start using ansible-lint and fix a first batch of 'issues'

some seemed sensible enough and have only temporarily ignored some to get the ball rolling Signed-off-by: clux <sszynrae@gmail.com>
clux · Jun 25, 2023 · 619df05 · 619df05
1 parent 3fb1e56
commit 619df05
Show file tree

Hide file tree

Showing 20 changed files with 121 additions and 72 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,4 @@
+skip_list:
+- 'fqcn[action-core]'
+- 'name[casing]'
+- 'name[missing]'
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -6,7 +6,7 @@ on:
       - ansible
 
 jobs:
-  shellcheck:
+  lint:
     runs-on: ubuntu-latest
     env:
       SHELLCHECK_OPTS: "-e SC1091 -e SC1090 -e SC1117 -s bash"
@@ -18,3 +18,6 @@ jobs:
     - run: shellcheck --version
     - run: env | grep SHELLCHECK
     - run: just lint
+    - uses: ansible/ansible-lint-action@v6
+      with:
+        path: 'site.yml bootstrap.yml'
diff --git a/bootstrap.yml b/bootstrap.yml
@@ -1,19 +1,22 @@
 ---
-- hosts: all
+- name: bootstrap arch host
+  hosts: all
   connection: local
   user: root
   gather_facts: false
 
   tasks:
   - name: sudo
-    pacman: name=sudo state=installed
+    community.general.pacman:
+      name: sudo
+      state: installed
 
-  - name: ensure {{ user }} exists
+  - name: 'ensure user exists: {{ user }}'
     user:
-      name={{ user }}
-      state=present
-      groups=audio,video,games,rfkill,uucp,wheel,sys,lp
-      append=yes
+      name: '{{ user }}'
+      state: present
+      groups: 'audio,video,games,rfkill,uucp,wheel,sys,lp'
+      append: true
 
   - name: allow wheel users to sudo without pass
     lineinfile:
@@ -32,14 +35,21 @@
     ignore_errors: true
 
   - name: install MESA display drivers and choice dependencies
-    pacman:
+    community.general.pacman:
       # NB: may want mesa-git
-      name: ['mesa', 'mesa-libgl', 'wayland', 'lib32-vulkan-radeon', 'vulkan-radeon', 'amdvlk', 'lib32-amdvlk']
+      name:
+      - mesa
+      - mesa-libgl
+      - wayland
+      - lib32-vulkan-radeon
+      - vulkan-radeon
+      - amdvlk
+      - lib32-amdvlk
       state: installed
     when: display_driver == "mesa"
 
   - name: install core packages
-    pacman:
+    community.general.pacman:
       name:
       - git
       - openssh
@@ -50,7 +60,7 @@
       - lsb-release
       state: installed
   - name: install fonts
-    pacman:
+    community.general.pacman:
       name:
       - ttf-dejavu
       - ttf-ubuntu-font-family # browser
@@ -62,7 +72,7 @@
   # TODO: install rustup from pacman and rustup install stable
 
   - name: install window manager
-    pacman:
+    community.general.pacman:
       name:
       - hyprland # wayland compositor (deps below picked for this)
       - dunst # lightweight, customizable notification daemon
@@ -81,24 +91,24 @@
     when: display_driver == "mesa"
 
   # AUR DEPS FOR HYPRLAND
-  - name: install aur extras
-    aur:
-      name:
-      - waybar-hyprland # customizable Wayland bar
-      - wleave-git # wlogout fork
-      - mpvpaper # video wallpaper for wlroots
-      - webcord-bin # discord
-      - google-chrome
-      # theming
-      - catppuccin-gtk-theme-mocha
-      - catppuccin-cursors-mocha
-      - nwg-look
-    when: display_driver == "mesa"
+  #- name: install aur extras
+  #   aur:
+  #   name:
+  #   - waybar-hyprland # customizable Wayland bar
+  #   - wleave-git # wlogout fork
+  #   - mpvpaper # video wallpaper for wlroots
+  #   - webcord-bin # discord
+  #   - google-chrome
+  #   # theming
+  #   - catppuccin-gtk-theme-mocha
+  #   - catppuccin-cursors-mocha
+  #   - nwg-look
+  #   when: display_driver == "mesa"
 
   - name: clone provision repo
     # TODO: needs a chown {{ user }}:{{ user }} -R /home/{{ user }}/provision
     git:
       repo: https://github.com/clux/provision
       dest: /home/{{ user }}/provision
-      update: true
+      update: true # noqa: latest
     become: true
diff --git a/justfile b/justfile
@@ -50,4 +50,5 @@ lint:
 
