Add linter

This commit is contained in:
Albert Stefanov 2024-02-19 10:56:04 +02:00
parent 78b894192c
commit dc997a359e
9 changed files with 24 additions and 9 deletions

1
ansible/.ansible-lint Normal file
View File

@ -0,0 +1 @@
profile: production

1
ansible/lint.sh Executable file
View File

@ -0,0 +1 @@
ansible-lint roles/*/tasks/main.yml tasks/*.yml

View File

@ -7,7 +7,7 @@
- keycloak.db.password is defined
- name: Create PostgreSQL database
ansible.builtin.include_tasks: create_postgres_db.yml
ansible.builtin.include_tasks: tasks/create_postgres_db.yml
vars:
user: "{{ keycloak.db.user }}"
database: "{{ keycloak.db.database }}"
@ -29,6 +29,7 @@
ansible.builtin.file:
state: directory
path: "{{ item }}"
mode: "755"
with_items:
- "{{ keycloak.datadir }}/keystore/"
@ -36,6 +37,7 @@
ansible.builtin.template:
src: units/sso-keycloak.container.j2
dest: ~/.config/containers/systemd/sso-keycloak.container
mode: "644"
become: true
become_user: "{{ keycloak.podman.user }}"
@ -55,7 +57,7 @@
keycloak-db-user: "{{ keycloak.db.user }}"
keycloak-db-password: "{{ keycloak.db.password }}"
with_dict: "{{ secrets }}"
no_log: true # Secret values
no_log: true
become: true
become_user: "{{ keycloak.podman.user }}"
@ -71,7 +73,7 @@
become_user: "{{ keycloak.podman.user }}"
- name: Set up reverse proxy
ansible.builtin.include_tasks: create_vhost.yml
ansible.builtin.include_tasks: tasks/create_vhost.yml
vars:
external_url: "{{ keycloak.reverse_proxy.external_url }}"
proxy_url: "{{ keycloak.reverse_proxy.proxy_url }}"

View File

@ -1,9 +1,9 @@
---
- name: Set up OpenLDAP
include_tasks: ldap.yml
ansible.builtin.include_tasks: ldap.yml
- name: Set up Keycloak
include_tasks: keycloak.yml
ansible.builtin.include_tasks: keycloak.yml
vars:
keycloak: "{{ keycloak_config }}"

View File

@ -14,12 +14,14 @@
src: nftables.service
dest: /etc/systemd/system/nftables.service
state: present
mode: "644"
when: ansible_facts.services['nftables.service'] is not defined
- name: Add config file
ansible.builtin.template:
src: nftables.conf.j2
dest: "{{ nftables_main_file[ansible_os_family] | default('/etc/nftables.conf') }}"
mode: "644"
vars:
nftables_main_file:
Debian: /etc/nftables.conf
@ -29,6 +31,7 @@
ansible.builtin.file:
name: "{{ item }}"
state: directory
mode: "755"
with_items:
- /etc/nftables/input.d
- /etc/nftables/forward.d

View File

@ -28,10 +28,12 @@
ansible.builtin.file:
path: ~/.config/containers/systemd
state: directory
mode: "755"
become: true
become_user: "{{ user }}"
# Note: We check whether lingering is already enabled so we show as OK/skipped instead of changed
# Note: We check whether lingering is already enabled
# so we don't execute the command if not needed
- name: Check if user is lingering
ansible.builtin.stat:
path: "/var/lib/systemd/linger/{{ user }}"
@ -41,3 +43,4 @@
ansible.builtin.command: "loginctl enable-linger {{ user }}"
when:
- not user_lingering.stat.exists
changed_when: not user_lingering.stat.exists

View File

@ -9,11 +9,13 @@
ansible.builtin.copy:
src: Caddyfile
dest: /etc/caddy/Caddyfile
mode: "644"
- name: Create site config directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: "755"
with_items:
- /etc/caddy/sites-available
- /etc/caddy/sites-enabled
@ -25,6 +27,7 @@
state: directory
owner: caddy
group: caddy
mode: "755"
with_items:
- /var/log/caddy
@ -38,5 +41,6 @@
ansible.builtin.copy:
dest: /etc/nftables/input.d/caddy.nft
src: caddy.nft
mode: "644"
when: firewall is defined
notify: Restart nftables

View File

@ -15,6 +15,7 @@
ansible.builtin.template:
src: "{{ template_file | default('vhost.caddy.j2') }}"
dest: "/etc/caddy/sites-available/{{ app_name }}.caddy"
mode: "644"
- name: Symlink vhost
ansible.builtin.file: