Style changes

2021-02-01 21:16:53 +01:00 · 2021-02-01 21:16:53 +01:00 · 248b921cb4
commit 248b921cb4
parent 4296823b3f
9 changed files with 82 additions and 77 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,3 +1,29 @@
 poetry_url: 'https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py'
 poetry_user: "{{ ansible_user | default(lookup('env', 'USER'), True) }}"
 poetry_dir: '{{ ansible_env.HOME }}/.poetry'
+
+common_packages:
+  - acl
+  - man
+  - apt-transport-https
+  - ca-certificates
+  - software-properties-common
+  - policykit-1
+  - libpolkit-agent-1-0
+  - nftables
+  - openssh-client
+  - bash-completion
+  - git
+  - vim
+  - curl
+  - tree
+  - haveged
+  - rsync
+
+ssl_packages:
+  - python3-openssl
+  - python3-crypto
+  - python3-cryptography
+  - python-openssl
+  - python-crypto
+  - python-cryptography
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,79 +1,79 @@
 - name: reload ssh
-  become: yes
+  become: true
  systemd:
    name: ssh
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart nftables
-  become: yes
+  become: true
  systemd:
    name: nftables
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart nginx
-  become: yes
+  become: true
  systemd:
    name: nginx
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart docker
-  become: yes
+  become: true
  systemd:
    name: docker
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart rabbitmq
-  become: yes
+  become: true
  systemd:
    name: rabbitmq-server
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart memcached
-  become: yes
+  become: true
  systemd:
    name: memcached
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart postfix
-  become: yes
+  become: true
  systemd:
    name: postfix
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart postgres
-  become: yes
+  become: true
  systemd:
    name: postgresql@11-main
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart systemd-networkd
-  become: yes
+  become: true
  systemd:
    name: systemd-networkd
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true

 - name: restart systemd-resolved
-  become: yes
+  become: true
  systemd:
    name: systemd-resolved
    state: restarted
-    enabled: yes
-    daemon-reload: yes
+    enabled: true
+    daemon-reload: true
--- a/handlers/user.yml
+++ b/handlers/user.yml
@ -1,19 +1,19 @@
 - name: start user tmux service
  become_user: '{{ default_user }}'
-  become: yes
+  become: true
  systemd:
-    daemon-reload: yes
+    daemon-reload: true
    name: tmux
    state: started
-    enabled: yes
+    enabled: true
    scope: user

 - name: restart user tmux service
  become_user: '{{ default_user }}'
-  become: yes
+  become: true
  systemd:
-    daemon-reload: yes
+    daemon-reload: true
    name: tmux
    state: restarted
-    enabled: yes
+    enabled: true
    scope: user
--- a/tasks/known_hosts.yml
+++ b/tasks/known_hosts.yml
@ -9,14 +9,14 @@
        - '{{ role_path }}/vars'

 - name: install packages
-  become: yes
+  become: true
  package:
    name: '{{ item }}'
    state: present
  loop: '{{ known_hosts_packages }}'

 - name: retrieve user $HOME
-  shell: 'echo $HOME' # noqa 301
+  shell: 'echo $HOME'
  become_user: '{{ user }}'
  register: home_stats

--- a/tasks/network.yml
+++ b/tasks/network.yml
@ -1,9 +1,10 @@
 - name: check old network configuration
-  stat: path=/etc/network/interfaces
+  stat:
+    path: '/etc/network/interfaces'
  register: old_config

 - name: move old network configuration
-  command: mv /etc/network/interfaces /etc/network/interfaces.save
+  command: 'mv /etc/network/interfaces /etc/network/interfaces.save'
  when: old_config.stat.exists

 - name: copy network configuration
@ -22,6 +23,6 @@
    owner: root
    group: root
    state: link
-    force: yes
+    force: true
    mode: '0644'
  notify: restart systemd-resolved
--- a/tasks/nginx.yml
+++ b/tasks/nginx.yml
@ -1,5 +1,5 @@
 - name: install nginx
-  apt:
+  package:
    name: nginx
    state: present