 # run full lint plus bats test
 test: lint
+  ansible-lint site.yml bootstrap.yml
   bats test
diff --git a/roles/arch/tasks/docker.yml b/roles/arch/tasks/docker.yml
@@ -5,18 +5,26 @@
   file:
     path: /etc/systemd/system/docker.service.d
     state: directory
+    mode: 0755
 
 # Tweak a few lines in config - shows up in systemctl show docker
 - name: docker system config override
   template:
     src: "templates/docker.service.override"
     dest: "/etc/systemd/system/docker.service.d/override.conf"
+    mode: 0644
 
 # Docker - create the docker group (gpasswd -a $USER docker)
 # NB: this requires `newgrp docker` or logout
 # DONT DO NEWGRP AS IT WILL SCREW WITH YOUR PRIMARY GROUP
 - name: Add user to docker group
-  user: name={{ user }} groups=docker append=true
+  user:
+    name: '{{ user }}'
+    groups: docker
+    append: true
 
 - name: systemctl enable docker --user --now
-  systemd: name=docker state=started enabled=true
+  systemd:
+    name: docker
+    state: started
+    enabled: true
diff --git a/roles/arch/tasks/linux.yml b/roles/arch/tasks/linux.yml
@@ -5,7 +5,7 @@
 # https://www.phoronix.com/news/Fedora-39-VM-Max-Map-Count
 - name: sysctl vm.max_map_count
   become: true
-  sysctl:
+  ansible.posix.sysctl:
     name: vm.max_map_count
     value: '2147483642'
     sysctl_set: true
@@ -20,12 +20,16 @@
     state: link
 
 - name: net capabilities on nethogs
-  capabilities: path=/sbin/nethogs capability={{ item }}
+  community.general.capabilities:
+    path: '/sbin/nethogs'
+    capability: '{{ item }}'
   with_items:
   - "cap_net_admin+ep"
   - "cap_net_raw+ep"
 - name: net capabilities on bandwhich
-  capabilities: path=/sbin/bandwhich capability=cap_net_raw,cap_net_admin+ep
+  community.general.capabilities:
+    path: /sbin/bandwhich
+    capability: cap_net_raw,cap_net_admin+ep
 
 - name: pulseaudio disable source/sink idle suspend
   become: true

diff --git a/roles/arch/tasks/systemd.yml b/roles/arch/tasks/systemd.yml
@@ -3,7 +3,11 @@
 
 # Services that can run as --user (that haven't auto-started)
 - name: systemctl enable user services
-  systemd: name={{ item }} state=started enabled=yes user=yes
+  systemd:
+    name: '{{ item }}'
+    state: started
+    enabled: true
+    scope: 'user'
   become: false
   with_items: []
   #- mpd

diff --git a/roles/arch/tasks/wayland.yml b/roles/arch/tasks/wayland.yml
@@ -3,8 +3,16 @@
 
 # greetd (autologin)
 - name: greetd config dir
-  file: path=/etc/greetd/ state=directory
+  file:
+    path: /etc/greetd/
+    state: directory
+    mode: 0755
 - name: greetd config with autologin
-  template: src=templates/greetdconfig.toml dest=/etc/greetd/config.toml
+  template:
+    src: templates/greetdconfig.toml
+    dest: /etc/greetd/config.toml
+    mode: 0644
 - name: systemctl enable greetd
-  systemd: name=greetd enabled=yes
+  systemd:
+    name: greetd
+    enabled: true
diff --git a/roles/disks/tasks/broxy.yml b/roles/disks/tasks/broxy.yml
@@ -2,7 +2,7 @@
 # fstab for broxy
 
 - name: mount ntfs disks
-  mount:
+  ansible.posix.mount:
     name: "/media/{{ item.name }}"
     src: "{{ item.src }}"
     fstype: ntfs-3g
@@ -16,11 +16,11 @@
 - include_vars: vars/archbox.yml
 
 - name: archbox mounts
-  mount:
+  ansible.posix.mount:
     name: "/media/archbox/{{ item }}"
     src: "//192.168.100.3/{{ item }}"
     fstype: "cifs"
-    opts: "user={{archbox.user}},password={{archbox.password}},nofail,noauto"
+    opts: "user={{ archbox.user }},password={{ archbox.password }},nofail,noauto"
     state: "mounted"
     boot: false
   become: true

diff --git a/roles/disks/tasks/kjttks.yml b/roles/disks/tasks/kjttks.yml
@@ -2,7 +2,7 @@
 # fstab for kjttks
 
 - name: mount ntfs disks
-  mount:
+  ansible.posix.mount:
     name: "/media/{{ item.name }}"
     src: "{{ item.src }}"
     fstype: ntfs-3g
@@ -13,7 +13,7 @@
   - { src: /dev/sdd3, name: zorn }
 
