feat: set lstrip on ansible template task and remove comments (#1155)

* feat: set lstrip on ansible template task and remove comments

Signed-off-by: Devin Buhl <devin@buhl.casa>

* fix: cert-manager block was neing stripped

Signed-off-by: Devin Buhl <devin@buhl.casa>

---------

Signed-off-by: Devin Buhl <devin@buhl.casa>

bootstrap/tasks/addons/coredns.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/csi_driver_nfs.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/discord_template_notifier.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/grafana.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/homepage.yaml

@@ -20,22 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-# https://github.com/ansible-collections/community.sops/issues/153
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/kube_prometheus_stack.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/kubernetes_dashboard.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/system_upgrade_controller.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/volsync.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/addons/weave_gitops.yaml

@@ -20,21 +20,20 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
   loop_control:
     label: "{{ item.path }}"
 
-- name: Template encrypted files for {{ addon_namespace }}/{{ addon_name }}
-  block:
-    - name: Template encrypted files
-      when: item.state == 'file' and 'sops' in item.path
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
-      loop_control:
-        label: "{{ item.path }}"
+- name: Template encrypted files
+  when: item.state == 'file' and 'sops' in item.path
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/kubernetes/apps/{{ addon_namespace }}/{{ addon_name }}/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree: ["../templates/addons/{{ addon_name }}/"]
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/ansible/main.yaml

@@ -20,27 +20,26 @@
     src: "{{ item.src }}"
     dest: "{{ repository_path }}/ansible/{{ item.path | regex_replace('.j2$', '') }}"
     mode: "0644"
+    lstrip_blocks: true
   with_community.general.filetree:
     - "../templates/ansible/shared/"
     - "../templates/ansible/{{ bootstrap_distribution }}/"
   loop_control:
     label: "{{ item.path }}"
 
 - name: Template Ansible encrypted files
-  block:
-    - name: Template Ansible encrypted files
-      when:
-        - "item.state == 'file'"
-        - "'sops' in item.path"
-      community.sops.sops_encrypt:
-        path: "{{ repository_path }}/ansible/{{ item.path | replace('.j2', '') }}"
-        encrypted_regex: ^(data|stringData)$
-        age: ["{{ bootstrap_age_public_key }}"]
-        content_yaml: "{{ lookup('ansible.builtin.template', item.src) | from_yaml }}"
-        mode: "0644"
-        force: true
-      with_community.general.filetree:
-        - "../templates/ansible/shared/"
-        - "../templates/ansible/{{ bootstrap_distribution }}/"
-      loop_control:
-        label: "{{ item.path }}"
+  when:
+    - "item.state == 'file'"
+    - "'sops' in item.path"
+  community.sops.sops_encrypt:
+    path: "{{ repository_path }}/ansible/{{ item.path | replace('.j2', '') }}"
+    encrypted_regex: ^(data|stringData)$
+    age: ["{{ bootstrap_age_public_key }}"]
+    content_yaml: "{{ lookup('ansible.builtin.template', item.src, lstrip_blocks=true) | from_yaml }}"
+    mode: "0644"
+    force: true
+  with_community.general.filetree:
+    - "../templates/ansible/shared/"
+    - "../templates/ansible/{{ bootstrap_distribution }}/"
+  loop_control:
+    label: "{{ item.path }}"

bootstrap/tasks/k0s/main.yaml

@@ -4,3 +4,4 @@
     src: "templates/k0s/k0s-config.yaml.j2"
     dest: "{{ repository_path }}/k0s-config.yaml"
     mode: "0644"
+    lstrip_blocks: true