diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000000000000000000000000000000000000..cca80e2e16c9ee5298e8a5bcf9f77c130fdc3d8e
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,19 @@
+---
+
+extends: default
+
+rules:
+ comments-indentation:
+ level: warning
+ document-start:
+ level: error
+ empty-lines:
+ max: 1
+ empty-values:
+ forbid-in-flow-mappings: true
+ forbid-in-block-mappings: true
+ line-length:
+ level: warning
+ octal-values:
+ forbid-implicit-octal: true
+ level: warning
diff --git a/acmetool/defaults/main.yml b/acmetool/defaults/main.yml
index e29ecb921fd35291810df9f2ba01ba9cb53d4117..dc1fb52db0daaedc5632afc5a418b2d83aece150 100644
--- a/acmetool/defaults/main.yml
+++ b/acmetool/defaults/main.yml
@@ -6,4 +6,4 @@ acmetool_key_type: rsa
acmetool_rsa_key_size: 4096
acmetool_mail: "{{ adminaddr }}"
-acmetool_enable_proxy: True
+acmetool_enable_proxy: true
diff --git a/acmetool/tasks/main.yml b/acmetool/tasks/main.yml
index b134cc82908e5ac627d63caf10b9df2563ed0956..bda2e5db4f2d8c75cd7605aaa7d04f7f31440cc3 100644
--- a/acmetool/tasks/main.yml
+++ b/acmetool/tasks/main.yml
@@ -9,11 +9,11 @@
- name: ensure we have our response file
template:
- src: response-file.yml
+ src: response-file.yml.j2
dest: /var/lib/acme/quickstart-reponses.yml
owner: root
group: root
- mode: 0644
+ mode: '0644'
tags:
- acmetool
- config
@@ -21,25 +21,26 @@
- name: check if acmetool is configured
command: acmetool status
register: acmetool_status
- changed_when: no
+ changed_when: false
tags:
- acmetool
- config
- name: initially configure acmetool
+ # yamllint disable-line rule:line-length
command: acmetool quickstart --expert --batch --response-file /var/lib/acme/quickstart-reponses.yml
when: not acmetool_status.stdout|search(acmetool_endpoint)
tags:
- acmetool
- config
-- name: ensure acmetool reloads the right service
+- name: ensure acmetool reloads the right service
template:
src: reload-config.j2
dest: /etc/default/acme-reload
owner: root
group: root
- mode: 0644
+ mode: '0644'
tags:
- acmetool
- config
@@ -50,7 +51,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: '0755'
notify:
- reload systemd service files
when: acmetool_enable_proxy
@@ -64,7 +65,7 @@
dest: /etc/systemd/system/acmetool.service.d/nginx-proxy.conf
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- reload systemd service files
when: acmetool_enable_proxy
@@ -78,7 +79,7 @@
dest: "/var/lib/acme/desired/{{item.hostnames[0]}}"
owner: root
group: root
- mode: 0644
+ mode: '0644'
with_items: "{{acmetool_certificates}}"
notify:
- update certificates
@@ -87,7 +88,10 @@
- certificates
- name: ensure certificates are updated regularly
- systemd: name=acmetool.timer enabled=yes state=started
+ systemd:
+ name: acmetool.timer
+ enabled: true
+ state: started
tags:
- acmetool
- services
diff --git a/acmetool/templates/response-file.yml b/acmetool/templates/response-file.yml.j2
similarity index 100%
rename from acmetool/templates/response-file.yml
rename to acmetool/templates/response-file.yml.j2
diff --git a/debian-repository/tasks/main.yml b/debian-repository/tasks/main.yml
index 6b97695f03539beab6af4c8bcf2940a247ff6fc1..965c5e4a9b3b5ecb616afe16814d79369a8d3172 100644
--- a/debian-repository/tasks/main.yml
+++ b/debian-repository/tasks/main.yml
@@ -4,7 +4,7 @@