--- a/tasks/poetry.yml
+++ b/tasks/poetry.yml
@ -1,9 +1,9 @@
- name: retrieve user $HOME # noqa 301
+- name: retrieve user $HOME
  shell: 'echo $HOME'
  become_user: '{{ poetry_user }}'
  register: home_stats

- name: retrieve user $PATH # noqa 301
+- name: retrieve user $PATH
  shell: 'echo $PATH'
  become_user: '{{ poetry_user }}'
  register: path_stats
@ -20,13 +20,13 @@
    mode: '0755'
    path: '{{ poetry_user_home }}/.local/bin'

- name: set default python binary # noqa 208
+- name: set default python binary
  become: true
  file:
    state: link
    src: '/usr/bin/python3'
    dest: '/usr/bin/python'
-  when: ansible_distribution == "Ubuntu"
+  when: ansible_distribution == 'Ubuntu'

 - name: setup poetry for Ubuntu/Debian derived distro's
  block:
@ -46,28 +46,28 @@

    - name: install poetry
      become_user: '{{ poetry_user }}'
-      command: 'python /tmp/get-poetry.py --yes' # noqa 305
+      command: 'python /tmp/get-poetry.py --yes'
      environment:
        POETRY_HOME: '{{ poetry_dir }}'
      when: poetry_stats.stat.isdir is not defined

-    - name: add poetry to user binaries # noqa 208
+    - name: add poetry to user binaries
      become_user: '{{ poetry_user }}'
      file:
        state: link
        src: '{{ poetry_dir }}/bin/poetry'
        dest: '{{ poetry_user_home }}/.local/bin/poetry'
-  when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

 - name: setup poetry for Archlinux
  become: true
  pacman:
    name: poetry
    state: present
-  when: ansible_facts['os_family'] == "Archlinux"
+  when: ansible_facts['os_family'] == 'Archlinux'

 - name: update poetry config
  become_user: '{{ poetry_user }}'
-  command: 'poetry config virtualenvs.in-project true' # noqa 301
+  command: 'poetry config virtualenvs.in-project true'
  environment:
    PATH: '{{ poetry_user_home }}/.local/bin:{{ poetry_user_path }}'
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@ -18,23 +18,7 @@

 - name: ensure basic tooling is installed
  apt:
-    name:
-      - acl
-      - man
-      - apt-transport-https
-      - ca-certificates
-      - software-properties-common
-      - policykit-1
-      - libpolkit-agent-1-0
-      - nftables
-      - openssh-client
-      - bash-completion
-      - git
-      - vim
-      - curl
-      - tree
-      - haveged
-      - rsync
+    name: '{{ common_packages }}'
    state: present

 - name: copy firewall template
@ -48,4 +32,4 @@

 # see https://wiki.debian.org/systemd#Orphaned_processes
 - name: enable loginctl user-linger
-  command: 'loginctl enable-linger {{ default_user|quote }}' # noqa 301
+  command: 'loginctl enable-linger {{ default_user|quote }}'
--- a/tasks/ssl.yml
+++ b/tasks/ssl.yml
@ -1,12 +1,6 @@
 - name: install SSL packages
  apt:
-    name:
-      - python3-openssl
-      - python3-crypto
-      - python3-cryptography
-      - python-openssl
-      - python-crypto
-      - python-cryptography
+    name: '{{ ssl_packages }}'
    state: present

 - name: create ssl directory
@ -32,7 +26,7 @@
 - name: generate a self signed OpenSSL certificate
  become_user: '{{ app_user }}'
  openssl_certificate:
-    force: yes
+    force: true
    path: '/etc/ssl/{{ app_name }}/{{ app_name }}.crt'
    privatekey_path: '/etc/ssl/{{ app_name }}/local.pem'
    csr_path: '/etc/ssl/{{ app_name }}/local.csr'