pleasing erdnaxe and yamllint

2021-12-04 21:55:14 +01:00 · 2021-12-04 21:55:14 +01:00 · afbc9f2b58
parent a8bf67f18e
commit afbc9f2b58
77 changed files with 170 additions and 174 deletions
--- a/.yamllint.yml
+++ b/.yamllint.yml
@ -2,6 +2,5 @@
 extends: default

 rules:
-  line-length:
-    level: warning
+  line-length: disable
 ...
--- a/group_vars/all/network_interfaces.yml
+++ b/group_vars/all/network_interfaces.yml
@ -1,3 +1,4 @@
+---
 glob_network_interfaces:
  vlan:
    - name: srv
--- a/group_vars/cachan/network_interfaces.yml
+++ b/group_vars/cachan/network_interfaces.yml
@ -1,3 +1,4 @@
+---
 glob_network_interfaces:
  vlan:
    - name: cachan_srv
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@ -7,7 +7,7 @@ glob_dhcp:
 glob_service_dhcp:
  name: dhcp
  install_dir: /var/local/services/dhcp
-  generated: yes
+  generated: true
  cron:
    frequency: "*/2 * * * *"
    options: -q
--- a/group_vars/dovecot.yml
+++ b/group_vars/dovecot.yml
@ -1,3 +1,4 @@
+---
 glob_dovecot:
  ldap:
    uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'adm') | ipv4 | first }}/"
--- a/group_vars/ethercalc.yml
+++ b/group_vars/ethercalc.yml
@ -1,2 +1,3 @@
+---
 glob_ethercalc:
  ip: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
--- a/group_vars/etherpad.yml
+++ b/group_vars/etherpad.yml
@ -1,3 +1,4 @@
+---
 glob_etherpad:
  instances:
    - name: etherpad-lite
--- a/group_vars/firewall.yml
+++ b/group_vars/firewall.yml
@ -1,3 +1,4 @@
+---
 glob_service_firewall:
  name: firewall
  install_dir: /var/local/services/firewall
--- a/group_vars/framadate.yml
+++ b/group_vars/framadate.yml
@ -1,3 +1,4 @@
+---
 glob_framadate:
  contact: contact@crans.org
  automatic_response: no-reply@crans.org
@ -8,4 +9,3 @@ glob_framadate:
  admin_username: framadate
  admin_password: "{{ vault.framadate_password }}"
  db_password: "{{ vault.framadate_password_db }}"
-
--- a/group_vars/horde.yml
+++ b/group_vars/horde.yml
@ -1,3 +1,4 @@
+---
 glob_horde:
  secret: '{{ vault.horde_secret }}'
  imap: imap.adm.crans.org
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@ -8,7 +8,7 @@ glob_keepalived:
    VI_ALL:
      password: "{{ vault.keepalived.password }}"
      id: 60
-      ipv6: yes
+      ipv6: true
      notify: /var/local/services/keepalived/keepalived.py
      zones:
        - vlan: via
--- a/group_vars/mirror_backend.yml
+++ b/group_vars/mirror_backend.yml
@ -1,3 +1,4 @@
+---
 glob_ftpsync:
  root: /mirror/pub
  mirror:
--- a/group_vars/postgres.yml
+++ b/group_vars/postgres.yml
@ -1,3 +1,4 @@
+---
 glob_postgres:
  subnets:
    - 172.16.10.0/24
--- a/group_vars/radvd.yml
+++ b/group_vars/radvd.yml
@ -1 +1,2 @@
+---
 glob_radvd: {}
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@ -1,3 +1,4 @@
+---
 loc_certbot:
  - mail: root@crans.org
    certname: crans.org
--- a/group_vars/roundcube.yml
+++ b/group_vars/roundcube.yml
@ -1,3 +1,4 @@
+---
 glob_roundcube:
  name: Crans
  imap_server: owl.adm.crans.org
--- a/group_vars/rsyncd.yml
+++ b/group_vars/rsyncd.yml
@ -9,4 +9,3 @@ glob_rsyncd:
      path: /pool/mirror/pub/videolan
      comment: VideoLAN repository
      hosts_allow: "*"
-
--- a/group_vars/server/ntp.yml
+++ b/group_vars/server/ntp.yml
@ -1,3 +1,4 @@
+---
 glob_ntp_client:
  servers:
    - ntp.adm.crans.org
--- a/group_vars/sssd.yml
+++ b/group_vars/sssd.yml
@ -1,3 +1,4 @@
+---
 glob_sssd:
  primary:
    domain: tealc.adm.crans.org
--- a/group_vars/thelounge.yml
+++ b/group_vars/thelounge.yml
@ -1,3 +1,4 @@
+---
 glob_thelounge:
  public: "false"
  host: "undefined"
--- a/host_vars/c3po.adm.crans.org.yml
+++ b/host_vars/c3po.adm.crans.org.yml
@ -1,2 +1,3 @@
+---
 interfaces:
  adm: eth0
--- a/host_vars/codichotomie.adm.crans.org.yml
+++ b/host_vars/codichotomie.adm.crans.org.yml
@ -1,3 +1,4 @@
+---
 interfaces:
  adm: eth0
  srv_nat: eth1
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@ -6,5 +6,5 @@ loc_slapd:

