Applique ansible-lint

zestedesavoir · Mar 23, 2024 · c7d1922 · c7d1922
1 parent 7224151
commit c7d1922
Show file tree

Hide file tree

Showing 34 changed files with 213 additions and 179 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,3 +1,4 @@
+---
 exclude_paths:
   - .github/
 skip_list:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,7 @@
+---
 repos:
   - repo: https://github.com/ansible-community/ansible-lint.git
-    rev: v24.2.1  # doit aussi être mis à jour dans requirements.txt
+    rev: v24.2.1 # doit aussi être mis à jour dans requirements.txt
     hooks:
       - id: ansible-lint
         files: \.(yaml|yml)$
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
@@ -1,3 +1,4 @@
+---
 workdir: /opt/zds
 rundir: "{{ workdir }}/run"
 appdir: "{{ workdir }}/app"

diff --git a/group_vars/beta/vars.yml b/group_vars/beta/vars.yml
@@ -1,3 +1,4 @@
+---
 # For a PR: pull/xxxx/head
 # For a branch or a tag: just its name
 appversion: dev
@@ -12,8 +13,8 @@ munin_certificate:
   cert: /etc/letsencrypt/live/munin.beta.zestedesavoir.com/fullchain.pem
   key: /etc/letsencrypt/live/munin.beta.zestedesavoir.com/privkey.pem
 very_top_banner:
-  background_color: '#800'
-  border_color: '#450000'
-  color: 'white'
-  message: 'Version bêta'
-  slug: 'version-beta'
+  background_color: "#800"
+  border_color: "#450000"
+  color: white
+  message: Version bêta
+  slug: version-beta
diff --git a/group_vars/production/vars.yml b/group_vars/production/vars.yml
@@ -1,3 +1,4 @@
+---
 appversion: v30.6-ostara
 env: prod
 public: true

diff --git a/group_vars/test/vars.yml b/group_vars/test/vars.yml
@@ -1,3 +1,4 @@
+---
 # Load a specific zds configuration to make it work in Vagrant, and it is also
 # what is executed on GitHub Actions
 

diff --git a/playbook.yml b/playbook.yml
@@ -1,3 +1,4 @@
+---
 - name: deploy zds-site
   hosts: app
   become: true

diff --git a/roles/app/defaults/main.yml b/roles/app/defaults/main.yml
@@ -1,4 +1,5 @@
-apprepo: "https://github.com/zestedesavoir/zds-site.git"
+---
+apprepo: https://github.com/zestedesavoir/zds-site.git
 env: dev
 secrets: []
 zmarkdown_sentry_dsn: ""

diff --git a/roles/app/tasks/fixtures.yml b/roles/app/tasks/fixtures.yml
@@ -1,3 +1,4 @@
+---
 - name: install requirements in virtualenv to load fixtures
   become: true
   become_user: "{{ appuser }}"
@@ -6,7 +7,7 @@
     virtualenv: "{{ virtualenv }}"
     virtualenv_command: /usr/bin/python3 -m venv
 
-- name: load fixtures  # noqa no-changed-when
+- name: load fixtures # noqa no-changed-when
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.shell: >

diff --git a/roles/app/tasks/geodata.yml b/roles/app/tasks/geodata.yml
@@ -1,3 +1,4 @@
+---
 - name: Create Geodata folder
   ansible.builtin.file:
     path: "{{ appdir }}/geodata"
@@ -18,14 +19,14 @@
   tags:
     - bootstrap
 
-- name: Initial download of GeoLite data  # noqa command-instead-of-shell no-changed-when
+- name: Initial download of GeoLite data # noqa command-instead-of-shell no-changed-when
   ansible.builtin.shell: "{{ workdir }}/update-geolite.sh"
   tags:
     - bootstrap
 
 - name: Setup cron to daily update GeoLite data
   ansible.builtin.cron:
-    name: "Update GeoLite data"
+    name: Update GeoLite data
     special_time: daily
     job: "{{ workdir }}/update-geolite.sh"
   tags:

diff --git a/roles/app/tasks/main.yml b/roles/app/tasks/main.yml
@@ -1,3 +1,4 @@
+---
 # Basic dependencies installation
 
