diff --git a/requirements.yml b/requirements.yml index 92af358..fd88446 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,4 @@ --- collections: -- name: devsec.hardening - version: 7.1.0 + - name: devsec.hardening + version: 7.1.0 diff --git a/roles/camo/tasks/main.yml b/roles/camo/tasks/main.yml index 5d7170e..0380406 100644 --- a/roles/camo/tasks/main.yml +++ b/roles/camo/tasks/main.yml @@ -47,8 +47,8 @@ docker_compose: state: present project_src: "{{ camo_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - camo become: true diff --git a/roles/codimd/tasks/main.yml b/roles/codimd/tasks/main.yml index 3f26012..0ba6288 100644 --- a/roles/codimd/tasks/main.yml +++ b/roles/codimd/tasks/main.yml @@ -50,7 +50,7 @@ become: true - name: Create data directory - file: # noqa 208 # Container adjusts permissions on its own + file: # noqa risky-file-permissions # Container adjusts permissions on its own path: "{{ item.location }}" state: directory setype: "container_file_t" @@ -83,8 +83,8 @@ docker_compose: state: present project_src: "{{ codimd_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - codimd become: true diff --git a/roles/docker_cleanup/tasks/main.yml b/roles/docker_cleanup/tasks/main.yml index 8488a02..aba5156 100644 --- a/roles/docker_cleanup/tasks/main.yml +++ b/roles/docker_cleanup/tasks/main.yml @@ -18,7 +18,7 @@ - name: Prune docker images older than 3 days docker_prune: - images: yes + images: true images_filters: dangling: false until: 72h diff --git a/roles/docker_ipv6_nat/tasks/main.yml b/roles/docker_ipv6_nat/tasks/main.yml index 3088d88..3924842 100644 --- a/roles/docker_ipv6_nat/tasks/main.yml +++ b/roles/docker_ipv6_nat/tasks/main.yml @@ -47,8 +47,8 @@ docker_compose: state: present project_src: "{{ docker_ipv6_nat_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - docker - docker-ipv6-nat diff --git a/roles/factorio/tasks/main.yml b/roles/factorio/tasks/main.yml index 8007773..f7d1806 100644 --- a/roles/factorio/tasks/main.yml +++ b/roles/factorio/tasks/main.yml @@ -72,8 +72,8 @@ docker_compose: state: present project_src: "{{ factorio_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - factorio become: true diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml index a61d1df..4108edc 100644 --- a/roles/fail2ban/tasks/main.yml +++ b/roles/fail2ban/tasks/main.yml @@ -21,7 +21,7 @@ package: name: "{{ fail2ban_package }}" state: "{{ fail2ban_package_state }}" - become: yes + become: true - name: Deploy fail2ban jail config. template: @@ -31,11 +31,11 @@ owner: 'root' group: 'root' notify: restart fail2ban service - become: yes + become: true - name: Ensure fail2ban service is enabled and started. service: name: fail2ban state: started - enabled: yes - become: yes + enabled: true + become: true diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml index 457ae4e..3a29da4 100644 --- a/roles/gitlab/tasks/main.yml +++ b/roles/gitlab/tasks/main.yml @@ -45,7 +45,7 @@ become: true - name: Create data directory - file: # noqa 208 # Container manages permissions on its own + file: # noqa risky-file-permissions # Container manages permissions on its own path: "{{ item }}" state: directory owner: 'root' @@ -76,8 +76,8 @@ docker_compose: state: present project_src: "{{ gitlab_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - gitlab become: true diff --git a/roles/gitlab_runner/tasks/main.yml b/roles/gitlab_runner/tasks/main.yml index fd32cfc..98f4b89 100644 --- a/roles/gitlab_runner/tasks/main.yml +++ b/roles/gitlab_runner/tasks/main.yml @@ -77,8 +77,8 @@ docker_compose: state: present project_src: "{{ gitlabrunner_config_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - gitlab-runner become: true diff --git a/roles/haveged/tasks/main.yml b/roles/haveged/tasks/main.yml index 1629b35..ca9c717 100644 --- a/roles/haveged/tasks/main.yml +++ b/roles/haveged/tasks/main.yml @@ -28,5 +28,5 @@ service: state: started name: haveged - enabled: yes + enabled: true become: true diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 18e204b..cf711cd 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -43,7 +43,7 @@ become: true - name: Create data directory - file: # noqa 208 # Container manages permissions on its own + file: # noqa risky-file-permissions # Container manages permissions on its own path: "{{ item }}" state: directory setype: "container_file_t" @@ -71,8 +71,8 @@ docker_compose: state: present project_src: "{{ keycloak_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - keycloak become: true diff --git a/roles/luks_ssh/tasks/main.yml b/roles/luks_ssh/tasks/main.yml index 691a861..051d5cd 100644 --- a/roles/luks_ssh/tasks/main.yml +++ b/roles/luks_ssh/tasks/main.yml @@ -118,8 +118,8 @@ - name: Disable rhel-import-state service, so that it doesn not overwrite ifcfg scripts. systemd: name: "rhel-import-state" - enabled: no - masked: yes + enabled: false + masked: true become: true when: - luks_ssh_disable_state_import diff --git a/roles/lvm_self_backup/tasks/main.yml b/roles/lvm_self_backup/tasks/main.yml index 0f00da6..cfff9c8 100644 --- a/roles/lvm_self_backup/tasks/main.yml +++ b/roles/lvm_self_backup/tasks/main.yml @@ -69,7 +69,7 @@ - name: Start & enable backup service timer. systemd: - daemon_reload: yes + daemon_reload: true name: backup-lvm.timer enabled: '{{ backup_timer_enabled | bool }}' state: '{{ backup_timer_state }}' diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 070ea68..c026811 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -44,7 +44,7 @@ become: true - name: Create data directories - file: # noqa 208 # Container manages permissions on its own + file: # noqa risky-file-permissions # Container manages permissions on its own path: "{{ item }}" state: directory setype: "container_file_t" @@ -78,7 +78,7 @@ - name: Check if migration is needed command: "grep -q 'tootsuite/mastodon:{{ mastodon_image_version }}' '{{ mastodon_install_location }}/docker-compose.yml'" register: mastodon_version_fact - ignore_errors: yes + ignore_errors: true changed_when: mastodon_version_fact.rc > 0 failed_when: false become: true @@ -98,7 +98,7 @@ docker_compose: state: present project_src: "{{ mastodon_install_location }}" - stopped: yes + stopped: true tags: - docker - mastodon @@ -159,8 +159,8 @@ docker_compose: state: present project_src: "{{ mastodon_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - docker - mastodon diff --git a/roles/matrix/handlers/main.yml b/roles/matrix/handlers/main.yml index 3aab024..92d8564 100644 --- a/roles/matrix/handlers/main.yml +++ b/roles/matrix/handlers/main.yml @@ -24,7 +24,7 @@ - delegate state: present project_src: "{{ matrix_install_location }}" - restarted: yes + restarted: true tags: - docker - matrix @@ -36,7 +36,7 @@ - appservice-webhooks state: present project_src: "{{ matrix_install_location }}" - restarted: yes + restarted: true tags: - docker - matrix diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml index e75ed60..54c9b68 100644 --- a/roles/matrix/tasks/main.yml +++ b/roles/matrix/tasks/main.yml @@ -44,7 +44,7 @@ become: true - name: Create data directory - file: # noqa 208 # Container manages permissions on its own + file: # noqa risky-file-permissions # Container manages permissions on its own path: "{{ item }}" state: directory setype: "container_file_t" @@ -176,8 +176,8 @@ docker_compose: state: present project_src: "{{ matrix_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - docker - matrix diff --git a/roles/minecraft/tasks/main.yml b/roles/minecraft/tasks/main.yml index 23e5d84..96d79ae 100644 --- a/roles/minecraft/tasks/main.yml +++ b/roles/minecraft/tasks/main.yml @@ -43,7 +43,7 @@ - minecraft - name: Create data directories - file: # noqa 208 # Container manages permissions on its own + file: # noqa risky-file-permissions # Container manages permissions on its own path: "{{ item }}" state: directory setype: "container_file_t" @@ -83,8 +83,8 @@ docker_compose: state: present project_src: "{{ minecraft_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - minecraft become: true diff --git a/roles/minecraft_blockmap/tasks/main.yml b/roles/minecraft_blockmap/tasks/main.yml index 677daa2..54ceb52 100644 --- a/roles/minecraft_blockmap/tasks/main.yml +++ b/roles/minecraft_blockmap/tasks/main.yml @@ -136,7 +136,7 @@ - name: Start & enable render service timer systemd: - daemon_reload: yes + daemon_reload: true name: blockmap-render.timer enabled: '{{ minecraft_blockmap_timer_enabled | bool }}' state: '{{ minecraft_blockmap_timer_state }}' @@ -146,8 +146,8 @@ docker_compose: state: present project_src: "{{ minecraft_blockmap_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - blockmap become: true diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 93edb05..a8c8169 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -89,8 +89,8 @@ docker_compose: state: present project_src: "{{ minio_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - minio become: true diff --git a/roles/moby_engine/handlers/main.yml b/roles/moby_engine/handlers/main.yml index 15a8aa9..7c6b458 100644 --- a/roles/moby_engine/handlers/main.yml +++ b/roles/moby_engine/handlers/main.yml @@ -21,7 +21,7 @@ service: name: "docker" state: "{{ moby_engine_docker_restart_handler_state }}" - become: yes + become: true - name: Regenerate grub config BIOS command: grub2-mkconfig -o /etc/grub2.cfg diff --git a/roles/monitoring/tasks/influxdb/database.yml b/roles/monitoring/tasks/influxdb/database.yml index e680cc1..8944c85 100644 --- a/roles/monitoring/tasks/influxdb/database.yml +++ b/roles/monitoring/tasks/influxdb/database.yml @@ -24,11 +24,11 @@ login_password: "{{ monitoring_influxdb_admin_password }}" hostname: "{{ monitoring_influxdb_domain }}" port: 443 - ssl: yes - validate_certs: yes + ssl: true + validate_certs: true database_name: "{{ database.name }}" delegate_to: 127.0.0.1 - no_log: True + no_log: true - name: Create retention policies influxdb_retention_policy: @@ -36,8 +36,8 @@ login_password: "{{ monitoring_influxdb_admin_password }}" hostname: "{{ monitoring_influxdb_domain }}" port: 443 - ssl: yes - validate_certs: yes + ssl: true + validate_certs: true database_name: "{{ database.name }}" policy_name: "{{ policy.name }}" duration: "{{ policy.duration }}" diff --git a/roles/monitoring/tasks/influxdb/main.yml b/roles/monitoring/tasks/influxdb/main.yml index fc53d86..3b23079 100644 --- a/roles/monitoring/tasks/influxdb/main.yml +++ b/roles/monitoring/tasks/influxdb/main.yml @@ -24,13 +24,13 @@ login_password: "{{ monitoring_influxdb_admin_password }}" hostname: "{{ monitoring_influxdb_domain }}" port: 443 - ssl: yes - validate_certs: yes + ssl: true + validate_certs: true user_name: "{{ monitoring_influxdb_admin_username }}" user_password: "{{ monitoring_influxdb_admin_password }}" - admin: yes + admin: true delegate_to: 127.0.0.1 - no_log: True + no_log: true - name: Configure databases include: database.yml @@ -45,11 +45,11 @@ login_password: "{{ monitoring_influxdb_admin_password }}" hostname: "{{ monitoring_influxdb_domain }}" port: 443 - ssl: yes - validate_certs: yes + ssl: true + validate_certs: true user_name: "{{ item.username }}" user_password: "{{ item.password }}" grants: "{{ item.grants }}" loop: "{{ monitoring_influxdb_users }}" delegate_to: 127.0.0.1 - no_log: True + no_log: true diff --git a/roles/monitoring/tasks/main.yml b/roles/monitoring/tasks/main.yml index 424421e..a9bdd96 100644 --- a/roles/monitoring/tasks/main.yml +++ b/roles/monitoring/tasks/main.yml @@ -76,8 +76,8 @@ docker_compose: state: present project_src: "{{ monitoring_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true register: monitoring_compose become: true diff --git a/roles/owncast/handlers/main.yml b/roles/owncast/handlers/main.yml index 705aec0..9459443 100644 --- a/roles/owncast/handlers/main.yml +++ b/roles/owncast/handlers/main.yml @@ -24,7 +24,7 @@ - owncast state: present project_src: "{{ owncast_install_location }}" - restarted: yes + restarted: true tags: - docker - owncast diff --git a/roles/owncast/tasks/main.yml b/roles/owncast/tasks/main.yml index ecfb864..b88ff94 100644 --- a/roles/owncast/tasks/main.yml +++ b/roles/owncast/tasks/main.yml @@ -81,8 +81,8 @@ docker_compose: state: present project_src: "{{ owncast_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - owncast become: true diff --git a/roles/penpot/tasks/main.yml b/roles/penpot/tasks/main.yml index a192e16..071c1a0 100644 --- a/roles/penpot/tasks/main.yml +++ b/roles/penpot/tasks/main.yml @@ -40,7 +40,7 @@ become: true - name: Create data directories - file: # noqa 208 # Container manages permissions on its own + file: # noqa risky-file-permissions # Container manages permissions on its own path: "{{ item }}" state: directory setype: "container_file_t" @@ -66,8 +66,8 @@ docker_compose: state: present project_src: "{{ penpot_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - docker - penpot diff --git a/roles/ssh/handlers/main.yml b/roles/ssh/handlers/main.yml index 9aac13f..7cd9d19 100644 --- a/roles/ssh/handlers/main.yml +++ b/roles/ssh/handlers/main.yml @@ -20,5 +20,3 @@ - name: Reload firewalld command: "firewall-cmd --reload" become: true - - diff --git a/roles/static_websites/tasks/main.yml b/roles/static_websites/tasks/main.yml index bbd34d8..0af1fe4 100644 --- a/roles/static_websites/tasks/main.yml +++ b/roles/static_websites/tasks/main.yml @@ -49,8 +49,8 @@ docker_compose: state: present project_src: "{{ static_websites_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true become: true when: - static_websites | length > 0 diff --git a/roles/teamspeak/tasks/main.yml b/roles/teamspeak/tasks/main.yml index 14c82ea..23ec1f0 100644 --- a/roles/teamspeak/tasks/main.yml +++ b/roles/teamspeak/tasks/main.yml @@ -41,7 +41,7 @@ become: true - name: Create data directory - file: # noqa 208 # Container manages permissions on its own + file: # noqa risky-file-permissions # Container manages permissions on its own path: "{{ item }}" state: directory setype: "container_file_t" @@ -69,8 +69,8 @@ docker_compose: state: present project_src: "{{ teamspeak_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - docker - teamspeak diff --git a/roles/telegraf/handlers/main.yml b/roles/telegraf/handlers/main.yml index 824f33e..5c57e87 100644 --- a/roles/telegraf/handlers/main.yml +++ b/roles/telegraf/handlers/main.yml @@ -19,6 +19,6 @@ - name: Restart telegraf docker_compose: - project_src: "{{ telegraf_install_location }}" - restarted: yes + project_src: "{{ telegraf_install_location }}" + restarted: true become: true diff --git a/roles/telegraf/tasks/main.yml b/roles/telegraf/tasks/main.yml index 7de0ab6..4262205 100644 --- a/roles/telegraf/tasks/main.yml +++ b/roles/telegraf/tasks/main.yml @@ -73,6 +73,6 @@ docker_compose: state: present project_src: "{{ telegraf_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true become: true diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index d1327a3..4af5382 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -73,7 +73,7 @@ - name: Create ipv6 frontend network docker_network: name: "{{ traefik_ipv6.name }}" - enable_ipv6: yes + enable_ipv6: true ipam_config: - subnet: "{{ traefik_ipv6.subnet }}" become: true @@ -129,8 +129,8 @@ docker_compose: state: present project_src: "{{ traefik_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true become: true - name: Read tor hostname diff --git a/roles/ts3audiobot/tasks/main.yml b/roles/ts3audiobot/tasks/main.yml index c429073..4750460 100644 --- a/roles/ts3audiobot/tasks/main.yml +++ b/roles/ts3audiobot/tasks/main.yml @@ -72,8 +72,8 @@ docker_compose: state: present project_src: "{{ ts3audiobot_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - docker - ts3audiobot diff --git a/roles/unicorns_website/tasks/main.yml b/roles/unicorns_website/tasks/main.yml index 4ce374b..35fd01e 100644 --- a/roles/unicorns_website/tasks/main.yml +++ b/roles/unicorns_website/tasks/main.yml @@ -42,7 +42,7 @@ become: true - name: Create data directory - file: # noqa 208 # Container manages permissions on its own + file: # noqa risky-file-permissions # Container manages permissions on its own path: "{{ item }}" state: directory setype: "container_file_t" @@ -79,8 +79,8 @@ docker_compose: state: present project_src: "{{ unicorns_website_install_location }}" - pull: yes - remove_orphans: yes + pull: true + remove_orphans: true tags: - docker become: true diff --git a/ssh.yml b/ssh.yml index 422c8cf..2602890 100644 --- a/ssh.yml +++ b/ssh.yml @@ -26,4 +26,3 @@ become: true - role: epel - role: fail2ban - diff --git a/unicorns_website.yml b/unicorns_website.yml index 14b8180..4771985 100644 --- a/unicorns_website.yml +++ b/unicorns_website.yml @@ -30,7 +30,7 @@ registry: registry.git.saibotk.de username: "{{ unicorns_website_registry_username }}" password: "{{ unicorns_website_registry_password }}" - reauthorize: yes + reauthorize: true changed_when: false become: true