 - name: mount ext4 disks
-  mount:
+  ansible.posix.mount:
     name: "/media/{{ item.name }}"
     src: "{{ item.src }}"
     fstype: ext4

diff --git a/roles/docker/tasks/broxy.yml b/roles/docker/tasks/broxy.yml
diff --git a/roles/docker/tasks/clux.yml b/roles/docker/tasks/clux.yml
@@ -4,13 +4,18 @@
 # try to create the .docker dir before we start docker because docker runs as root
 # and then we can't change the ~/.docker/conf without root..
 # if this doesn't work, we could chown the directory non-recursively
-- file: path=/home/{{ user }}/.docker state=directory owner={{ user }} group={{ user }}
+- file:
+    path: '/home/{{ user }}/.docker'
+    state: directory
+    owner: '{{ user }}'
+    group: '{{ user }}'
+    mode: 0711
   become: true
   become_user: root
 
 
 - name: docker login clux
-  docker_login:
+  community.docker.docker_login:
     username: clux
     #email: sszynrae@gmail.com
-    password: "{{ lookup('passwordstore', 'docker/clux')}}"
+    password: "{{ lookup('passwordstore', 'docker/clux') }}"
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
@@ -5,8 +5,3 @@
   when: inventory_hostname != "broxy"
   become: false
   tags: [docker, core]
-
-- import_tasks: broxy.yml
-  when: inventory_hostname == "broxy"
-  become: false
-  tags: [docker, core]
diff --git a/roles/lpms/tasks/cargo.yml b/roles/lpms/tasks/cargo.yml
@@ -12,7 +12,9 @@
     cargo_state: "{{ 'latest' if (upgrade_tasks | default(false)) else 'present' }}"
 
 - name: install cargo modules
-  community.general.cargo: name={{ item }} state={{cargo_state}}
+  community.general.cargo:
+    name: '{{ item }}'
+    state: '{{ cargo_state }}'
   with_items:
   - cargo-edit
   - cargo-tree

diff --git a/roles/lpms/tasks/goget.yml b/roles/lpms/tasks/goget.yml
@@ -6,7 +6,8 @@
 
 - name: install binary packages
   command: go get -u -v {{ item.src }}
-  #creates: "/home/{{ user }}/.go/bin/{{ item.bin }}"
+  args:
+    creates: "/home/{{ user }}/.go/bin/{{ item.bin }}"
   when: upgrade_tasks | default(false)
   with_items: []
   #- { src: github.com/genuinetools/apk-file, bin: apk-file }

diff --git a/roles/lpms/tasks/npm.yml b/roles/lpms/tasks/npm.yml
@@ -14,7 +14,10 @@
     npm_state: "{{ 'latest' if (upgrade_tasks | default(false)) else 'present' }}"
 
 - name: Install global npm dependencies
-  npm: name={{ item }} state={{ npm_state }} global=true
+  community.general.npm:
+    name: '{{ item }}'
+    state: '{{ npm_state }}'
+    global: true
   with_items: []
   #- faucet
   #- eslint

diff --git a/roles/lpms/tasks/pip.yml b/roles/lpms/tasks/pip.yml
@@ -16,7 +16,10 @@
 
 # Some of these technically do exist as well in pacman, but want some updates faster
 - name: Install dependencies
-  pip: name={{ item }} extra_args='--user --break-system-packages' state={{pip_state}}
+  pip:
+    name: '{{ item }}'
+    extra_args: '--user --break-system-packages'
+    state: '{{ pip_state }}'
   with_items: []
   #- yq
   #- requests

diff --git a/roles/ssh/handlers/main.yml b/roles/ssh/handlers/main.yml
@@ -2,4 +2,6 @@
 
 - name: restart sshd
   become: true
-  service: name=sshd state=restarted
+  service:
+    name: sshd
+    state: restarted
diff --git a/roles/ssh/tasks/sshd.yml b/roles/ssh/tasks/sshd.yml
@@ -1,10 +1,19 @@
 ---
 # sshd
 
-- template: src=templates/motd.sh dest=/etc/profile.d/motd.sh
+- template:
+    src: templates/motd.sh
+    dest: '/etc/profile.d/motd.sh'
+    mode: 0644
 
-- template: src=templates/sshd_config.j2 dest=/etc/ssh/sshd_config
+- template:
+    src: templates/sshd_config.j2
+    dest: '/etc/ssh/sshd_config'
+    mode: 0644
   notify:
   - restart sshd
 
-- service: name=sshd state=started enabled=yes
+- service:
+    name: sshd
+    state: started
+    enabled: true