 - name: install app dependencies
@@ -10,13 +11,13 @@
       - libffi-dev
       - libssl-dev
       - libmariadb-dev
-      - autoconf  # for gulp-imagemin Node.js package
-      - automake  # for gulp-imagemin Node.js package
-      - rustc  # for cryptography Python package
-      - optipng  # for easy-thumbnails Python package
-      - jpegoptim  # for easy-thumbnails Python package
-      - memcached  # for cache storage in prod configuration
-      - pkg-config  # for mysqlclient since version 2.2.0
+      - autoconf # for gulp-imagemin Node.js package
+      - automake # for gulp-imagemin Node.js package
+      - rustc # for cryptography Python package
+      - optipng # for easy-thumbnails Python package
+      - jpegoptim # for easy-thumbnails Python package
+      - memcached # for cache storage in prod configuration
+      - pkg-config # for mysqlclient since version 2.2.0
     state: present
     cache_valid_time: 3600
   tags:
@@ -36,7 +37,7 @@
     name: "{{ appuser }}"
     shell: /bin/false
     home: "{{ workdir }}"
-    comment: "Zeste de Savoir"
+    comment: Zeste de Savoir
   tags:
     - bootstrap
 
@@ -137,11 +138,11 @@
     state: link
   with_items:
     - src: "{{ appdir }}/errors"
-      dest: "errors"
+      dest: errors
     - src: "{{ datadir }}/media"
-      dest: "media"
+      dest: media
     - src: "{{ datadir }}/static"
-      dest: "static"
+      dest: static
   tags:
     - bootstrap
 
@@ -156,7 +157,7 @@
 
 - name: create robots.txt in webroot for beta
   ansible.builtin.copy:
-    src: "robots-deny.txt"
+    src: robots-deny.txt
     dest: "{{ webroot }}/robots.txt"
     mode: u=rw,g=r,o=r
   when: env == "beta"
@@ -174,7 +175,7 @@
 
 # Installation of backend, frontend and zmd dependencies
 
-- name: update pip in virtualenv  # some dependencies (like rust ones) require a recent pip
+- name: update pip in virtualenv # some dependencies (like rust ones) require a recent pip
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.pip:
@@ -214,8 +215,8 @@
   become_user: "{{ appuser }}"
   ansible.builtin.lineinfile:
     path: "{{ virtualenv }}/lib/python3.11/site-packages/elasticsearch_dsl/{{ item }}"
-    regexp: "^import collections$"
-    line: "import collections.abc as collections"
+    regexp: ^import collections$
+    line: import collections.abc as collections
     firstmatch: true
   with_items:
     - search.py
@@ -237,7 +238,7 @@
   tags:
     - bootstrap
 
-- name: install frontend  # noqa no-changed-when
+- name: install frontend # noqa no-changed-when
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.command: yarn install --frozen-lockfile
@@ -259,7 +260,7 @@
 
 # Frontend building
 
-- name: build frontend  # noqa no-changed-when
+- name: build frontend # noqa no-changed-when
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.command: npm run build
@@ -273,7 +274,7 @@
   become: true
   become_user: "{{ appuser }}"
   environment:
-    DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
+    DJANGO_SETTINGS_MODULE: zds.settings.{{ env }}
     ZDS_CONFIG: "{{ workdir }}/config.toml"
   community.general.django_manage:
     app_path: "{{ appdir }}"
@@ -290,7 +291,7 @@
   become: true
   become_user: "{{ appuser }}"
   environment:
-    DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
+    DJANGO_SETTINGS_MODULE: zds.settings.{{ env }}
     ZDS_CONFIG: "{{ workdir }}/config.toml"
   community.general.django_manage:
     app_path: "{{ appdir }}"
@@ -315,7 +316,7 @@
   become: true
   become_user: "{{ appuser }}"
   environment:
-    DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
+    DJANGO_SETTINGS_MODULE: zds.settings.{{ env }}
     ZDS_CONFIG: "{{ workdir }}/config.toml"
   community.general.django_manage:
     app_path: "{{ appdir }}"
@@ -330,7 +331,7 @@
   become: true
   become_user: "{{ appuser }}"
   environment:
-    DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
+    DJANGO_SETTINGS_MODULE: zds.settings.{{ env }}
     ZDS_CONFIG: "{{ workdir }}/config.toml"
   community.general.django_manage:
     app_path: "{{ appdir }}"
@@ -345,7 +346,7 @@
 - name: create services and timers files
   ansible.builtin.template:
     src: templates/{{ item }}.j2
-    dest: "/etc/systemd/system/{{ item }}"
+    dest: /etc/systemd/system/{{ item }}
     mode: u=rw,g=r,o=r
   with_items:
     - zmd.service
@@ -427,8 +428,8 @@
 
 - name: create /root/bin/service-zds.sh
   ansible.builtin.copy:
-    src: "service-zds.sh"
-    dest: "/root/bin/service-zds.sh"
+    src: service-zds.sh
+    dest: /root/bin/service-zds.sh
     mode: u=rwx,g=,o=
   tags:
     - bootstrap
diff --git a/roles/backup/tasks/beta.yml b/roles/backup/tasks/beta.yml
@@ -1,3 +1,4 @@
+---
 - name: create backup folder on beta server
   ansible.builtin.file:
     path: "{{ backupdir }}"
@@ -12,15 +13,15 @@
 - name: create backup users on beta server
   ansible.builtin.user:
     name: "{{ item }}"
-    home: "/home/{{ item }}"
-    password: '!' # will do --disabled-password of adduser
+    home: /home/{{ item }}
+    password: "!" # will do --disabled-password of adduser
   with_items:
     - zds-prod
     - zds-matomo
 
