Fix lints

.ansible-lint

@@ -1,7 +1,17 @@
 ---
 skip_list:
-  - no-handler
-  - git-latest
+  - command-instead-of-module
+  - ignore-errors
+  - key-order[task]
+  - latest[git]
+  - name[casing]
+  - name[missing]
+  - name[play]
+  - name[template]
   - no-changed-when
-  - meta-no-info
-  - yaml
+  - no-handler
+  - partial-become[task]
+  - role-name[path]
+  - schema[playbook]
+  - schema[role-arg-spec]
+  - var-naming[no-role-prefix]

.yamllint

@@ -7,6 +7,14 @@ yaml-files:
 
 ignore: |
   vault.yml
+  playbooks/roles/backups/snapshots/user/templates/volumes.yml
+  playbooks/roles/backups/restic/user/templates/restic-aws-keys.yml
+  playbooks/roles/backups/restic/user/templates/volumes.yml
+  playbooks/roles/services/deploy/metrics/templates/prometheus.yml
+  playbooks/roles/music/org/templates/nextcloud-upload.yml
+  playbooks/roles/music/org/templates/beets-archive.yml
+  playbooks/roles/music/org/templates/beets-collection.yml
+  playbooks/roles/music/org/templates/beets-common.yml
 
 rules:
   braces: enable

inventory/group_vars/home/vars.yml

@@ -4,11 +4,11 @@
 # --------------------------------------------------------------------------------------------------
 local_inet_network_address: "192.168.0.0"
 local_inet_network_prefixlen: 16
-local_inet_network: "{{ local_inet_network_address  }}/{{ local_inet_network_prefixlen }}"
+local_inet_network: "{{ local_inet_network_address }}/{{ local_inet_network_prefixlen }}"
 
 local_inet6_network_address: "2001:1c00:161e:7900::"
 local_inet6_network_prefixlen: 64
-local_inet6_network: "{{ local_inet6_network_address  }}/{{ local_inet6_network_prefixlen }}"
+local_inet6_network: "{{ local_inet6_network_address }}/{{ local_inet6_network_prefixlen }}"
 
 # --------------------------------------------------------------------------------------------------
 # system:base

makefile

@@ -2,7 +2,7 @@ ansible-lint:
 	@ansible-lint
 
 ansible-syntax:
-	@ansible-playbook --syntax-check main.yml -i production
+	@ansible-playbook --syntax-check main.yml -i inventory/production
 
 yamllint:
 	@yamllint .

playbooks/baldur.yml

@@ -8,8 +8,8 @@
         path: "/etc/hosts"
         line: "{{ address }} {{ item }}"
       vars:
-        - address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address |
-                       default('127.0.0.1') }}"
+        address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address |
+                     default('127.0.0.1') }}"
       loop: "{{ [system_mail_smtp_server | default([])] |
                 union( [vpn_wireguard_server_address | default([])] ) |
                 union( [backups_restic_user_aws_bucket_endpoint | default([])] ) |

playbooks/roles/music/rip/tasks/include/samba.yml

@@ -91,8 +91,11 @@
 
 - name: "samba : add \"{{ music_user_name }}\" user"
   ansible.builtin.shell: |
+    set -o pipefail
     (echo '{{ music_user_samba_password }}'; echo '{{ music_user_samba_password }}') |
     smbpasswd -a {{ music_user_name }}
+  args:
+    executable: "/usr/bin/bash"
   when:
     not music_rip_samba_pdb_state.stdout is match('^' ~ music_user_name ~ ':')
 

playbooks/roles/services/deploy/rproxy/tasks/main.yml

@@ -62,7 +62,8 @@
       when:
         services_deploy_rproxy_systemd_files.changed
 
