Merge branch 'ci-config' into 'master'

Add CI config See merge request !8

Merge branch 'ci-config' into 'master'
Add CI config See merge request !8
1be5ff21 · Lars Beckers · 71d74583 · e3168dfe · 1be5ff21 · 1be5ff21
Commit 1be5ff21 authored Sep 11, 2019 by Lars Beckers
11 changed files
--- a/.ansible-lint
+++ b/.ansible-lint
+parseable: true
+quiet: true
+use_default_rules: true
+skip_list:
+  - '204'  # line length is checked by yamllint
+  - '401'  # git checkout must contain explicit version
+  - '701'  # 7xx is about ansible galaxy guidelines
+  - '702'
+  - '703'
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+---
+
+image: registry.git.fsmpi.rwth-aachen.de/infra/ci-containers/fsmpi-ansible:buster
+
+variables:
+  GIT_SUBMODULE_STRATEGY: recursive
+
+before_script:
+  - export LANG=en_US.UTF-8
+  - chmod o-w .
+  - apt-get -qq update && apt-get -qq install -y ansible-lint ripgrep
+  - ansible --version
+  - ansible-lint --version
+  - yamllint --version
+
+stages:
+  - test
+
+test:
+  stage: test
+  script:
+    - yamllint .
+    - ansible-lint ./*/
+    # yamllint disable-line rule:line-length
+    - "! rg --fixed-strings 'passwordstore' ./*/templates"
--- a/.yamllint
+++ b/.yamllint
@@ -14,6 +14,10 @@ rules:
    forbid-in-block-mappings: true
  line-length:
    level: warning
+    allow-non-breakable-inline-mappings: true
  octal-values:
    forbid-implicit-octal: true
-    level: warning
+    level: error
+  # quoted-strings: enable
+  truthy:
+    level: error
--- a/dovecot/defaults/main.yml
+++ b/dovecot/defaults/main.yml
@@ -30,4 +30,4 @@ dovecot_dsync_host_attribute: ansible_host

 dovecot_content_filter: false
 dovecot_spam_folder: Spam
-dovecot_spam_user: "${1}" # debian-spamd
+dovecot_spam_user: "${1}"  # debian-spamd
--- a/dovecot/tasks/main.yml
+++ b/dovecot/tasks/main.yml
@@ -89,6 +89,7 @@

 - meta: flush_handlers

+# yamllint disable-line rule:line-length
 - name: ensure the global spam filter and learning sieve script have correct permissions
  file:
    state: file

--- a/dovecot/vars/tls-intermediate.yml
+++ b/dovecot/vars/tls-intermediate.yml
@@ -3,6 +3,6 @@
 dovecot_tls_protocols: 'TLSv1.2 TLSv1.3'
 dovecot_tls_min_protocol: 'TLSv1.2'
 dovecot_tls_ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
-dovecot_tls_dh_length: 4096 # 2048
-dovecot_tls_dh_file: ffdhe4096.txt # ffdhe2048.txt
+dovecot_tls_dh_length: 4096  # 2048
+dovecot_tls_dh_file: ffdhe4096.txt  # ffdhe2048.txt
 dovecot_tls_prefer_server_ciphers: false
--- a/dovecot/vars/tls-old.yml
+++ b/dovecot/vars/tls-old.yml
@@ -3,6 +3,6 @@
 dovecot_tls_protocols: 'TLSv1 TLSv1.1 TLSv1.2 !SSLv3'
 dovecot_tls_min_protocol: 'TLSv1'
 dovecot_tls_ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA'
-dovecot_tls_dh_length: 2048 # 1024
-dovecot_tls_dh_file: ffdhe2048.txt # openssl dhparam 1024 > ffdhe1024.txt
+dovecot_tls_dh_length: 2048  # 1024
+dovecot_tls_dh_file: ffdhe2048.txt  # openssl dhparam 1024 > ffdhe1024.txt
 dovecot_tls_prefer_server_ciphers: true
--- a/dovecot/vars/tls-previous.yml
+++ b/dovecot/vars/tls-previous.yml
@@ -4,5 +4,5 @@ dovecot_tls_protocols: 'TLSv1.1 TLSv1.2 !SSLv3'
 dovecot_tls_min_protocol: 'TLSv1.1'
 dovecot_tls_ciphers: "{{ tls_ciphers }}"
 dovecot_tls_dh_length: 4096
-dovecot_tls_dh_file: ffdhe4096.txt # ffdhe2048.txt
+dovecot_tls_dh_file: ffdhe4096.txt  # ffdhe2048.txt
 dovecot_tls_prefer_server_ciphers: true
--- a/postfix/vars/tls-intermediate.yml
+++ b/postfix/vars/tls-intermediate.yml
@@ -5,5 +5,5 @@ postfix_tls_mandatory_ciphers: medium
 postfix_tls_preempt_cipherlist: false
 postfix_tls_eecdh_grade: null
 postfix_tls_high_cipherlist: null
-postfix_tls_dh_file: ffdhe2048.txt # ffdhe4096.txt
+postfix_tls_dh_file: ffdhe2048.txt  # ffdhe4096.txt
 postfix_tls_medium_cipherlist: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
--- a/postfix/vars/tls-old.yml
+++ b/postfix/vars/tls-old.yml
@@ -5,5 +5,5 @@ postfix_tls_mandatory_ciphers: medium
 postfix_tls_preempt_cipherlist: true
 postfix_tls_eecdh_grade: null
 postfix_tls_high_cipherlist: null
-postfix_tls_dh_file: ffdhe2048.txt # ffdhe4096.txt
+postfix_tls_dh_file: ffdhe2048.txt  # ffdhe4096.txt
 postfix_tls_medium_cipherlist: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA'
--- a/prosody/tasks/main.yml
+++ b/prosody/tasks/main.yml
 ---
- import_tasks: postgres.yml db_user="{{prosody_user}}" db_name="{{prosody_db}}"
+# yamllint disable-line rule:line-length
+- import_tasks: postgres.yml db_user="{{ prosody_user }}" db_name="{{ prosody_db }}"

 - name: ensure prosody is installed
  apt: