Verified Commit 2b2bd065 authored by Frederik Schwan's avatar Frederik Schwan
Browse files

fix E206 'Variables should have spaces before and after: {{ var_name }}'

parent b85b7946
Pipeline #220 failed with stage
in 1 minute and 11 seconds
......@@ -5,7 +5,7 @@
remote_user: root
tasks:
- name: open firewall holes for services
firewalld: service={{item}} permanent=true state=enabled immediate=yes
firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- zabbix-agent
- http
......@@ -18,7 +18,7 @@
- firewall
- name: open firewall holes for ports
firewalld: port={{item}} permanent=true state=enabled immediate=yes
firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 6969/tcp
- 4949/tcp
......
......@@ -4,4 +4,4 @@
hosts: ch-s012.rsync.net
gather_facts: False
roles:
- { role: rsync_net, backup_dir: "backup", backup_clients: "{{groups['borg_clients']}}", tags: ["borg"] }
- { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }
......@@ -17,15 +17,15 @@
register: borg_offsite_key
- name: save borg key
shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
args:
stdin: "{{borg_key.stdout}}"
chdir: "{{playbook_dir}}/../.."
stdin: "{{ borg_key.stdout }}"
chdir: "{{ playbook_dir }}/../.."
delegate_to: localhost
- name: save borg offsite key
shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
args:
stdin: "{{borg_offsite_key.stdout}}"
chdir: "{{playbook_dir}}/../.."
stdin: "{{ borg_offsite_key.stdout }}"
chdir: "{{ playbook_dir }}/../.."
delegate_to: localhost
......@@ -11,21 +11,21 @@
register: tempdir
- name: fetch pacman tarball
get_url: url=https://sources.archlinux.org/other/pacman/pacman-{{pacman_version}}.tar.gz dest={{tempdir.path}}/pacman.tar.gz
get_url: url=https://sources.archlinux.org/other/pacman/pacman-{{ pacman_version }}.tar.gz dest={{ tempdir.path }}/pacman.tar.gz
- name: create extraction dir
file: path={{tempdir.path}}/pacman state=directory
file: path={{ tempdir.path }}/pacman state=directory
- name: unpack tarball
unarchive: src={{tempdir.path}}/pacman.tar.gz dest={{tempdir.path}}/pacman/
unarchive: src={{ tempdir.path }}/pacman.tar.gz dest={{ tempdir.path }}/pacman/
- name: configure
shell: ./configure chdir={{tempdir.path}}/pacman/pacman-{{pacman_version}}
shell: ./configure chdir={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}
- name: make
make: chdir={{tempdir.path}}/pacman/pacman-{{pacman_version}}/doc target=website
make: chdir={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc target=website
- name: upload website
unarchive: src={{tempdir.path}}/pacman/pacman-{{pacman_version}}/doc/website.tar.gz dest={{archweb_dir}}/archlinux.org/pacman mode=0644
unarchive: src={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc/website.tar.gz dest={{ archweb_dir }}/archlinux.org/pacman mode=0644
delegate_to: apollo.archlinux.org
......@@ -9,4 +9,4 @@
- { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] }
- { role: borg-server, backup_dir: "/backup", backup_clients: "{{groups['borg_clients']}}", tags: ["borg"] }
- { role: borg-server, backup_dir: "/backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }
---
- name: create ssl cert
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
when: 'arch32_mirror_domain is defined'
- name: install rsync
......
......@@ -59,7 +59,7 @@
- mkpkg@.service
- name: start and enable archbuild mounts
service: name={{ item }} enabled={{"yes" if archbuild_fs == 'tmpfs' else "no"}} state={{"started" if archbuild_fs == 'tmpfs' else "stopped"}}
service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }}
with_items:
- var-lib-archbuild.mount
......
......@@ -17,16 +17,16 @@
with_dict: "{{ arch_users }}"
- name: create .ssh directory
file: path=/home/{{item.key}}/.ssh state=directory owner={{item.key}} group=users mode=0700
file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
with_dict: "{{ arch_users }}"
- name: configure ssh keys
template: src=authorized_keys.j2 dest=/home/{{item.key}}/.ssh/authorized_keys owner={{item.key}} group=users mode=0600
template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
when: item.value.ssh_key is defined
with_dict: "{{ arch_users }}"
- name: remove ssh keys if undefined
file: path=/home/{{item.key}}/.ssh/authorized_keys state=absent
file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
when: item.value.ssh_key is not defined
with_dict: "{{ arch_users }}"
......
......@@ -7,6 +7,6 @@
service: name=php-fpm@{{ archwiki_user }} state=restarted
- name: run wiki updatescript
command: php {{archwiki_dir}}/public/maintenance/update.php --quick
command: php {{ archwiki_dir }}/public/maintenance/update.php --quick
become: true
become_user: "{{archwiki_user}}"
become_user: "{{ archwiki_user }}"
......@@ -88,8 +88,6 @@
- name: install systemd services/timers
template: src="{{item}}.j2" dest="/etc/systemd/system/{{item}}" owner=root group=root mode=0644
notify:
- daemon reload
loop:
- archwiki-runjobs.service
- archwiki-runjobs-wait.service
......@@ -115,7 +113,7 @@
service: name=archwiki-memcached.service enabled=yes state=started
- name: ensure question answer file exists and set permissions
file: state=file path="{{archwiki_question_answer_file}}" owner=root group=root mode=0644
file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
- name: create pacman.d hooks dir
file: state=directory owner=root group=root path=/etc/pacman.d/hooks
......