 - name: create .ssh folders for backup users on beta server
   ansible.builtin.file:
-    path: "/home/{{ item }}/.ssh"
+    path: /home/{{ item }}/.ssh
     state: directory
     owner: "{{ item }}"
     group: "{{ item }}"
@@ -31,7 +32,7 @@
 
 - name: create .ssh/authorized_keys files for backup users on beta server
   ansible.builtin.file:
-    path: "/home/{{ item }}/.ssh/authorized_keys"
+    path: /home/{{ item }}/.ssh/authorized_keys
     state: touch
     owner: "{{ item }}"
     group: "{{ item }}"

diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml
@@ -1,3 +1,4 @@
+---
 - name: install borg1.2.6
   ansible.builtin.get_url:
     url: https://github.com/borgbackup/borg/releases/download/1.2.6/borg-linux64
@@ -6,8 +7,8 @@
 
 - name: generate logrotate config file for backup logs
   ansible.builtin.template:
-    src: "logrotate_zds-backup.j2"
-    dest: "/etc/logrotate.d/zds-backup"
+    src: logrotate_zds-backup.j2
+    dest: /etc/logrotate.d/zds-backup
     mode: u=rw,g=r,o=r
 
 - name: configure backups on beta server

diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
@@ -1,3 +1,4 @@
+---
 - name: restart sshd
   ansible.builtin.systemd:
     name: sshd

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
@@ -1,3 +1,4 @@
+---
 - name: ensure the system can use the HTTPS transport for APT
   ansible.builtin.stat:
     path: /usr/lib/apt/methods/https
@@ -12,7 +13,7 @@
 - name: should have some base packages
   ansible.builtin.apt:
     pkg:
-      - acl  # Allow Ansible to use 'become' command (see https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-and-limitations-of-become)
+      - acl # Allow Ansible to use 'become' command (see https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-and-limitations-of-become)
       - git
       - htop
       - locales
@@ -46,7 +47,7 @@
 - name: copy zsh config files
   ansible.builtin.copy:
     src: "{{ item.src }}"
-    dest: "/etc/zsh/{{ item.path }}"
+    dest: /etc/zsh/{{ item.path }}
     mode: u=rw,g=r,o=r
   with_community.general.filetree: zsh/
   when: item.state == 'file'

diff --git a/roles/common/tasks/nodejs.yml b/roles/common/tasks/nodejs.yml
@@ -1,3 +1,4 @@
+---
 - name: install Node.js and NPM
   ansible.builtin.apt:
     pkg:

diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml
@@ -1,13 +1,14 @@
+---
 - name: Disable SSH root login
   ansible.builtin.lineinfile:
     path: /etc/ssh/sshd_config
-    regexp: '^PermitRootLogin'
-    line: 'PermitRootLogin no'
+    regexp: ^PermitRootLogin
+    line: PermitRootLogin no
   notify: restart sshd
 
 - name: Disable SSH password authentication
   ansible.builtin.lineinfile:
     path: /etc/ssh/sshd_config
-    regexp: '^PasswordAuthentication'
-    line: 'PasswordAuthentication no'
+    regexp: ^PasswordAuthentication
+    line: PasswordAuthentication no
   notify: restart sshd
diff --git a/roles/elasticsearch/handlers/main.yml b/roles/elasticsearch/handlers/main.yml
@@ -1,3 +1,4 @@
+---
 - name: restart elasticsearch
   ansible.builtin.systemd:
     name: elasticsearch.service

diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml
@@ -1,12 +1,13 @@
+---
 - name: add elasticsearch repository key
   ansible.builtin.apt_key:
     id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
-    keyserver: "hkp://keyserver.ubuntu.com:80"
+    keyserver: hkp://keyserver.ubuntu.com:80
 
 - name: add elasticsearch repository
   ansible.builtin.apt_repository:
     filename: elasticsearch
-    repo: "deb https://artifacts.elastic.co/packages/5.x/apt stable main"
+    repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
     state: present
 
 - name: install openjdk-17-jre-headless and elasticsearch

diff --git a/roles/firewall/handlers/main.yml b/roles/firewall/handlers/main.yml
@@ -1,3 +1,4 @@
+---
 - name: reload rsyslog
   ansible.builtin.systemd:
     name: rsyslog