Introduce ansible-lint

.ansible-lint

@@ -0,0 +1,7 @@
+---
+skip_list:
+  - no-handler
+  - git-latest
+  - no-changed-when
+  - meta-no-info
+  - yaml

makefile

@@ -1,16 +1,12 @@
-ci-requirements:
-	@python -m pip install --upgrade -r ci-requirements.txt
-
 ansible-lint:
 	@ansible-lint
 
+ansible-syntax:
+	@ansible --syntax-check main.yml -i production
+
 yamllint:
 	@yamllint .
 
-plugins-test:
-	@python -m pytest -vv --cov plugins/filter --cov-report=term-missing plugins/tests
+lint: ansible-lint ansible-syntax yamllint
 
-plugins-lint:
-	@python -m flake8 plugins
-
-.PHONY: ci-requirements ansible-lint yamllint plugins-test plugins-lint
+.PHONY: ansible-lint ansible-syntax yamllint

playbooks/roles/services/datasets/user/tasks/main.yml

@@ -13,6 +13,7 @@
   ansible.builtin.copy:
     src: "/etc/skel/"
     dest: "{{ services_service_user_home }}"
+    mode: "preserve"
     remote_src: true
   when:
     services_datasets_user_zfs_home.changed

playbooks/roles/services/deploy/cloud/tasks/main.yml

@@ -32,7 +32,7 @@
 
     - name: "configure systemd service"
       ansible.builtin.template:
-        src:  "./systemd/{{ item }}.j2"
+        src: "./systemd/{{ item }}.j2"
         dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
         mode: 0600
       loop:

playbooks/roles/services/deploy/database/tasks/main.yml

@@ -12,14 +12,14 @@
 
     - name: "configure postgres password"
       ansible.builtin.template:
-        src:  "./postgres/database.password.j2"
+        src: "./postgres/database.password.j2"
         dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/database.password"
         mode: 0600
       register: services_deploy_database_password_file
 
     - name: "configure systemd service"
       ansible.builtin.template:
-        src:  "./systemd/{{ item }}.j2"
+        src: "./systemd/{{ item }}.j2"
         dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
         mode: 0600
       loop:

playbooks/roles/services/deploy/git/tasks/main.yml

@@ -12,7 +12,7 @@
 
     - name: "configure systemd service"
       ansible.builtin.template:
-        src:  "./systemd/{{ item }}.j2"
+        src: "./systemd/{{ item }}.j2"
         dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
         mode: 0600
       loop:

playbooks/roles/services/deploy/lrproxy/tasks/main.yml

@@ -30,7 +30,7 @@
 
     - name: "configure systemd service"
       ansible.builtin.template:
-        src:  "./systemd/{{ item }}.j2"
+        src: "./systemd/{{ item }}.j2"
         dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
         mode: 0600
       loop:
@@ -55,7 +55,7 @@
       register: services_deploy_lrproxy_rsync_certificates_timer
 
     - name: "generate diffie hellman ephemeral parameters"
-      ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name}}/dhparam.pem 4096"
+      ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem 4096"
       args:
         creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
       register: services_deploy_lrproxy_dhparam

playbooks/roles/services/deploy/notes/tasks/main.yml

@@ -12,7 +12,7 @@
 
     - name: "configure systemd service"
       ansible.builtin.template:
-        src:  "./systemd/{{ item }}.j2"
+        src: "./systemd/{{ item }}.j2"
         dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
         mode: 0600
       loop:

playbooks/roles/services/deploy/rproxy/tasks/main.yml

@@ -30,7 +30,7 @@
 
     - name: "configure systemd service"
       ansible.builtin.template:
-        src:  "./systemd/{{ item }}.j2"
+        src: "./systemd/{{ item }}.j2"
         dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
         mode: 0600
       loop:
@@ -55,7 +55,7 @@
       register: services_deploy_rproxy_certbot_timer
 
     - name: "generate diffie hellman ephemeral parameters"
-      ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name}}/dhparam.pem 4096"
+      ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem 4096"
       args:
         creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
       register: services_deploy_rproxy_dhparam

playbooks/roles/services/deploy/www/tasks/main.yml

@@ -34,7 +34,7 @@
 
     - name: "configure systemd service"
       ansible.builtin.template:
-        src:  "./systemd/{{ item }}.j2"
+        src: "./systemd/{{ item }}.j2"
         dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
         mode: 0600
       loop:

playbooks/roles/services/setup/system/tasks/include/nameserver.yml

@@ -10,5 +10,6 @@
   ansible.builtin.copy:
     src: "files/services/setup/system/nameserver/resolv.conf"
     dest: "{{ services_root_directory }}/valkyrie-resolv.conf"
+    mode: 0644
   when:
     ansible_hostname != "valkyrie"

playbooks/roles/system/base/tasks/include/motd.yml

@@ -1,13 +1,10 @@
 - name: "motd : set motd"
   ansible.builtin.copy:
-    src: "{{ _system_base_motd_file }}"
+    src: "{{ item }}"
     dest: "/etc/motd"
     mode: 0644
-  when:
-    system_base_motd_dir is defined and
-    _system_base_motd_file != ""
+  loop: "{{ [lookup('ansible.builtin.first_found', _file_path, skip=true)] | flatten }}"
   vars:
-    _file_path:
-      - "{{ system_base_motd_dir  }}/{{ ansible_hostname }}"
-    _system_base_motd_file: >-
-      {{ lookup('ansible.builtin.first_found', _file_path, errors='ignore') }}
+    _file_path: "{{ system_base_motd_dir }}/{{ ansible_hostname }}"
+  when:
+    system_base_motd_dir is defined