: present
   become: true
 
-- name: Ensure /samba directory exists
+- name: Samba | Ensure /samba directory exists
   tags:
     - samba
   ansible.builtin.file:
@@ -30,7 +30,7 @@
     state: directory
   become: true
 
-- name: Copy file smb.conf to /etc/samba/
+- name: Samba | Copy file smb.conf to /etc/samba/
   tags:
     - samba
   ansible.builtin.copy:
@@ -42,7 +42,7 @@
   become: true
   notify: finish samba configuration
 
-- name: File to Allow samba in ufw
+- name: Samba | File to Allow samba in ufw
   tags:
     - samba
   ansible.builtin.copy:
@@ -53,24 +53,24 @@
     mode: "0644"
   become: true
 
-- name: Allow samba in ufw
+- name: Samba | Allow samba in ufw
   tags:
     - samba
   community.general.ufw:
     rule: allow
     name: Samba
   become: true
 
-- name: Create samba password and the user {{ lookup('env', 'USER') }}
+- name: Samba | Create samba password and the user {{ lookup('env', 'USER') }}
   tags:
     - samba
-  ansible.builtin.shell: (echo '{{ samba_pass }}'; echo '{{ samba_pass }}') | smbpasswd -s -a {{ lookup('env', 'USER') }}
+  ansible.builtin.shell: set -o pipefail && echo '{{ samba_pass }}'; echo '{{ samba_pass }}') | smbpasswd -s -a {{ lookup('env', 'USER') }}
   register: smbpasswd
   changed_when: "'Added user' in smbpasswd.stdout"
   become: true
   listen: finish samba configuration
 
-- name: Start samba (smb) service
+- name: Samba | Start samba (smb) service
   tags:
     - samba
   ansible.builtin.service:
@@ -80,7 +80,7 @@
   become: true
   listen: finish samba configuration
 
-- name: Start samba (nmb) service
+- name: Samba | Start samba (nmb) service
   tags:
     - samba
   ansible.builtin.service:

diff --git a/roles/heavy_workstation/tasks/syncthing.yml → roles/heavy_workstation/tasks/Syncthing.yml b/roles/heavy_workstation/tasks/syncthing.yml → roles/heavy_workstation/tasks/Syncthing.yml
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# To skip a rule just enter filename and tag, like "playbook.yml package-latest"

		roles/light_workstation/tasks/dotfiles.yml command-instead-of-module