format: Satisfy ansible-lint

This patch makes minor formatting adjustments & adds handlers to mastodon where appropriate to satisfy ansible-lint.
2021-09-14 01:45:22 +02:00 · 2021-09-14 01:45:22 +02:00 · db8aeefacb
commit db8aeefacb
parent eda6169ed1
13 changed files with 69 additions and 50 deletions
--- a/playbooks/mailcow.yml
+++ b/playbooks/mailcow.yml
@ -28,6 +28,7 @@
        name: "Backup mailcow daily"
        minute: "5"
        hour: "3"
+        # yamllint disable-line rule:line-length
        job: "MAILCOW_BACKUP_LOCATION=/srv/mailcow-backups /srv/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all --delete-days 2 2>&1 | /usr/bin/logger -t mailcow_data_backup"
      become: true
 # Manual steps:
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@ -68,4 +68,4 @@ docker_python_virtualenv_package_state: "present"
 # The pip package name of the docker library
 docker_pip_package: "docker"
 docker_pip_package_state: "present"
-docker_pip_package_version: "{{ omit }}" # This will be omitted by default, so the latest version will be installed.
+docker_pip_package_version: "{{ omit }}"  # This will be omitted by default, so the latest version will be installed.
--- a/roles/gitlab/defaults/main.yml
+++ b/roles/gitlab/defaults/main.yml
@ -58,7 +58,7 @@ gitlab_smtp_address: smtp.example.com
 gitlab_smtp_port: 465
 gitlab_smtp_user_name: 'gitlab@example.com'
 gitlab_smtp_password: "{{ lookup('passwordstore',  gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
-gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
+gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}"  # There was a typo in the config option name, this makes sure it's falling back properly
 gitlab_email_from: "{{ gitlab_smtp_user_name }}"
 gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"

@ -69,8 +69,9 @@ gitlab_libravatar_ssl: "seccdn.libravatar.org"
 # CSP settings
 gitlab_csp:
  img_src: 'https:'
-  #frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
-  #script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
+  # yamllint disable-line rule:line-length
+  # frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
+  # script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"

 # SAML settings
 gitlab_saml:
--- a/roles/gitlab_runner/defaults/main.yml
+++ b/roles/gitlab_runner/defaults/main.yml
@ -39,17 +39,20 @@ gitlabrunner_extra_volumes: []
 # The maximum overall concurrent running jobs. This is the most upper limit of number of jobs using all defined runners, local and autoscale.
 gitlabrunner_concurrent: 1

-# The interval in seconds, to check for available jobs. (0 means default value is used. See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works)
+# The interval in seconds, to check for available jobs. (0 means default value is used.
+# See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works)
 gitlabrunner_check_interval: 0

 # This is used to define all the runners, that may be served by this gitlab-runner
+# !! YOU WILL NEED TO ADJUST THIS! BELOW IS A FULL EXAMPLE!
 gitlabrunner_runners:
    # The URL of the instance that this runner should be associated with
  - gitlab_url: https://gitlab.example.com

    # The token that you received when registering the runner (not the register token!!!)
    # Register a runner first to obtain a token: https://docs.gitlab.com/runner/register/index.html#docker
-    # Can be done via the API and the registration token: eg. `curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token=<registration_token>"`
+    # Can be done via the API and the registration token:
+    # curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token=<registration_token>"
    gitlab_token:

    # The name of the runner
@ -82,15 +85,22 @@ gitlabrunner_runners:

    # The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
    # This for example are parameters for the Hetzner driver (but remember, that this will need the hetzner docker-machine plugin)
+    # The options can also be omitted if you do not need any.
    machine_options:
-      hetzner-api-token: "TOKENHERE" # The Hetzner specific API token
-      hetzner-image: "debian-10" # The image that should be used for new machines
-      hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
-      hetzner-server-location: "fsn1" # The server location to use for a new machine
+      # The Hetzner specific API token
+      hetzner-api-token: "TOKENHERE"
+      # The image that should be used for new machines
+      hetzner-image: "debian-10"
+      # The server type (the hardware configuration) to use for a new machine
+      hetzner-server-type: "cx11"
+      # The server location to use for a new machine
+      hetzner-server-location: "fsn1"

