From ee384fe64451b2c5816eeabcb4dfdcb6eb793f11 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 1 Mar 2025 21:08:26 +0100 Subject: [PATCH] Fix network task linter errors --- tasks/network.yml | 163 +++++++++++++++++++++------------------------- 1 file changed, 73 insertions(+), 90 deletions(-) diff --git a/tasks/network.yml b/tasks/network.yml index c03e12e..1faca5c 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -3,9 +3,9 @@ # using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint :` # for example. -- name: create wireguard directories +- name: Create wireguard directories become: true - file: + ansible.builtin.file: path: '{{ item | dirname }}' owner: root group: systemd-network @@ -17,35 +17,30 @@ - '{{ vpn_media.private_key_path }}' - '{{ vpn_media.public_key_path }}' -- name: copy wireguard credentials +- name: Copy wireguard credentials become: true - copy: + ansible.builtin.copy: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { - dest: '{{ vpn_default.public_key_path }}', - src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub', - } - - { - dest: '{{ vpn_default.private_key_path }}', - src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key', - } - - { - dest: '{{ vpn_media.public_key_path }}', - src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub', - } - - { - dest: '{{ vpn_media.private_key_path }}', - src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key', - } + - dest: '{{ vpn_default.public_key_path }}' + src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub' -- name: copy wireguard preshared keys + - dest: '{{ vpn_default.private_key_path }}' + src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key' + + - dest: '{{ vpn_media.public_key_path }}' + src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub' + + - dest: '{{ vpn_media.private_key_path }}' + src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key' + +- name: Copy wireguard preshared keys become: true - copy: + ansible.builtin.copy: src: '{{ item.preshared_key_source_path }}' dest: '{{ item.preshared_key_path }}' owner: root @@ -53,100 +48,88 @@ mode: '0640' loop: '{{ vpn_default.peers + vpn_media.peers }}' -- block: - - name: setup desktop network configuration - become: true - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: systemd-network - mode: '0640' - loop: - - { - src: 'templates/desktop/network/enp.network.j2', - dest: '/etc/systemd/network/20-wired.network', - } - - { - src: 'templates/desktop/network/wg0.network.j2', - dest: '/etc/systemd/network/40-wg0.network', - } - - { - src: 'templates/desktop/network/wg0.netdev.j2', - dest: '/etc/systemd/network/40-wg0.netdev', - } - - { - src: 'templates/desktop/network/wg1.network.j2', - dest: '/etc/systemd/network/40-wg1.network', - } - - { - src: 'templates/desktop/network/wg1.netdev.j2', - dest: '/etc/systemd/network/40-wg1.netdev', - } - - - name: remove leftover configuration files - become: true - file: - path: '{{ item }}' - state: absent - loop: - - '/etc/systemd/network/30-vmbr0.network' - - '/etc/systemd/network/30-vmbr0.netdev' - +- name: Desktop configuration notify: - restart systemd-networkd - restart systemd-resolved when: platform == "desktop" - -- block: - - name: setup laptop network configuration + block: + - name: Setup network configuration become: true - template: + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { - src: 'templates/laptop/network/wireless.network.j2', - dest: '/etc/systemd/network/20-wireless.network', - } - - { - src: 'templates/laptop/network/wg0.network.j2', - dest: '/etc/systemd/network/40-wg0.network', - } - - { - src: 'templates/laptop/network/wg0.netdev.j2', - dest: '/etc/systemd/network/40-wg0.netdev', - } - - { - src: 'templates/laptop/network/wg1.network.j2', - dest: '/etc/systemd/network/40-wg1.network', - } - - { - src: 'templates/laptop/network/wg1.netdev.j2', - dest: '/etc/systemd/network/40-wg1.netdev', - } + - src: 'templates/desktop/network/enp.network.j2' + dest: '/etc/systemd/network/20-wired.network' - - name: remove leftover configuration files + - src: 'templates/desktop/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/desktop/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + + - src: 'templates/desktop/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/desktop/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + + - name: Remove leftover configuration files become: true - file: + ansible.builtin.file: path: '{{ item }}' state: absent loop: - '/etc/systemd/network/30-vmbr0.network' - '/etc/systemd/network/30-vmbr0.netdev' +- name: Laptop configuration notify: - restart systemd-networkd - restart systemd-resolved - restart iwd when: platform == "laptop" + block: + - name: Setup network configuration + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: systemd-network + mode: '0640' + loop: + - src: 'templates/laptop/network/wireless.network.j2' + dest: '/etc/systemd/network/20-wireless.network' -- name: copy firewall template + - src: 'templates/laptop/network/wg0.network.j2' + dest: '/etc/systemd/network/40-wg0.network' + + - src: 'templates/laptop/network/wg0.netdev.j2' + dest: '/etc/systemd/network/40-wg0.netdev' + + - src: 'templates/laptop/network/wg1.network.j2' + dest: '/etc/systemd/network/40-wg1.network' + + - src: 'templates/laptop/network/wg1.netdev.j2' + dest: '/etc/systemd/network/40-wg1.netdev' + + - name: Remove leftover configuration files + become: true + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - '/etc/systemd/network/30-vmbr0.network' + - '/etc/systemd/network/30-vmbr0.netdev' + +- name: Copy firewall template become: true - template: + ansible.builtin.template: src: 'templates/{{ platform }}/nftables.j2' dest: '/etc/nftables.conf' owner: root