......@@ -21,7 +21,7 @@
service: name=certbot-renewal.timer enabled=yes state=started
- name: open firewall holes for certbot standalone authenticator
firewalld: service={{item}} permanent=true state=enabled immediate=yes
firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
when: configure_firewall
......
......@@ -23,14 +23,14 @@
command: hugo
become_user: "{{conference_user}}"
args:
chdir: "{{conference_dir}}"
chdir: "{{ conference_dir }}"
when: release.changed
- name: create ssl cert
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ conference_domain }}' creates='/etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem'
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ conference_domain }}' creates='/etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem'
- name: create ssl cert
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ static_conference_domain }}' creates='/etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem'
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ static_conference_domain }}' creates='/etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem'
- name: make nginx log dir
file: path=/var/log/nginx/{{ conference_domain }} state=directory owner=root group=root mode=0755
......
......@@ -19,7 +19,7 @@
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
- name: create ssl cert
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ repos_domain }}' creates='/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem'
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ repos_domain }}' creates='/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem'
- name: make nginx log dir
file: path=/var/log/nginx/{{ repos_domain }} state=directory owner=root group=root mode=0755
......@@ -41,7 +41,7 @@
name: "{{ item.key }}"
group: users
groups: "{{ item.value.groups | join(',') }}"
comment: "{{ item.value.name}}"
comment: "{{ item.value.name }}"
state: present
with_dict: "{{ arch_users }}"
......@@ -62,7 +62,7 @@
pathtmpl: '/home/{user}/staging/{dirname}'
permissions: 755
directories: ['', 'core', 'extra', 'testing', 'staging', 'community', 'community-staging', 'community-testing', 'multilib', 'multilib-staging', 'multilib-testing']
users: "{{arch_users.keys() | list}}"
users: "{{ arch_users.keys() | list }}"
group: users
tags: ["archusers"]
......
......@@ -8,8 +8,8 @@
- name: clone archlinux-docker repository
become: yes
become_user: "{{docker_image_user}}"
git: repo="{{docker_image_git_remote}}" version="{{ docker_image_git_tag }}" dest="{{ docker_image_git_dir }}" force=yes
become_user: "{{ docker_image_user }}"
git: repo="{{ docker_image_git_remote }}" version="{{ docker_image_git_tag }}" dest="{{ docker_image_git_dir }}" force=yes
- name: install sudoers file
template: src=sudoers.d.j2 dest=/etc/sudoers.d/docker-image
......
......@@ -21,7 +21,7 @@
service: name=dovecot enabled=yes state=started
- name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled immediate=yes
firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- pop3
- pop3s
......
......@@ -23,8 +23,8 @@
- name: install local config files
template:
src: "{{item}}.j2"
dest: "/etc/fail2ban/{{item}}"
src: "{{ item }}.j2"
dest: "/etc/fail2ban/{{ item }}"
owner: "root"
group: "root"
mode: 0644
......
......@@ -13,8 +13,8 @@
- name: start and enable firewalld
service:
name: firewalld
enabled: "{{configure_firewall}}"
state: "{{configure_firewall | ternary('started', 'stopped') }}"
enabled: "{{ configure_firewall }}"
state: "{{ configure_firewall | ternary('started', 'stopped') }}"
- name: disable default dhcpv6-client rule
firewalld:
......
......@@ -81,7 +81,5 @@
tags:
- fail2ban
- name: start and enable systemd socket
service: name=php-fpm@flyspray.socket state=started enabled=true
......@@ -7,7 +7,7 @@
user: name=kanboard shell=/bin/false home="{{ kanboard_dir }}" createhome=no
- name: clone kanboard git repo
git: repo=https://github.com/kanboard/kanboard.git dest="{{kanboard_dir}}" version={{kanboard_version}}
git: repo=https://github.com/kanboard/kanboard.git dest="{{ kanboard_dir }}" version={{ kanboard_version }}
- name: install nginx config
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/kanboard.conf owner=root group=root mode=644
......@@ -19,7 +19,7 @@
file: path=/var/log/nginx/{{ kanboard_domain }} state=directory owner=root group=root mode=0755
- name: make dirs for webuser
file: path="{{kanboard_dir}}/{{item}}" owner=kanboard mode=700 state=directory
file: path="{{ kanboard_dir }}/{{ item }}" owner=kanboard mode=700 state=directory
with_items:
- data
......@@ -30,13 +30,13 @@
become_method: su
- name: create kanboard db
postgresql_db: db="{{kanboard_db}}"
postgresql_db: db="{{ kanboard_db }}"
become: yes
become_user: postgres
become_method: su
- name: install kanboard config
template: src=config.php.j2 dest="{{kanboard_dir}}/config.php" owner=root group=kanboard mode=640
template: src=config.php.j2 dest="{{ kanboard_dir }}/config.php" owner=root group=kanboard mode=640
- name: configure php-fpm
template:
......
......@@ -40,7 +40,7 @@
no_log: true
- name: configure zabbix-agent user
mysql_user: user={{zabbix_agent_mysql_user}} host=localhost password={{vault_mariadb_users.zabbix_agent}}
mysql_user: user={{ zabbix_agent_mysql_user }} host=localhost password={{ vault_mariadb_users.zabbix_agent }}
# TODO: implement in ansible: grant process on *.* to 'zabbix_agent'@'localhost';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment