Fix yamllint issues

2021-03-05 13:02:55 +01:00 · 2021-03-05 13:02:55 +01:00 · 951dbeb41d
commit 951dbeb41d
parent a93c313704
36 changed files with 85 additions and 88 deletions
--- a/requirements.yml
+++ b/requirements.yml
@ -1,4 +1,4 @@
 ---
 collections:
- name: devsec.hardening
-  version: 7.1.0
+  - name: devsec.hardening
+    version: 7.1.0
--- a/roles/camo/tasks/main.yml
+++ b/roles/camo/tasks/main.yml
@ -47,8 +47,8 @@
  docker_compose:
    state: present
    project_src: "{{ camo_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - camo
  become: true
--- a/roles/codimd/tasks/main.yml
+++ b/roles/codimd/tasks/main.yml
@ -50,7 +50,7 @@
  become: true

 - name: Create data directory
-  file: # noqa 208 # Container adjusts permissions on its own
+  file:  # noqa risky-file-permissions # Container adjusts permissions on its own
    path: "{{ item.location }}"
    state: directory
    setype: "container_file_t"
@ -83,8 +83,8 @@
  docker_compose:
    state: present
    project_src: "{{ codimd_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - codimd
  become: true
--- a/roles/docker_cleanup/tasks/main.yml
+++ b/roles/docker_cleanup/tasks/main.yml
@ -18,7 +18,7 @@

 - name: Prune docker images older than 3 days
  docker_prune:
-    images: yes
+    images: true
    images_filters:
      dangling: false
      until: 72h
--- a/roles/docker_ipv6_nat/tasks/main.yml
+++ b/roles/docker_ipv6_nat/tasks/main.yml
@ -47,8 +47,8 @@
  docker_compose:
    state: present
    project_src: "{{ docker_ipv6_nat_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - docker
    - docker-ipv6-nat
--- a/roles/factorio/tasks/main.yml
+++ b/roles/factorio/tasks/main.yml
@ -72,8 +72,8 @@
  docker_compose:
    state: present
    project_src: "{{ factorio_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - factorio
  become: true
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@ -21,7 +21,7 @@
  package:
    name: "{{ fail2ban_package }}"
    state: "{{ fail2ban_package_state }}"
-  become: yes
+  become: true

 - name: Deploy fail2ban jail config.
  template:
@ -31,11 +31,11 @@
    owner: 'root'
    group: 'root'
  notify: restart fail2ban service
-  become: yes
+  become: true

 - name: Ensure fail2ban service is enabled and started.
  service:
    name: fail2ban
    state: started
-    enabled: yes
-  become: yes
+    enabled: true
+  become: true
--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
@ -45,7 +45,7 @@
  become: true

 - name: Create data directory
-  file: # noqa 208 # Container manages permissions on its own
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    owner: 'root'
@ -76,8 +76,8 @@
  docker_compose:
    state: present
    project_src: "{{ gitlab_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - gitlab
  become: true
--- a/roles/gitlab_runner/tasks/main.yml
+++ b/roles/gitlab_runner/tasks/main.yml
@ -77,8 +77,8 @@
  docker_compose:
    state: present
    project_src: "{{ gitlabrunner_config_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - gitlab-runner
  become: true
--- a/roles/haveged/tasks/main.yml
+++ b/roles/haveged/tasks/main.yml
@ -28,5 +28,5 @@
  service:
    state: started
    name: haveged
-    enabled: yes
+    enabled: true
  become: true
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@ -43,7 +43,7 @@
  become: true

 - name: Create data directory
-  file: # noqa 208 # Container manages permissions on its own
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
@ -71,8 +71,8 @@
  docker_compose:
    state: present
    project_src: "{{ keycloak_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - keycloak
  become: true
--- a/roles/luks_ssh/tasks/main.yml
+++ b/roles/luks_ssh/tasks/main.yml
@ -118,8 +118,8 @@
 - name: Disable rhel-import-state service, so that it doesn not overwrite ifcfg scripts.
  systemd:
    name: "rhel-import-state"
-    enabled: no
-    masked: yes
+    enabled: false
+    masked: true
  become: true
  when:
    - luks_ssh_disable_state_import
--- a/roles/lvm_self_backup/tasks/main.yml
+++ b/roles/lvm_self_backup/tasks/main.yml
@ -69,7 +69,7 @@

 - name: Start & enable backup service timer.
  systemd:
-    daemon_reload: yes
+    daemon_reload: true
    name: backup-lvm.timer
    enabled: '{{ backup_timer_enabled | bool }}'
    state: '{{ backup_timer_state }}'
--- a/roles/mastodon/tasks/main.yml
+++ b/roles/mastodon/tasks/main.yml
@ -44,7 +44,7 @@
  become: true

 - name: Create data directories
-  file: # noqa 208 # Container manages permissions on its own
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
@ -78,7 +78,7 @@
 - name: Check if migration is needed
  command: "grep -q 'tootsuite/mastodon:{{ mastodon_image_version }}' '{{ mastodon_install_location }}/docker-compose.yml'"
  register: mastodon_version_fact
-  ignore_errors: yes
+  ignore_errors: true
  changed_when: mastodon_version_fact.rc > 0
  failed_when: false
  become: true
@ -98,7 +98,7 @@
  docker_compose:
    state: present
    project_src: "{{ mastodon_install_location }}"
-    stopped: yes
+    stopped: true
  tags:
    - docker
    - mastodon
@ -159,8 +159,8 @@
  docker_compose:
    state: present
    project_src: "{{ mastodon_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - docker
    - mastodon
--- a/roles/matrix/handlers/main.yml
+++ b/roles/matrix/handlers/main.yml
@ -24,7 +24,7 @@
      - delegate
    state: present
    project_src: "{{ matrix_install_location }}"
-    restarted: yes
+    restarted: true
  tags:
    - docker
    - matrix
@ -36,7 +36,7 @@
      - appservice-webhooks
    state: present
    project_src: "{{ matrix_install_location }}"
-    restarted: yes
+    restarted: true
  tags:
    - docker
    - matrix
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@ -44,7 +44,7 @@
  become: true

 - name: Create data directory
-  file: # noqa 208 # Container manages permissions on its own
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
@ -176,8 +176,8 @@
  docker_compose:
    state: present
    project_src: "{{ matrix_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - docker
    - matrix
--- a/roles/minecraft/tasks/main.yml
+++ b/roles/minecraft/tasks/main.yml
@ -43,7 +43,7 @@
    - minecraft

 - name: Create data directories
-  file: # noqa 208 # Container manages permissions on its own
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
@ -83,8 +83,8 @@
  docker_compose:
    state: present
    project_src: "{{ minecraft_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - minecraft
  become: true
--- a/roles/minecraft_blockmap/tasks/main.yml
+++ b/roles/minecraft_blockmap/tasks/main.yml
@ -136,7 +136,7 @@

 - name: Start & enable render service timer
  systemd:
-    daemon_reload: yes
+    daemon_reload: true
    name: blockmap-render.timer
    enabled: '{{ minecraft_blockmap_timer_enabled | bool }}'
    state: '{{ minecraft_blockmap_timer_state }}'
@ -146,8 +146,8 @@
  docker_compose:
    state: present
    project_src: "{{ minecraft_blockmap_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - blockmap
  become: true
--- a/roles/minio/tasks/main.yml
+++ b/roles/minio/tasks/main.yml
@ -89,8 +89,8 @@
  docker_compose:
    state: present
    project_src: "{{ minio_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - minio
  become: true
--- a/roles/moby_engine/handlers/main.yml
+++ b/roles/moby_engine/handlers/main.yml
@ -21,7 +21,7 @@
  service:
    name: "docker"
    state: "{{ moby_engine_docker_restart_handler_state }}"
-  become: yes
+  become: true

 - name: Regenerate grub config BIOS
  command: grub2-mkconfig -o  /etc/grub2.cfg
--- a/roles/monitoring/tasks/influxdb/database.yml
+++ b/roles/monitoring/tasks/influxdb/database.yml
@ -24,11 +24,11 @@
    login_password: "{{ monitoring_influxdb_admin_password }}"
    hostname: "{{ monitoring_influxdb_domain }}"
    port: 443
-    ssl: yes
-    validate_certs: yes
+    ssl: true
+    validate_certs: true
    database_name: "{{ database.name }}"
  delegate_to: 127.0.0.1
-  no_log: True
+  no_log: true

 - name: Create retention policies
  influxdb_retention_policy:
@ -36,8 +36,8 @@
    login_password: "{{ monitoring_influxdb_admin_password }}"
    hostname: "{{ monitoring_influxdb_domain }}"
    port: 443
-    ssl: yes
-    validate_certs: yes
+    ssl: true
+    validate_certs: true
    database_name: "{{ database.name }}"
    policy_name: "{{ policy.name }}"
    duration: "{{ policy.duration }}"
--- a/roles/monitoring/tasks/influxdb/main.yml
+++ b/roles/monitoring/tasks/influxdb/main.yml
@ -24,13 +24,13 @@
    login_password: "{{ monitoring_influxdb_admin_password }}"
    hostname: "{{ monitoring_influxdb_domain }}"
    port: 443
-    ssl: yes
-    validate_certs: yes
+    ssl: true
+    validate_certs: true
    user_name: "{{ monitoring_influxdb_admin_username }}"
    user_password: "{{ monitoring_influxdb_admin_password }}"
-    admin: yes
+    admin: true
  delegate_to: 127.0.0.1
-  no_log: True
+  no_log: true

