Add linter

This commit is contained in:
Albert Stefanov 2024-02-19 10:56:04 +02:00
parent 78b894192c
commit dc997a359e
9 changed files with 24 additions and 9 deletions

1
ansible/.ansible-lint Normal file
View File

@ -0,0 +1 @@
profile: production

1
ansible/lint.sh Executable file
View File

@ -0,0 +1 @@
ansible-lint roles/*/tasks/main.yml tasks/*.yml

View File

@ -7,7 +7,7 @@
- keycloak.db.password is defined - keycloak.db.password is defined
- name: Create PostgreSQL database - name: Create PostgreSQL database
ansible.builtin.include_tasks: create_postgres_db.yml ansible.builtin.include_tasks: tasks/create_postgres_db.yml
vars: vars:
user: "{{ keycloak.db.user }}" user: "{{ keycloak.db.user }}"
database: "{{ keycloak.db.database }}" database: "{{ keycloak.db.database }}"
@ -29,6 +29,7 @@
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
path: "{{ item }}" path: "{{ item }}"
mode: "755"
with_items: with_items:
- "{{ keycloak.datadir }}/keystore/" - "{{ keycloak.datadir }}/keystore/"
@ -36,6 +37,7 @@
ansible.builtin.template: ansible.builtin.template:
src: units/sso-keycloak.container.j2 src: units/sso-keycloak.container.j2
dest: ~/.config/containers/systemd/sso-keycloak.container dest: ~/.config/containers/systemd/sso-keycloak.container
mode: "644"
become: true become: true
become_user: "{{ keycloak.podman.user }}" become_user: "{{ keycloak.podman.user }}"
@ -55,7 +57,7 @@
keycloak-db-user: "{{ keycloak.db.user }}" keycloak-db-user: "{{ keycloak.db.user }}"
keycloak-db-password: "{{ keycloak.db.password }}" keycloak-db-password: "{{ keycloak.db.password }}"
with_dict: "{{ secrets }}" with_dict: "{{ secrets }}"
no_log: true # Secret values no_log: true
become: true become: true
become_user: "{{ keycloak.podman.user }}" become_user: "{{ keycloak.podman.user }}"
@ -71,7 +73,7 @@
become_user: "{{ keycloak.podman.user }}" become_user: "{{ keycloak.podman.user }}"
- name: Set up reverse proxy - name: Set up reverse proxy
ansible.builtin.include_tasks: create_vhost.yml ansible.builtin.include_tasks: tasks/create_vhost.yml
vars: vars:
external_url: "{{ keycloak.reverse_proxy.external_url }}" external_url: "{{ keycloak.reverse_proxy.external_url }}"
proxy_url: "{{ keycloak.reverse_proxy.proxy_url }}" proxy_url: "{{ keycloak.reverse_proxy.proxy_url }}"

View File

@ -1,9 +1,9 @@
--- ---
- name: Set up OpenLDAP - name: Set up OpenLDAP
include_tasks: ldap.yml ansible.builtin.include_tasks: ldap.yml
- name: Set up Keycloak - name: Set up Keycloak
include_tasks: keycloak.yml ansible.builtin.include_tasks: keycloak.yml
vars: vars:
keycloak: "{{ keycloak_config }}" keycloak: "{{ keycloak_config }}"

View File

@ -14,12 +14,14 @@
src: nftables.service src: nftables.service
dest: /etc/systemd/system/nftables.service dest: /etc/systemd/system/nftables.service
state: present state: present
mode: "644"
when: ansible_facts.services['nftables.service'] is not defined when: ansible_facts.services['nftables.service'] is not defined
- name: Add config file - name: Add config file
ansible.builtin.template: ansible.builtin.template:
src: nftables.conf.j2 src: nftables.conf.j2
dest: "{{ nftables_main_file[ansible_os_family] | default('/etc/nftables.conf') }}" dest: "{{ nftables_main_file[ansible_os_family] | default('/etc/nftables.conf') }}"
mode: "644"
vars: vars:
nftables_main_file: nftables_main_file:
Debian: /etc/nftables.conf Debian: /etc/nftables.conf
@ -29,6 +31,7 @@
ansible.builtin.file: ansible.builtin.file:
name: "{{ item }}" name: "{{ item }}"
state: directory state: directory
mode: "755"
with_items: with_items:
- /etc/nftables/input.d - /etc/nftables/input.d
- /etc/nftables/forward.d - /etc/nftables/forward.d

View File

@ -20,7 +20,7 @@
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: "{{ user }}" user: "{{ user }}"
key: "{{ lookup('file', '../../access/keys/' + item + '.pub') }}" key: "{{ lookup('file', '../../access/keys/' + item + '.pub') }}"
state: present # Note: we don't remove other/existing keys state: present # Note: we don't remove other/existing keys
with_items: "{{ global_ssh_keys + (ssh_keys[user] | default([])) + (ssh_keys['*'] | default([])) }}" with_items: "{{ global_ssh_keys + (ssh_keys[user] | default([])) + (ssh_keys['*'] | default([])) }}"
@ -28,10 +28,12 @@
ansible.builtin.file: ansible.builtin.file:
path: ~/.config/containers/systemd path: ~/.config/containers/systemd
state: directory state: directory
mode: "755"
become: true become: true
become_user: "{{ user }}" become_user: "{{ user }}"
# Note: We check whether lingering is already enabled so we show as OK/skipped instead of changed # Note: We check whether lingering is already enabled
# so we don't execute the command if not needed
- name: Check if user is lingering - name: Check if user is lingering
ansible.builtin.stat: ansible.builtin.stat:
path: "/var/lib/systemd/linger/{{ user }}" path: "/var/lib/systemd/linger/{{ user }}"
@ -41,3 +43,4 @@
ansible.builtin.command: "loginctl enable-linger {{ user }}" ansible.builtin.command: "loginctl enable-linger {{ user }}"
when: when:
- not user_lingering.stat.exists - not user_lingering.stat.exists
changed_when: not user_lingering.stat.exists

View File

@ -9,11 +9,13 @@
ansible.builtin.copy: ansible.builtin.copy:
src: Caddyfile src: Caddyfile
dest: /etc/caddy/Caddyfile dest: /etc/caddy/Caddyfile
mode: "644"
- name: Create site config directories - name: Create site config directories
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
mode: "755"
with_items: with_items:
- /etc/caddy/sites-available - /etc/caddy/sites-available
- /etc/caddy/sites-enabled - /etc/caddy/sites-enabled
@ -25,6 +27,7 @@
state: directory state: directory
owner: caddy owner: caddy
group: caddy group: caddy
mode: "755"
with_items: with_items:
- /var/log/caddy - /var/log/caddy
@ -38,5 +41,6 @@
ansible.builtin.copy: ansible.builtin.copy:
dest: /etc/nftables/input.d/caddy.nft dest: /etc/nftables/input.d/caddy.nft
src: caddy.nft src: caddy.nft
mode: "644"
when: firewall is defined when: firewall is defined
notify: Restart nftables notify: Restart nftables

View File

@ -15,6 +15,7 @@
ansible.builtin.template: ansible.builtin.template:
src: "{{ template_file | default('vhost.caddy.j2') }}" src: "{{ template_file | default('vhost.caddy.j2') }}"
dest: "/etc/caddy/sites-available/{{ app_name }}.caddy" dest: "/etc/caddy/sites-available/{{ app_name }}.caddy"
mode: "644"
- name: Symlink vhost - name: Symlink vhost
ansible.builtin.file: ansible.builtin.file: