diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000000000000000000000000000000000000..cca80e2e16c9ee5298e8a5bcf9f77c130fdc3d8e --- /dev/null +++ b/.yamllint @@ -0,0 +1,19 @@ +--- + +extends: default + +rules: + comments-indentation: + level: warning + document-start: + level: error + empty-lines: + max: 1 + empty-values: + forbid-in-flow-mappings: true + forbid-in-block-mappings: true + line-length: + level: warning + octal-values: + forbid-implicit-octal: true + level: warning diff --git a/dhcp-server/defaults/main.yml b/dhcp-server/defaults/main.yml index 061e510cc4f28113c71dec089cff04dd4d94288a..c82aae8385ae04558989f03a6ac7a935c2e20532 100644 --- a/dhcp-server/defaults/main.yml +++ b/dhcp-server/defaults/main.yml @@ -9,7 +9,7 @@ dhcp_fixed_hosts: [] dhcp_options: [] dhcp_default_lease_time: "12h" dhcp_max_leases: 150 -dhcp_authoritative: yes +dhcp_authoritative: true -tftp_active: yes +tftp_active: true tftp_root: /srv/tftp diff --git a/dhcp-server/tasks/main.yml b/dhcp-server/tasks/main.yml index 0ac61a4508594b17dd7c32e745a801f1cbfe4b1c..14a78f4dda8ed7b2b62727295b476dd9ae7904ba 100644 --- a/dhcp-server/tasks/main.yml +++ b/dhcp-server/tasks/main.yml @@ -14,7 +14,7 @@ group: name: dnsmasq state: present - system: yes + system: true tags: - dhcp-server @@ -22,7 +22,7 @@ user: name: dnsmasq state: present - system: yes + system: true group: dnsmasq tags: - dhcp-server @@ -42,7 +42,7 @@ state: directory owner: "{{ dnsmasq_user }}" group: "{{ dnsmasq_group }}" - mode: 0755 + mode: '0755' when: tftp_active tags: - dhcp-server @@ -51,6 +51,6 @@ service: name: dnsmasq state: started - enabled: yes + enabled: true tags: - dhcp-server diff --git a/mrtg/defaults/main.yml b/mrtg/defaults/main.yml index 3c692a83738147617f115102a10328dff7d75f4e..3b9cc091cb7881f2e95dcef48d7890f0a58b3a12 100644 --- a/mrtg/defaults/main.yml +++ b/mrtg/defaults/main.yml @@ -5,7 +5,8 @@ mrtg_switches: - router: "switch" community: "public" -use_weathermap: yes +use_weathermap: true weathermap_placement_strategy: "graphviz" weathermap_colorscale: "viridis" +# yamllint disable-line rule:line-length weathermap_colorscale_hash: "sha256:389c7a479cd64136ad5bf49daab59358437f69cf3c74cf74f958b093c7df50fd" diff --git a/mrtg/tasks/main.yml b/mrtg/tasks/main.yml index 72bb3693c1d1e1c1ebe63ce4ade25f1095a0baa3..64cffdcfc330c68464932e21c0855f0f3d18c6e7 100644 --- a/mrtg/tasks/main.yml +++ b/mrtg/tasks/main.yml @@ -2,31 +2,56 @@ # file: shared-roles/network/mrtg - name: ensure mrtg is installed - apt: name=mrtg state=present + apt: + name: mrtg + state: present tags: mrtg - name: ensure there is a group - group: name=mrtg state=present system=yes + group: + name: mrtg + state: present + system: true tags: mrtg - name: ensure we have a user - user: name=mrtg group=mrtg state=present system=yes shell=/usr/sbin/nologin home=/var/www createhome=no + user: + name: mrtg + group: mrtg + state: present + system: true + shell: /usr/sbin/nologin + home: /var/www + createhome: false tags: mrtg - name: ensure we have the web directory - file: owner=mrtg group=www-data path=/var/www/mrtg state=directory mode="u+rwx,g+rxs" + file: + owner: mrtg + group: www-data + path: /var/www/mrtg + state: directory + mode: "u+rwx,g+rxs" tags: mrtg - name: create the config + # yamllint disable-line rule:line-length command: "cfgmaker --output /etc/mrtg.cfg {% for switch in mrtg_switches %} --ifdesc=alias {{switch['community']}}@{{switch['router']}}:::::2 {% endfor %}" tags: mrtg - name: ensure the mrtg user can read the mrtg config file - file: path=/etc/mrtg.cfg group=mrtg + file: + path: /etc/mrtg.cfg + group: mrtg tags: mrtg - name: ensure the mrtg user can read and write directories - file: path="{{item}}" state=directory owner=mrtg group=mrtg mode=0755 + file: + path: "{{item}}" + state: directory + owner: mrtg + group: mrtg + mode: '0755' with_items: - /var/lib/mrtg - /var/log/mrtg @@ -38,26 +63,31 @@ dest: /etc/tmpfiles.d/10-mrtg.conf owner: root group: root - mode: 0644 + mode: '0644' notify: - create tmpfiles tags: mrtg - name: create an index HTML page + # yamllint disable-line rule:line-length command: "indexmaker --output /var/www/mrtg/index.html --title='Traffic of {{domain}}' --columns=3 --pagetop='{% for switch in mrtg_switches %}<a href=\"index-{{switch['router']}}.html\"><b>{{switch['router']}}</b>.{{domain}}</a> {% endfor %} {% if use_weathermap %}<a href=\"weathermap.html\">Weathermap</a>{%endif %}' /etc/mrtg.cfg" - become: yes + become: true become_user: mrtg tags: mrtg - name: create separate index HTML pages + # yamllint disable-line rule:line-length command: "indexmaker --output /var/www/mrtg/index-{{item['router']}}.html --title {{item['router']}}.{{domain}} --filter name=~{{item['router']}}_[0-9]+ --columns=3 --pagetop='<a href=\"index.html\">back</a>' /etc/mrtg.cfg" with_items: "{{mrtg_switches}}" - become: yes + become: true become_user: mrtg tags: mrtg - name: ensure we have our cron entry - copy: src=cron-entry dest=/etc/cron.d/mrtg mode=0544 + copy: + src: cron-entry + dest: /etc/cron.d/mrtg + mode: '0544' tags: mrtg - import_tasks: weathermap.yml diff --git a/mrtg/tasks/weathermap.yml b/mrtg/tasks/weathermap.yml index 4ee13f675487f3f7223ab7c076f716fe50e96e72..b64833fba2e7a2c547da07f911005940fcb8afc0 100644 --- a/mrtg/tasks/weathermap.yml +++ b/mrtg/tasks/weathermap.yml @@ -20,23 +20,27 @@ tags: weathermap - name: install rotten php requirements - pear: name=Console_Getopt state=present + pear: + name: Console_Getopt + state: present tags: weathermap - name: get the weathermap package get_url: + # yamllint disable-line rule:line-length url: https://github.com/howardjones/network-weathermap/releases/download/version-0.98/php-weathermap-0.98.zip dest: /opt/weathermap.zip + # yamllint disable-line rule:line-length checksum: sha256:ab058229392e9f314ee39fddb5d57a7127a53a7f21d2914f5d52e928bb321b7c owner: root group: root - mode: 0644 + mode: '0644' tags: weathermap - name: unpack the weathermap package unarchive: src: /opt/weathermap.zip - remote_src: yes + remote_src: true dest: /opt/ tags: weathermap @@ -48,18 +52,22 @@ tags: weathermap - name: upload the weathermap script - copy: src=makeweather.py dest=/root/makeweather.py + copy: + src: makeweather.py + dest: /root/makeweather.py tags: weathermap - name: get the weathermap colorscale get_url: dest: /root/colorscale.pal + # yamllint disable-line rule:line-length url: "https://raw.githubusercontent.com/Gnuplotting/gnuplot-palettes/master/{{weathermap_colorscale}}.pal" checksum: "{{weathermap_colorscale_hash}}" when: weathermap_colorscale is not none tags: weathermap - name: create the weathermap config + # yamllint disable-line rule:line-length script: "makeweather.py {{weathermap_placement_strategy}} --colorscale /root/colorscale.pal" tags: weathermap @@ -69,16 +77,16 @@ dest: /var/www/mrtg/ owner: mrtg group: www-data - mode: 0644 + mode: '0644' tags: weathermap - name: create the weathermap regularly cron: name: "create weathermap" minute: "*/5" + # yamllint disable-line rule:line-length job: "cd /opt/weathermap && /opt/weathermap/weathermap --config /etc/weathermap.conf --output /var/www/mrtg/weathermap.png" state: present user: mrtg cron_file: weathermap tags: weathermap - diff --git a/networkd/defaults/main.yml b/networkd/defaults/main.yml index 00c368f17caf5ae1836fe7bdc28195c2dd3ea36c..da5c013aebf3745785ce2840c43bc4197e59bfeb 100644 --- a/networkd/defaults/main.yml +++ b/networkd/defaults/main.yml @@ -1,6 +1,6 @@ --- -networkd_type: 'dhcp' # or: 'static', 'bond' +networkd_type: 'dhcp' # or: 'static', 'bond' # for static type only networkd_address: 10.10.10.10/24 @@ -8,17 +8,19 @@ networkd_gateway: 10.10.10.1 # for bond type only networkd_bond: bond1 -networkd_bond_devices: [ eth0, eth1 ] +networkd_bond_devices: + - eth0 + - eth1 networkd_bond_vlans: - id: 23 name: storage - bridge: no + bridge: false address: 10.10.10.10/24 - id: 42 name: public - bridge: yes + bridge: true address: 10.10.12.22/24 gateway: 10.10.12.1 - id: 69 name: transport - bridge: yes + bridge: true diff --git a/networkd/handlers/main.yml b/networkd/handlers/main.yml index 19aee0c90bbf64005d14e5466cfc27b407657836..5d5ae547730975fd2c3158c3053675248776ea8a 100644 --- a/networkd/handlers/main.yml +++ b/networkd/handlers/main.yml @@ -2,4 +2,3 @@ - name: restart networkd service: name=systemd-networkd state=restarted - diff --git a/networkd/tasks/main.yml b/networkd/tasks/main.yml index dae9c5c4987109b2f2d31a546a5bbabc34849bb9..a52b1346521464b408502d85c3130464fc622a71 100644 --- a/networkd/tasks/main.yml +++ b/networkd/tasks/main.yml @@ -6,7 +6,7 @@ dest: /etc/systemd/network/20-wired.network owner: root group: root - mode: 0644 + mode: '0644' notify: - restart networkd @@ -43,16 +43,16 @@ dest: /etc/systemd/network/{{ networkd_bond }}.netdev owner: root group: root - mode: 0644 + mode: '0644' notify: - restart networkd - - name: ensure bond network is configured + - name: ensure bond network is configured template: src: bond.network.j2 dest: /etc/systemd/network/{{ networkd_bond }}.network owner: root group: root - mode: 0644 + mode: '0644' notify: - restart networkd - name: ensure vlan netdevs are configured @@ -61,7 +61,7 @@ dest: /etc/systemd/network/vl-{{ item.name }}.netdev owner: root group: root - mode: 0644 + mode: '0644' with_items: "{{ networkd_bond_vlans }}" notify: - restart networkd @@ -71,7 +71,7 @@ dest: /etc/systemd/network/vl-{{ item.name }}.network owner: root group: root - mode: 0644 + mode: '0644' with_items: "{{ networkd_bond_vlans }}" notify: - restart networkd @@ -81,7 +81,7 @@ dest: /etc/systemd/network/vmbr-{{ item.name }}.netdev owner: root group: root - mode: 0644 + mode: '0644' with_items: "{{ networkd_bond_vlans }}" when: item.bridge == True notify: @@ -92,7 +92,7 @@ dest: /etc/systemd/network/vmbr-{{ item.name }}.network owner: root group: root - mode: 0644 + mode: '0644' with_items: "{{ networkd_bond_vlans }}" when: item.bridge == True notify: @@ -103,13 +103,13 @@ service: name: systemd-networkd state: started - enabled: yes + enabled: true - name: ensure legacy methods are disabled systemd: name: networking - enabled: no - ignore_errors: yes + enabled: false + ignore_errors: true - name: ensure legacy methods are really disabled apt: @@ -119,5 +119,4 @@ - name: ensure we wait for network to be online service: name: systemd-networkd-wait-online - enabled: yes - + enabled: true diff --git a/radius-client/handlers/main.yml b/radius-client/handlers/main.yml index 2fcdc8e9fe784c6e1510c4f750a54f31bd925879..e5bc998f1f78bb7c1f7fd6c70a2b8a2ef93a10e3 100644 --- a/radius-client/handlers/main.yml +++ b/radius-client/handlers/main.yml @@ -14,4 +14,3 @@ - name: restart wpasupplicant@enp2s0 service: name=wpa_supplicant-wired@enp2s0 state=restarted - diff --git a/radius-client/tasks/main.yml b/radius-client/tasks/main.yml index 7675c3b26c5d05c7137da2526c1fe6b2cf0deab8..0780ca31f10e66c3b99db046a8d79c82e626fd87 100644 --- a/radius-client/tasks/main.yml +++ b/radius-client/tasks/main.yml @@ -6,14 +6,14 @@ state: present tags: - 8021x - + - name: copy host certificate copy: src: "{{ radius_certs_dir }}/{{ inventory_hostname }}.{{ item }}" dest: "/etc/wpa_supplicant/{{ inventory_hostname }}.{{ item }}" owner: root group: root - mode: 0400 + mode: '0400' with_items: - pem - key @@ -23,10 +23,11 @@ - name: configure wpasupplicant template: src: wpa_supplicant.j2 + # yamllint disable-line rule:line-length dest: "/etc/wpa_supplicant/wpa_supplicant-wired-{{ ansible_default_ipv4.interface }}.conf" owner: root group: root - mode: 0640 + mode: '0640' notify: - "restart wpasupplicant@{{ ansible_default_ipv4.interface }}" tags: @@ -48,7 +49,7 @@ dest: /usr/local/bin/wpa_wait.sh owner: root group: root - mode: 0755 + mode: '0755' tags: - 8021x @@ -58,7 +59,7 @@ path: /etc/systemd/system/systemd-networkd.service.d owner: root group: root - mode: 0644 + mode: '0644' tags: - 8021x @@ -68,7 +69,7 @@ dest: /etc/systemd/system/systemd-networkd.service.d/override.conf owner: root group: root - mode: 0644 + mode: '0644' notify: - reload systemd service files tags: @@ -80,7 +81,6 @@ service: name: "wpa_supplicant-wired@{{ ansible_default_ipv4.interface }}" state: started - enabled: yes + enabled: true tags: - 8021x - diff --git a/radius-server/defaults/main.yml b/radius-server/defaults/main.yml index 1c7ce992972762a2654e93c029876833b1cda3e8..017fa5cea4473e8ab336bc3fd7dfde6abba271f4 100644 --- a/radius-server/defaults/main.yml +++ b/radius-server/defaults/main.yml @@ -40,8 +40,9 @@ radius_vlan_assignments: radius_tunnel_checks: - station: OtherStationSSID + # yamllint disable-line rule:line-length condition: '(Ldap-Group == "CN=vlan42,CN=Users,DC=asta,DC=rwth-aachen,DC=de") || (&User-Name =~ /^host\/.*\.example\.com$/ )' error: 'Not allowed to use this SSID' + # yamllint disable-line rule:line-length - condition: '(&User-Name =~ /^host\/.*\.example\.com$/ ) || (Ldap-Group == "CN=foobar,CN=Users,DC=asta,DC=rwth-aachen,DC=de")' error: 'User not allowed' - diff --git a/radius-server/tasks/main.yml b/radius-server/tasks/main.yml index 1bf1e3dc7d1f8bd40a438f712eb4f649b7dc6db3..d1f0a96616b485fb228a34e2c99e660f9dae5598 100644 --- a/radius-server/tasks/main.yml +++ b/radius-server/tasks/main.yml @@ -21,7 +21,7 @@ dest: /etc/freeradius/3.0/certs/ owner: root group: freerad - mode: 0640 + mode: '0640' with_items: - dh - cacert.pem @@ -39,7 +39,7 @@ dest: "/etc/freeradius/3.0/{{ item }}" owner: root group: root - mode: 0644 + mode: '0644' with_items: - mods-available/eap - mods-available/ldap @@ -55,7 +55,7 @@ dest: "/etc/freeradius/3.0/{{ item }}" owner: root group: freerad - mode: 0640 + mode: '0640' with_items: - mods-available/mschap - mods-available/realm @@ -71,7 +71,7 @@ - reload freeradius tags: - freeradius - + - name: enable freeradius server modules file: src: "/etc/freeradius/3.0/mods-available/{{ item }}"