 - name: Configure databases
  include: database.yml
@ -45,11 +45,11 @@
    login_password: "{{ monitoring_influxdb_admin_password }}"
    hostname: "{{ monitoring_influxdb_domain }}"
    port: 443
-    ssl: yes
-    validate_certs: yes
+    ssl: true
+    validate_certs: true
    user_name: "{{ item.username }}"
    user_password: "{{ item.password }}"
    grants: "{{ item.grants }}"
  loop: "{{ monitoring_influxdb_users }}"
  delegate_to: 127.0.0.1
-  no_log: True
+  no_log: true
--- a/roles/monitoring/tasks/main.yml
+++ b/roles/monitoring/tasks/main.yml
@ -76,8 +76,8 @@
  docker_compose:
    state: present
    project_src: "{{ monitoring_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  register: monitoring_compose
  become: true

--- a/roles/owncast/handlers/main.yml
+++ b/roles/owncast/handlers/main.yml
@ -24,7 +24,7 @@
      - owncast
    state: present
    project_src: "{{ owncast_install_location }}"
-    restarted: yes
+    restarted: true
  tags:
    - docker
    - owncast
--- a/roles/owncast/tasks/main.yml
+++ b/roles/owncast/tasks/main.yml
@ -81,8 +81,8 @@
  docker_compose:
    state: present
    project_src: "{{ owncast_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - owncast
  become: true
--- a/roles/penpot/tasks/main.yml
+++ b/roles/penpot/tasks/main.yml
@ -40,7 +40,7 @@
  become: true

 - name: Create data directories
-  file: # noqa 208 # Container manages permissions on its own
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
@ -66,8 +66,8 @@
  docker_compose:
    state: present
    project_src: "{{ penpot_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - docker
    - penpot
--- a/roles/ssh/handlers/main.yml
+++ b/roles/ssh/handlers/main.yml
@ -20,5 +20,3 @@
 - name: Reload firewalld
  command: "firewall-cmd --reload"
  become: true
-
-
--- a/roles/static_websites/tasks/main.yml
+++ b/roles/static_websites/tasks/main.yml
@ -49,8 +49,8 @@
  docker_compose:
    state: present
    project_src: "{{ static_websites_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  become: true
  when:
    - static_websites | length > 0
--- a/roles/teamspeak/tasks/main.yml
+++ b/roles/teamspeak/tasks/main.yml
@ -41,7 +41,7 @@
  become: true

 - name: Create data directory
-  file: # noqa 208 # Container manages permissions on its own
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
@ -69,8 +69,8 @@
  docker_compose:
    state: present
    project_src: "{{ teamspeak_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - docker
    - teamspeak
--- a/roles/telegraf/handlers/main.yml
+++ b/roles/telegraf/handlers/main.yml
@ -19,6 +19,6 @@

 - name: Restart telegraf
  docker_compose:
-    project_src:  "{{ telegraf_install_location }}"
-    restarted: yes
+    project_src: "{{ telegraf_install_location }}"
+    restarted: true
  become: true
--- a/roles/telegraf/tasks/main.yml
+++ b/roles/telegraf/tasks/main.yml
@ -73,6 +73,6 @@
  docker_compose:
    state: present
    project_src: "{{ telegraf_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  become: true
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@ -73,7 +73,7 @@
 - name: Create ipv6 frontend network
  docker_network:
    name: "{{ traefik_ipv6.name }}"
-    enable_ipv6: yes
+    enable_ipv6: true
    ipam_config:
      - subnet: "{{ traefik_ipv6.subnet }}"
  become: true
@ -129,8 +129,8 @@
  docker_compose:
    state: present
    project_src: "{{ traefik_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  become: true

 - name: Read tor hostname
--- a/roles/ts3audiobot/tasks/main.yml
+++ b/roles/ts3audiobot/tasks/main.yml
@ -72,8 +72,8 @@
  docker_compose:
    state: present
    project_src: "{{ ts3audiobot_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - docker
    - ts3audiobot
--- a/roles/unicorns_website/tasks/main.yml
+++ b/roles/unicorns_website/tasks/main.yml
@ -42,7 +42,7 @@
  become: true

 - name: Create data directory
-  file: # noqa 208 # Container manages permissions on its own
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
@ -79,8 +79,8 @@
  docker_compose:
    state: present
    project_src: "{{ unicorns_website_install_location }}"
-    pull: yes
-    remove_orphans: yes
+    pull: true
+    remove_orphans: true
  tags:
    - docker
  become: true
--- a/ssh.yml
+++ b/ssh.yml
@ -26,4 +26,3 @@
      become: true
    - role: epel
    - role: fail2ban
-
--- a/unicorns_website.yml
+++ b/unicorns_website.yml
@ -30,7 +30,7 @@
        registry: registry.git.saibotk.de
        username: "{{ unicorns_website_registry_username }}"
        password: "{{ unicorns_website_registry_password }}"
-        reauthorize: yes
+        reauthorize: true
      changed_when: false
      become: true