From 248b921cb47c6793037c48b9742f8b46b67b9f48 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 1 Feb 2021 21:16:53 +0100 Subject: [PATCH] Style changes --- defaults/main.yml | 26 +++++++++++++++++++ handlers/main.yml | 60 +++++++++++++++++++++---------------------- handlers/user.yml | 12 ++++----- tasks/known_hosts.yml | 4 +-- tasks/network.yml | 7 ++--- tasks/nginx.yml | 2 +- tasks/poetry.yml | 18 ++++++------- tasks/setup.yml | 20 ++------------- tasks/ssl.yml | 10 ++------ 9 files changed, 82 insertions(+), 77 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 3fab824..9980a2a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,29 @@ poetry_url: 'https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py' poetry_user: "{{ ansible_user | default(lookup('env', 'USER'), True) }}" poetry_dir: '{{ ansible_env.HOME }}/.poetry' + +common_packages: + - acl + - man + - apt-transport-https + - ca-certificates + - software-properties-common + - policykit-1 + - libpolkit-agent-1-0 + - nftables + - openssh-client + - bash-completion + - git + - vim + - curl + - tree + - haveged + - rsync + +ssl_packages: + - python3-openssl + - python3-crypto + - python3-cryptography + - python-openssl + - python-crypto + - python-cryptography diff --git a/handlers/main.yml b/handlers/main.yml index ca368bd..07d7ed5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,79 +1,79 @@ - name: reload ssh - become: yes + become: true systemd: name: ssh state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart nftables - become: yes + become: true systemd: name: nftables state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart nginx - become: yes + become: true systemd: name: nginx state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart docker - become: yes + become: true systemd: name: docker state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart rabbitmq - become: yes + become: true systemd: name: rabbitmq-server state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart memcached - become: yes + become: true systemd: name: memcached state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart postfix - become: yes + become: true systemd: name: postfix state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart postgres - become: yes + become: true systemd: name: postgresql@11-main state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart systemd-networkd - become: yes + become: true systemd: name: systemd-networkd state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart systemd-resolved - become: yes + become: true systemd: name: systemd-resolved state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true diff --git a/handlers/user.yml b/handlers/user.yml index 006f3c1..b906433 100644 --- a/handlers/user.yml +++ b/handlers/user.yml @@ -1,19 +1,19 @@ - name: start user tmux service become_user: '{{ default_user }}' - become: yes + become: true systemd: - daemon-reload: yes + daemon-reload: true name: tmux state: started - enabled: yes + enabled: true scope: user - name: restart user tmux service become_user: '{{ default_user }}' - become: yes + become: true systemd: - daemon-reload: yes + daemon-reload: true name: tmux state: restarted - enabled: yes + enabled: true scope: user diff --git a/tasks/known_hosts.yml b/tasks/known_hosts.yml index 552da97..60f7e9c 100644 --- a/tasks/known_hosts.yml +++ b/tasks/known_hosts.yml @@ -9,14 +9,14 @@ - '{{ role_path }}/vars' - name: install packages - become: yes + become: true package: name: '{{ item }}' state: present loop: '{{ known_hosts_packages }}' - name: retrieve user $HOME - shell: 'echo $HOME' # noqa 301 + shell: 'echo $HOME' become_user: '{{ user }}' register: home_stats diff --git a/tasks/network.yml b/tasks/network.yml index 687455d..7adb693 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -1,9 +1,10 @@ - name: check old network configuration - stat: path=/etc/network/interfaces + stat: + path: '/etc/network/interfaces' register: old_config - name: move old network configuration - command: mv /etc/network/interfaces /etc/network/interfaces.save + command: 'mv /etc/network/interfaces /etc/network/interfaces.save' when: old_config.stat.exists - name: copy network configuration @@ -22,6 +23,6 @@ owner: root group: root state: link - force: yes + force: true mode: '0644' notify: restart systemd-resolved diff --git a/tasks/nginx.yml b/tasks/nginx.yml index b862cd0..9d73790 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -1,5 +1,5 @@ - name: install nginx - apt: + package: name: nginx state: present diff --git a/tasks/poetry.yml b/tasks/poetry.yml index b931a0d..62b6e18 100644 --- a/tasks/poetry.yml +++ b/tasks/poetry.yml @@ -1,9 +1,9 @@ -- name: retrieve user $HOME # noqa 301 +- name: retrieve user $HOME shell: 'echo $HOME' become_user: '{{ poetry_user }}' register: home_stats -- name: retrieve user $PATH # noqa 301 +- name: retrieve user $PATH shell: 'echo $PATH' become_user: '{{ poetry_user }}' register: path_stats @@ -20,13 +20,13 @@ mode: '0755' path: '{{ poetry_user_home }}/.local/bin' -- name: set default python binary # noqa 208 +- name: set default python binary become: true file: state: link src: '/usr/bin/python3' dest: '/usr/bin/python' - when: ansible_distribution == "Ubuntu" + when: ansible_distribution == 'Ubuntu' - name: setup poetry for Ubuntu/Debian derived distro's block: @@ -46,28 +46,28 @@ - name: install poetry become_user: '{{ poetry_user }}' - command: 'python /tmp/get-poetry.py --yes' # noqa 305 + command: 'python /tmp/get-poetry.py --yes' environment: POETRY_HOME: '{{ poetry_dir }}' when: poetry_stats.stat.isdir is not defined - - name: add poetry to user binaries # noqa 208 + - name: add poetry to user binaries become_user: '{{ poetry_user }}' file: state: link src: '{{ poetry_dir }}/bin/poetry' dest: '{{ poetry_user_home }}/.local/bin/poetry' - when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - name: setup poetry for Archlinux become: true pacman: name: poetry state: present - when: ansible_facts['os_family'] == "Archlinux" + when: ansible_facts['os_family'] == 'Archlinux' - name: update poetry config become_user: '{{ poetry_user }}' - command: 'poetry config virtualenvs.in-project true' # noqa 301 + command: 'poetry config virtualenvs.in-project true' environment: PATH: '{{ poetry_user_home }}/.local/bin:{{ poetry_user_path }}' diff --git a/tasks/setup.yml b/tasks/setup.yml index b2c125c..2d34535 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -18,23 +18,7 @@ - name: ensure basic tooling is installed apt: - name: - - acl - - man - - apt-transport-https - - ca-certificates - - software-properties-common - - policykit-1 - - libpolkit-agent-1-0 - - nftables - - openssh-client - - bash-completion - - git - - vim - - curl - - tree - - haveged - - rsync + name: '{{ common_packages }}' state: present - name: copy firewall template @@ -48,4 +32,4 @@ # see https://wiki.debian.org/systemd#Orphaned_processes - name: enable loginctl user-linger - command: 'loginctl enable-linger {{ default_user|quote }}' # noqa 301 + command: 'loginctl enable-linger {{ default_user|quote }}' diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 058e501..8f71d76 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -1,12 +1,6 @@ - name: install SSL packages apt: - name: - - python3-openssl - - python3-crypto - - python3-cryptography - - python-openssl - - python-crypto - - python-cryptography + name: '{{ ssl_packages }}' state: present - name: create ssl directory @@ -32,7 +26,7 @@ - name: generate a self signed OpenSSL certificate become_user: '{{ app_user }}' openssl_certificate: - force: yes + force: true path: '/etc/ssl/{{ app_name }}/{{ app_name }}.crt' privatekey_path: '/etc/ssl/{{ app_name }}/local.pem' csr_path: '/etc/ssl/{{ app_name }}/local.csr'