Add linter
This commit is contained in:
parent
78b894192c
commit
dc997a359e
|
|
@ -0,0 +1 @@
|
|||
profile: production
|
||||
|
|
@ -0,0 +1 @@
|
|||
ansible-lint roles/*/tasks/main.yml tasks/*.yml
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
- keycloak.db.password is defined
|
||||
|
||||
- name: Create PostgreSQL database
|
||||
ansible.builtin.include_tasks: create_postgres_db.yml
|
||||
ansible.builtin.include_tasks: tasks/create_postgres_db.yml
|
||||
vars:
|
||||
user: "{{ keycloak.db.user }}"
|
||||
database: "{{ keycloak.db.database }}"
|
||||
|
|
@ -29,6 +29,7 @@
|
|||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ item }}"
|
||||
mode: "755"
|
||||
with_items:
|
||||
- "{{ keycloak.datadir }}/keystore/"
|
||||
|
||||
|
|
@ -36,6 +37,7 @@
|
|||
ansible.builtin.template:
|
||||
src: units/sso-keycloak.container.j2
|
||||
dest: ~/.config/containers/systemd/sso-keycloak.container
|
||||
mode: "644"
|
||||
become: true
|
||||
become_user: "{{ keycloak.podman.user }}"
|
||||
|
||||
|
|
@ -55,7 +57,7 @@
|
|||
keycloak-db-user: "{{ keycloak.db.user }}"
|
||||
keycloak-db-password: "{{ keycloak.db.password }}"
|
||||
with_dict: "{{ secrets }}"
|
||||
no_log: true # Secret values
|
||||
no_log: true
|
||||
|
||||
become: true
|
||||
become_user: "{{ keycloak.podman.user }}"
|
||||
|
|
@ -71,7 +73,7 @@
|
|||
become_user: "{{ keycloak.podman.user }}"
|
||||
|
||||
- name: Set up reverse proxy
|
||||
ansible.builtin.include_tasks: create_vhost.yml
|
||||
ansible.builtin.include_tasks: tasks/create_vhost.yml
|
||||
vars:
|
||||
external_url: "{{ keycloak.reverse_proxy.external_url }}"
|
||||
proxy_url: "{{ keycloak.reverse_proxy.proxy_url }}"
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
|
||||
- name: Set up OpenLDAP
|
||||
include_tasks: ldap.yml
|
||||
ansible.builtin.include_tasks: ldap.yml
|
||||
|
||||
- name: Set up Keycloak
|
||||
include_tasks: keycloak.yml
|
||||
ansible.builtin.include_tasks: keycloak.yml
|
||||
vars:
|
||||
keycloak: "{{ keycloak_config }}"
|
||||
|
|
|
|||
|
|
@ -14,12 +14,14 @@
|
|||
src: nftables.service
|
||||
dest: /etc/systemd/system/nftables.service
|
||||
state: present
|
||||
mode: "644"
|
||||
when: ansible_facts.services['nftables.service'] is not defined
|
||||
|
||||
- name: Add config file
|
||||
ansible.builtin.template:
|
||||
src: nftables.conf.j2
|
||||
dest: "{{ nftables_main_file[ansible_os_family] | default('/etc/nftables.conf') }}"
|
||||
mode: "644"
|
||||
vars:
|
||||
nftables_main_file:
|
||||
Debian: /etc/nftables.conf
|
||||
|
|
@ -29,6 +31,7 @@
|
|||
ansible.builtin.file:
|
||||
name: "{{ item }}"
|
||||
state: directory
|
||||
mode: "755"
|
||||
with_items:
|
||||
- /etc/nftables/input.d
|
||||
- /etc/nftables/forward.d
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
ansible.posix.authorized_key:
|
||||
user: "{{ user }}"
|
||||
key: "{{ lookup('file', '../../access/keys/' + item + '.pub') }}"
|
||||
state: present # Note: we don't remove other/existing keys
|
||||
state: present # Note: we don't remove other/existing keys
|
||||
with_items: "{{ global_ssh_keys + (ssh_keys[user] | default([])) + (ssh_keys['*'] | default([])) }}"
|
||||
|
||||
|
||||
|
|
@ -28,10 +28,12 @@
|
|||
ansible.builtin.file:
|
||||
path: ~/.config/containers/systemd
|
||||
state: directory
|
||||
mode: "755"
|
||||
become: true
|
||||
become_user: "{{ user }}"
|
||||
|
||||
# Note: We check whether lingering is already enabled so we show as OK/skipped instead of changed
|
||||
# Note: We check whether lingering is already enabled
|
||||
# so we don't execute the command if not needed
|
||||
- name: Check if user is lingering
|
||||
ansible.builtin.stat:
|
||||
path: "/var/lib/systemd/linger/{{ user }}"
|
||||
|
|
@ -41,3 +43,4 @@
|
|||
ansible.builtin.command: "loginctl enable-linger {{ user }}"
|
||||
when:
|
||||
- not user_lingering.stat.exists
|
||||
changed_when: not user_lingering.stat.exists
|
||||
|
|
|
|||
|
|
@ -9,11 +9,13 @@
|
|||
ansible.builtin.copy:
|
||||
src: Caddyfile
|
||||
dest: /etc/caddy/Caddyfile
|
||||
mode: "644"
|
||||
|
||||
- name: Create site config directories
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: "755"
|
||||
with_items:
|
||||
- /etc/caddy/sites-available
|
||||
- /etc/caddy/sites-enabled
|
||||
|
|
@ -25,6 +27,7 @@
|
|||
state: directory
|
||||
owner: caddy
|
||||
group: caddy
|
||||
mode: "755"
|
||||
with_items:
|
||||
- /var/log/caddy
|
||||
|
||||
|
|
@ -38,5 +41,6 @@
|
|||
ansible.builtin.copy:
|
||||
dest: /etc/nftables/input.d/caddy.nft
|
||||
src: caddy.nft
|
||||
mode: "644"
|
||||
when: firewall is defined
|
||||
notify: Restart nftables
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@
|
|||
ansible.builtin.template:
|
||||
src: "{{ template_file | default('vhost.caddy.j2') }}"
|
||||
dest: "/etc/caddy/sites-available/{{ app_name }}.caddy"
|
||||
mode: "644"
|
||||
|
||||
- name: Symlink vhost
|
||||
ansible.builtin.file:
|
||||
|
|
|
|||
Loading…
Reference in New Issue