-    - name: "{{ services_service_name }} : enable container-{{ services_service_name }}-certbot timer"
+    - name: "\
+        {{ services_service_name }} : enable container-{{ services_service_name }}-certbot timer"
       ansible.builtin.systemd:
         name: "container-{{ services_service_name }}-certbot.timer"
         enabled: true

playbooks/roles/services/setup/system/tasks/include/podman.yml

@@ -21,6 +21,8 @@
       ansible.builtin.shell: "yes | podman system reset"
       when:
         services_setup_system_containers_storage.changed
+      # Do NOT set pipefail for `yes` since it has infinite output.
+      tags: "skip_ansible_lint"
 
   when:
     services_setup_system_containers_storage_fuse_overlay

playbooks/roles/services/setup/user/tasks/include/podman.yml

@@ -18,5 +18,7 @@
       ansible.builtin.shell: "cd $HOME; yes | podman system reset"
       when:
         services_setup_user_containers_storage.changed
+      # Do NOT set pipefail for `yes` since it has infinite output.
+      tags: "skip_ansible_lint"
 
   become_user: "{{ services_service_user_name }}"

playbooks/roles/services/setup/user/tasks/include/user.yml

@@ -24,11 +24,14 @@
 
     - name: "{{ services_service_name }} : setup : configure subuids and subgids"
       ansible.builtin.shell: |
+          set -o pipefail
           export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
           export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
           usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
                   --add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
           {{ services_service_user_name }}
+      args:
+        executable: "/usr/bin/bash"
 
     - name: "{{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set"
       ansible.builtin.shell: |

playbooks/roles/system/datasets/tasks/main.yml

@@ -1,3 +1,4 @@
+---
 - name: "play:system : role:datasets : tasks:var"
   ansible.builtin.import_tasks: "include/var.yml"
   tags:

playbooks/roles/system/gateway_hosts/defaults/main.yml

@@ -1,3 +1,4 @@
+---
 system_gateway_hosts_files:
   - "/etc/hosts"
 system_gateway_hosts_hosts: {}

playbooks/system.yml

@@ -8,8 +8,8 @@
         path: "/etc/hosts"
         line: "{{ address }} {{ item }}"
       vars:
-        - address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address |
-                       default('127.0.0.1') }}"
+        address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address |
+                     default('127.0.0.1') }}"
       loop: "{{ [system_mail_smtp_server | default([])] |
                 union( [vpn_wireguard_server_address | default([])] ) |
                 union( [backups_restic_user_aws_bucket_endpoint | default([])] ) |
@@ -42,14 +42,15 @@
   roles:
     - role: "system/gateway_hosts"
       tags: "system:gateway_hosts"
-  vars:
-    system_gateway_hosts_files:
-      - "/etc/hosts"
-      - "/etc/cloud/templates/hosts.debian.tmpl"
-    system_gateway_hosts_hosts:
-      "git.thenineworlds.net":
-        "inet": "{{ hostvars.valkyrie.services_host_services.rproxy.inet_address }}"
-        "inet6": "{{ hostvars.valkyrie.services_host_services.rproxy.inet6_address }}"
+      vars:
+        system_gateway_hosts_files:
+          - "/etc/hosts"
+          - "/etc/cloud/templates/hosts.debian.tmpl"
+        system_gateway_hosts_hosts:
+          "git.thenineworlds.net":
+            "inet": "{{ hostvars.valkyrie.services_host_services.rproxy.inet_address }}"
+            "inet6": "{{ hostvars.valkyrie.services_host_services.rproxy.inet6_address }}"
+      when: (the_nine_worlds_production | bool)
 
 - name: "system : all"
   hosts: "all"
@@ -138,7 +139,7 @@
     - role: "system/datasets"
       tags: "system:datasets"
       vars:
-        _zvol_volsize: "21474836480" # 20G
+        _zvol_volsize: "21474836480"  # 20G
         system_datasets_var_containers_zvol_properties: "\
           {% set _zvol_properties = {} %}\
           {{ _zvol_properties.update({ 'volsize': _zvol_volsize }) }}\

requirements.txt

@@ -1,5 +1,7 @@
 ansible
+ansible-lint
 keyring
 libvirt-python
 passlib
 requests
+yamllint

roles

@@ -1 +1 @@
-Subproject commit c2c25f214fad2212ce6e853826dca28f98eee93a
+Subproject commit 86005988e486e84c0652321e85daaa582a5c535d