 loc_postgres:
  version: 11
-  replica: yes
+  replica: true
  addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@ -79,7 +79,7 @@ loc_inspircd:
        ipv6: fd00::10:ff:fe01:2110/128
      threshold: 10
      commandrate: 10000
-      modes: yes
+      modes: true
  dns: 185.230.79.62
  services:
    name: services.irc.crans.org
@ -87,8 +87,6 @@ loc_inspircd:
    recvpass: "{{ vault.irc_anope_recvpass }}"
    sendpass: "{{ vault.irc_anope_sendpass }}"

-
-
 loc_anope:
  recvpass: "{{ vault.irc_anope_recvpass }}"
  sendpass: "{{ vault.irc_anope_sendpass }}"
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@ -6,5 +6,5 @@ loc_slapd:

 loc_postgres:
  version: 11
-  replica: yes
+  replica: true
  addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
--- a/host_vars/monitoring.adm.crans.org.yml
+++ b/host_vars/monitoring.adm.crans.org.yml
@ -1,3 +1,4 @@
+---
 interfaces:
  adm: eth0
  srv_nat: eth1
@ -89,22 +90,3 @@ loc_prometheus:
          - source_labels: [instance]
            target_label: __address__
            replacement: '$1:3903'
-
-
-#  apache:
-#    targets:
-#    config:
-#      - job_name: apache
-#        file_sd_configs:
-#          - files:
-#            - '/etc/prometheus/targets_apache.json'
-#        relabel_configs:
-#          - source_labels: [__address__]
-#            target_label: instance
-#          - source_labels: [instance]
-#            target_label: __address__
-#            replacement: '$1:9117'
-
-#  bird_targets:
-#    - routeur-sam.adm.crans.org
-
--- a/host_vars/owncloud.adm.crans.org.yml
+++ b/host_vars/owncloud.adm.crans.org.yml
@ -8,4 +8,3 @@ loc_ldap:
  base_dn: "cn=admin,dc=crans,dc=org"
  password: "{{ vault.ldap_master_password }}"
  uri: "ldap://172.16.10.157"
-
--- a/host_vars/routeur-daniel.adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-daniel.adm.crans.org/dhcp.yml
@ -1,9 +1,9 @@
 ---
 loc_dhcp:
-  authoritative: True
+  authoritative: true
  subnets:
    - network: "185.230.78.0/24"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "adh"
      default_lease_time: "600"
      max_lease_time: "7200"
--- a/host_vars/routeur-daniel.adm.crans.org/radvd.yml
+++ b/host_vars/routeur-daniel.adm.crans.org/radvd.yml
@ -1,3 +1,4 @@
+---
 loc_radvd:
  subnets:
    - name: adh
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
@ -1,9 +1,9 @@
 ---
 loc_dhcp:
-  authoritative: True
+  authoritative: true
  subnets:
    - network: "185.230.76.0/26"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "cachan_adh"
      default_lease_time: "600"
      max_lease_time: "7200"
@ -14,7 +14,7 @@ loc_dhcp:
      options: []
      lease_file: "/var/local/services/dhcp/generated/dhcp.cachan-adh.crans.org.list"
    - network: "100.64.0.0/16"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "adh_nat"
      default_lease_time: "600"
      max_lease_time: "7200"
@ -25,7 +25,7 @@ loc_dhcp:
      options: []
      lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
    - network: "172.16.32.0/22"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "infra"
      default_lease_time: "600"
      max_lease_time: "7200"
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
@ -18,7 +18,7 @@ loc_radvd:
        - 2a0c:700:254::ff:fe00:99fe
    - name: infra
      prefix: fd00:0:0:11::/64
-      no_gateway: yes
+      no_gateway: true
      dnssl: infra.crans.org
      dns:
        - fd00::11:0:ff:fe00:9911
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml
@ -8,4 +8,3 @@ interfaces:
  infra: ens1
  zayo: ens2
  federez: enp1s3
-  
--- a/host_vars/routeur-jack.adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-jack.adm.crans.org/dhcp.yml
@ -1,9 +1,9 @@
 ---
 loc_dhcp:
-  authoritative: True
+  authoritative: true
  subnets:
    - network: "185.230.78.0/24"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "adh"
      default_lease_time: "600"
      max_lease_time: "7200"
--- a/host_vars/routeur-jack.adm.crans.org/radvd.yml
+++ b/host_vars/routeur-jack.adm.crans.org/radvd.yml
@ -1,3 +1,4 @@
+---
 loc_radvd:
  subnets:
    - name: adh
--- a/host_vars/routeur-sam.adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-sam.adm.crans.org/dhcp.yml
@ -1,9 +1,9 @@
 ---
 loc_dhcp:
-  authoritative: True
+  authoritative: true
  subnets:
    - network: "185.230.78.0/24"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "adh"
      default_lease_time: "600"
      max_lease_time: "7200"
--- a/host_vars/routeur-sam.adm.crans.org/radvd.yml
+++ b/host_vars/routeur-sam.adm.crans.org/radvd.yml
@ -1,3 +1,4 @@
+---
 loc_radvd:
  subnets:
    - name: adh
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@ -6,5 +6,5 @@ loc_slapd:

 loc_postgres:
  version: 11
-  replica: yes
+  replica: true
  addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@ -1,3 +1,4 @@
+---
 loc_postgres:
  version: 11
  hosts:
@ -22,8 +23,8 @@ loc_postgres:
    - {db: constellation-dev, user: constellation-dev}
    - {db: mailman3, user: mailman3}
    - {db: mailman3web, user: mailman3web}
-    - { db: all, user: all, subnets: ['127.0.0.1/32','::1/128'], local: yes }
-    - { db: replication, user: replication, local: yes }
+    - {db: all, user: all, subnets: ['127.0.0.1/32', '::1/128'], local: true}
+    - {db: replication, user: replication, local: true}
  addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ipaddr('address') }}"
  backup:
    dir: /var/local/db-backup
--- a/host_vars/voyager.adm.crans.org.yml
+++ b/host_vars/voyager.adm.crans.org.yml
@ -1,3 +1,4 @@
+---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/roles/autoconfig/tasks/main.yml
+++ b/roles/autoconfig/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: Create base directory
  file:
    path: "{{ autoconfig.path }}/mail"
--- a/roles/borgbackup-server/tasks/main.yml
+++ b/roles/borgbackup-server/tasks/main.yml
@ -11,9 +11,9 @@

 - name: Create borgbackup user
  user:
-    create_home: yes
+    create_home: true
    home: '/var/lib/borg/'
-    system: yes
+    system: true
    state: present
    update_password: always
    name: borg
--- a/roles/common-tools/tasks/main.yml
+++ b/roles/common-tools/tasks/main.yml
@ -53,7 +53,7 @@
    owner: root
    group: utmp
    mode: '4755'
-  check_mode: no
+  check_mode: false

 - name: Deploy screen tmpfile
  template:
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@ -17,7 +17,7 @@
  git:
    repo: '{{ django_cas.repo }}'
    dest: '{{ django_cas.path }}'
-    force: yes
+    force: true
    version: master
    umask: '002'

--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: Install dovecot
  apt:
    update_cache: true
--- a/roles/etherpad/handlers/main.yml
+++ b/roles/etherpad/handlers/main.yml
@ -4,5 +4,3 @@
    name: "{{ item.name }}"
    state: restarted
  loop: "{{ etherpad.instances }}"
-
-
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@ -44,21 +44,21 @@
    src: /var/www/re2o/freeradius_utils/auth.py
    dest: /etc/freeradius/3.0/auth.py
    state: link
-    force: yes
+    force: true
  notify: Restart freeradius

 - name: Ensure ${certdir}/letsencrypt directory exists
  file:
    path: /etc/freeradius/3.0/certs/letsencrypt
    state: directory
-    recurse: yes
+    recurse: true

 - name: Symlink radius certificates
  file:
    src: /etc/letsencrypt/live/crans.org/{{ item }}
    dest: /etc/freeradius/3.0/certs/letsencrypt/{{ item }}
    state: link
-    force: yes
+    force: true
  loop:
    - fullchain.pem
    - privkey.pem
@ -68,7 +68,7 @@
    path: /etc/letsencrypt/{{ item }}
    group: freerad
    mode: '0755'
-    recurse: yes
+    recurse: true
  loop:
    - live
    - archive
--- a/roles/galene/tasks/main.yml
+++ b/roles/galene/tasks/main.yml
@ -75,8 +75,8 @@
 - name: Enable systemd unit
  systemd:
    name: galene
-    enabled: yes
-    daemon_reload: yes
+    enabled: true
+    daemon_reload: true
    state: started

 - name: Indicate role in motd
--- a/roles/inspircd/tasks/main.yml
+++ b/roles/inspircd/tasks/main.yml
@ -1,6 +1,4 @@
 ---
-#- name: Install InspIRCd
-
 - name: Deploy InspIRCd configuration
  template:
    src: "inspircd/{{ item.dest }}.j2"
--- a/roles/keepalived/tasks/main.yml
+++ b/roles/keepalived/tasks/main.yml
@ -56,4 +56,4 @@
    name: keepalived
    daemon-reload: true
    state: started
-    enabled: yes
+    enabled: true
--- a/roles/linx/tasks/main.yml
+++ b/roles/linx/tasks/main.yml
@ -3,9 +3,9 @@

 - name: Create linx user
  user:
-    create_home: yes
+    create_home: true
    home: /var/lib/linx
-    system: yes
+    system: true
    state: present
    password: "!"
    update_password: always
--- a/roles/nfs-common/tasks/main.yml
+++ b/roles/nfs-common/tasks/main.yml
@ -16,11 +16,10 @@
 - name: Disable and mask rpcbind.service
  systemd:
    name: rpcbind.service
-    enabled: no
-    masked: yes
+    enabled: false
+    masked: true

 - name:
  systemd:
    name: rpcbind.socket
-    masked: yes
-    
+    masked: true
--- a/roles/ntp-server/tasks/main.yml
+++ b/roles/ntp-server/tasks/main.yml
@ -12,7 +12,7 @@
    path: /etc/default/ntp
    regexp: '^NTPD_OPTS'
    line: NTPD_OPTS='-g -x'
-  check_mode: no
+  check_mode: false

 - name: Configure NTP
  template:
--- a/roles/policyd/tasks/main.yml
+++ b/roles/policyd/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: Install policyd-rate-limit
  apt:
    update_cache: true
--- a/roles/prometheus-node-exporter/handlers/main.yml
+++ b/roles/prometheus-node-exporter/handlers/main.yml
@ -6,4 +6,4 @@

 - name: systemctl daemon-reload
  systemd:
-    daemon_reload: yes
+    daemon_reload: true
--- a/roles/prometheus-node-exporter/tasks/main.yml
+++ b/roles/prometheus-node-exporter/tasks/main.yml
@ -40,7 +40,7 @@

 - name: systemctl daemon-reload
  systemd:
-    daemon_reload: yes
+    daemon_reload: true
  when: override.changed

 - name: Activate prometheus-node-exporter service
--- a/roles/re2o-ldap-replica/tasks/main.yml
+++ b/roles/re2o-ldap-replica/tasks/main.yml
@ -103,7 +103,7 @@
    regexp: '^SLAPD_SERVICES='
    line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
  notify: Restart slapd
-  check_mode: no
+  check_mode: false

 - name: Touch installation marker
  when: not installation.stat.exists
--- a/roles/slapd/tasks/main.yml
+++ b/roles/slapd/tasks/main.yml
@ -32,4 +32,4 @@
    regexp: '^SLAPD_SERVICES='
    line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
  notify: Restart slapd
-  check_mode: no
+  check_mode: false
--- a/roles/statping/tasks/main.yml
+++ b/roles/statping/tasks/main.yml
@ -3,13 +3,13 @@
  unarchive:
    src: https://github.com/statping/statping/releases/download/v0.90.74/statping-linux-amd64.tar.gz
    dest: /usr/local/bin/
-    remote_src: yes
+    remote_src: true

 - name: Create statping user
  user:
-    create_home: yes
+    create_home: true
    home: /var/lib/statping
-    system: yes
+    system: true
    state: present
    password: "!"
    update_password: always