-    # S3 Runner cache configuration to improve performance between runs (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)
-    # cache_s3:
-    #   server: s3.example.com
-    #   access_key: ""
-    #   secret_key: ""
-    #   bucket: "runner"
+    # S3 Runner cache configuration to improve performance between runs
+    # (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)
+    # The options can also be omitted if you do not want to configure a cache
+    cache_s3:
+      server: s3.example.com
+      access_key: ""
+      secret_key: ""
+      bucket: "runner"
--- a/roles/mastodon/handlers/main.yml
+++ b/roles/mastodon/handlers/main.yml
@ -0,0 +1,15 @@
+---
+# Handlers file for the mastodon role
+
+- name: Pull mastodon image
+  docker_image:
+    name: "docker.io/tootsuite/mastodon:{{ mastodon_image_version }}"
+    source: pull
+  become: true
+
+- name: Stop mastodon for upgrade
+  docker_compose:
+    state: present
+    project_src: "{{ mastodon_install_location }}"
+    stopped: true
+  become: true
--- a/roles/mastodon/tasks/main.yml
+++ b/roles/mastodon/tasks/main.yml
@ -82,29 +82,10 @@
  changed_when: mastodon_version_fact.rc > 0
  failed_when: false
  become: true
+  notify: ["Pull mastodon image", "Stop mastodon for upgrade"]

- name: Pull an mastodon image
-  docker_image:
-    name: "docker.io/tootsuite/mastodon:{{ mastodon_image_version }}"
-    source: pull
-  become: true
-  tags:
-    - docker
-    - mastodon
-  when:
-    - mastodon_version_fact is changed
-
- name: Stop mastodon for upgrade
-  docker_compose:
-    state: present
-    project_src: "{{ mastodon_install_location }}"
-    stopped: true
-  tags:
-    - docker
-    - mastodon
-  become: true
-  when:
-    - mastodon_version_fact is changed
+- name: Immediately run / flush Ansible handlers
+  meta: "flush_handlers"

 - name: Deploy config
  template:
@ -134,6 +115,7 @@
  args:
    chdir: "{{ mastodon_install_location }}"
  when:
+    # noqa no-handler
    - mastodon_version_fact is changed
  tags:
    - docker
@ -147,6 +129,7 @@
  args:
    chdir: "{{ mastodon_install_location }}"
  when:
+    # noqa no-handler
    - mastodon_version_fact is changed
  tags:
    - docker
--- a/roles/matrix/defaults/main.yml
+++ b/roles/matrix/defaults/main.yml
@ -34,7 +34,8 @@ matrix_traefik_certresolver: letsencrypt_http
 matrix_synapse_servername: matrix.example.com
 matrix_synapse_domain: "{{ matrix_synapse_servername }}"

-# Additional synapse ENV options (keys will automatically be prefixed with SYNAPSE_) see https://github.com/matrix-org/synapse/tree/develop/docker#generating-a-configuration-file
+# Additional synapse ENV options (keys will automatically be prefixed with SYNAPSE_)
+# see https://github.com/matrix-org/synapse/tree/develop/docker#generating-a-configuration-file
 # Note: Some keys are needed for generating the initial config file like "SYNAPSE_REPORT_STATS" and "SYNAPSE_SERVER_NAME"!
 matrix_synapse_options: {}

--- a/roles/minecraft/defaults/main.yml
+++ b/roles/minecraft/defaults/main.yml
@ -34,7 +34,7 @@ minecraft_rcon_certresolver: letsencrypt_http
 minecraft_rcon_domain: minecraft.example.com

 # Should the RCON webinterface be deployed?
-minecraft_enable_rcon_web: False
+minecraft_enable_rcon_web: false

 # The RCON password
 minecraft_rcon_password: "CHANGEME"
--- a/roles/minecraft_blockmap/defaults/main.yml
+++ b/roles/minecraft_blockmap/defaults/main.yml
@ -43,8 +43,9 @@ minecraft_blockmap_timer_enabled: true
 minecraft_blockmap_timer_state: 'started'

 # The input location, where the world resides in, that should be rendered.
-# ! NOTE: This is relative to the lvm volume root (eg. a volume covering `/srv` will result in an input path `/minecraft/data/WORLDNAME` if a minecraft server is installed under /srv/minecraft)
-# minecraft_blockmap_input_location: "/YOUR/PATH/TO/MC_WORLD"
+# ! NOTE: This is relative to the lvm volume root
+# (eg. a volume covering `/srv` will result in an input path `/minecraft/data/WORLDNAME` if a minecraft server is installed under /srv/minecraft)
+minecraft_blockmap_input_location:

 # Additional parameters, that should be passed to the blockmap-cli
 minecraft_blockmap_parameters: ""
--- a/roles/moby_engine/tasks/Fedora-32.yml
+++ b/roles/moby_engine/tasks/Fedora-32.yml
@ -33,7 +33,7 @@

 - name: Check if line is present
  shell: cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT
-  changed_when: False
+  changed_when: false
  ignore_errors: true
  register: moby_engine_grub_default

--- a/roles/monitoring/tasks/main.yml
+++ b/roles/monitoring/tasks/main.yml
@ -85,6 +85,7 @@
  wait_for:
    timeout: 30
  delegate_to: localhost
+  # noqa no-handler
  when: monitoring_compose is changed

 - name: Include influxdb management
--- a/roles/telegraf/defaults/main.yml
+++ b/roles/telegraf/defaults/main.yml
@ -44,14 +44,14 @@ telegraf_influxdb_retention_policy_tag: ""
 # Telegraf agent configuration (see https://docs.influxdata.com/telegraf/v1.15/administration/configuration/)
 telegraf_agent_hostname: "{{ ansible_fqdn }}"
 telegraf_agent_interval: 10
-telegraf_agent_debug: False
+telegraf_agent_debug: false
 telegraf_agent_round_interval: true
 telegraf_agent_flush_interval: 10
 telegraf_agent_flush_jitter: 5
 telegraf_agent_collection_jitter: 5
 telegraf_agent_metric_batch_size: 2000
 telegraf_agent_metric_buffer_limit: 1000000
-telegraf_agent_omit_hostname: False
+telegraf_agent_omit_hostname: false

 # The telegraf config's [global_tags] section (see https://docs.influxdata.com/telegraf/v1.15/administration/configuration/)
 telegraf_global_tags: []
--- a/roles/traefik/defaults/main.yml
+++ b/roles/traefik/defaults/main.yml
@ -50,10 +50,16 @@ traefik_docker_bridge_name: docker-proxy
 # which results in the containers only seeing clients connecting with the internal network IPv4 gateway address.
 traefik_ipv6:
  enabled: false
-  firewall_rules_enabled: false # This controls, if iptable rules should be deployed, to forward incoming traffic from 80/443 with a destination of the specified IP (traefik's IP). TL;DR: Should IPv6 traffic be forwarded/allowed to traefik.
-  subnet: "{{ ansible_default_ipv6.address | ipsubnet(64) | ipsubnet(80, 51966) }}" # The subnet that should be used. Usually has to have a size of at least `/80` (see https://web.archive.org/web/20181113104036/https://docs.docker.com/v17.06/engine/userguide/networking/default_network/ipv6/#docker-ipv6-cluster)
-  ip_addr: "{{ ansible_default_ipv6.address | ipsubnet(64) | ipsubnet(80, 51966) | ipaddr('2') | ipaddr('address') }}" # The traefik container will use this static address, unless you explicitly use `{{ omit }}`
-  name: traefik_ipv6 # The name of the special ipv6 network which will be created and added to the traefik container
+  # This controls, if iptable rules should be deployed, to forward incoming traffic from 80/443 with a destination of the specified IP (traefik's IP).
+  # TL;DR: Should IPv6 traffic be forwarded/allowed to traefik.
+  firewall_rules_enabled: false
+  # The subnet that should be used. Usually has to have a size of at least `/80`
+  # (see https://web.archive.org/web/20181113104036/https://docs.docker.com/v17.06/engine/userguide/networking/default_network/ipv6/#docker-ipv6-cluster)
+  subnet: "{{ ansible_default_ipv6.address | ipsubnet(64) | ipsubnet(80, 51966) }}"
+  # The traefik container will use this static address, unless you explicitly use `{{ omit }}`
+  ip_addr: "{{ ansible_default_ipv6.address | ipsubnet(64) | ipsubnet(80, 51966) | ipaddr('2') | ipaddr('address') }}"
+  # The name of the special ipv6 network which will be created and added to the traefik container
+  name: traefik_ipv6

 # Should a general https redirect middleware be enabled for all hosts on the web endpoint?
 traefik_https_redirect_all: true
@ -70,7 +76,7 @@ traefik_dynamic_conf:
    options:
      default:
        minVersion: "VersionTLS12"
-        sniStrict: true # Can be disabled for local testing, which will lead to traefik serving it's default certificate if none can be found
+        sniStrict: true  # Can be disabled for local testing, which will lead to traefik serving it's default certificate if none can be found
        cipherSuites:
          - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
          - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384