- name: ensure we have a repo group
group:
name: repo
- system: yes
+ system: true
state: present
tags:
- debian-repository
@@ -14,10 +14,10 @@
user:
name: repo
group: repo
- system: yes
+ system: true
home: /srv/repo
shell: /usr/bin/nologin
- createhome: no
+ createhome: false
state: present
tags:
- debian-repository
@@ -31,4 +31,3 @@
- packages
- debian-repository
- webservices
-
diff --git a/dokuwiki/defaults/main.yml b/dokuwiki/defaults/main.yml
index 7a196bb00c1bc4bf43deb3f0747a8d0fe5f4c37d..ccfca50a80da004a1535a0f6fc86caadd24c73e7 100644
--- a/dokuwiki/defaults/main.yml
+++ b/dokuwiki/defaults/main.yml
@@ -5,7 +5,7 @@ dokuwiki:
user: dokuwiki
group: dokuwiki
version: 2018-04-22a
- ad: no
+ ad: false
ad_domain: example.com
ad_basedn: dc=example,dc=com
ad_controller: ad.example.com
diff --git a/dokuwiki/handlers/main.yml b/dokuwiki/handlers/main.yml
index de54c5809f7cec84b9da22f28e5836c5a56cc062..9678135c6d37703802c486dd19b2d1f428b8b00f 100644
--- a/dokuwiki/handlers/main.yml
+++ b/dokuwiki/handlers/main.yml
@@ -4,7 +4,7 @@
command: "{{ item.path }}/bin/delete_old_files.py"
args:
chdir: "{{ item.path }}"
- become: yes
+ become: true
become_user: "{{ item.user }}"
with_items: "{{ dokuwiki }}"
diff --git a/dokuwiki/tasks/main.yml b/dokuwiki/tasks/main.yml
index 56816dd693b447d42c7591dcdfd2b3ac4a9396b3..4ed737cf165766cc0b58e2887e11c513703941cd 100644
--- a/dokuwiki/tasks/main.yml
+++ b/dokuwiki/tasks/main.yml
@@ -15,7 +15,7 @@
group:
name: "{{ item.group }}"
state: present
- system: yes
+ system: true
with_items: "{{ dokuwiki }}"
tags:
- dokuwiki
@@ -26,10 +26,10 @@
name: "{{ item.user }}"
group: "{{ item.group }}"
state: present
- system: yes
+ system: true
shell: /usr/bin/nologin
home: "{{ item.path }}"
- createhome: no
+ createhome: false
with_items: "{{ dokuwiki }}"
tags:
- dokuwiki
@@ -60,8 +60,8 @@
- name: gather installed versions
command: "cat {{ item.path }}/VERSION"
- ignore_errors: yes
- changed_when: no
+ ignore_errors: true
+ changed_when: false
register: versions
with_items: "{{ dokuwiki }}"
tags:
@@ -70,7 +70,8 @@
- name: backup dokuwiki data on update
command: /bin/true
- changed_when: yes
+ changed_when: true
+ # yamllint disable-line rule:line-length
when: item.1 is failed or item.1 is skipped or item.0.version != item.1.stdout|regex_replace(' .*')
with_together:
- "{{ dokuwiki }}"
@@ -85,8 +86,9 @@
- name: ensure dokuwiki files are in place
unarchive:
+ # yamllint disable-line rule:line-length
src: "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-{{ item.0.version }}.tgz"
- remote_src: yes
+ remote_src: true
dest: "{{ item.0.path }}"
owner: "{{ item.0.user }}"
group: "{{ item.0.group }}"
@@ -94,6 +96,7 @@
- --strip-components=1
- --overwrite
- -p
+ # yamllint disable-line rule:line-length
when: item.1 is failed or item.1 is skipped or item.0.version != item.1.stdout|regex_replace(' .*')
with_together:
- "{{ dokuwiki }}"
@@ -131,7 +134,7 @@
mode: '0750'
with_nested:
- "{{ dokuwiki }}"
- - [ 'conf', 'data' ]
+ - ['conf', 'data']
tags:
- dokuwiki
- webservices
@@ -158,7 +161,7 @@
owner: "{{ item.user }}"
group: "{{ item.group }}"
mode: '0664'
- force: no
+ force: false
with_items: "{{ dokuwiki }}"
notify:
- reindex search
diff --git a/mediawiki/defaults/main.yml b/mediawiki/defaults/main.yml
index 4c2b7d243aed2371f4986da09c311863f14d057b..d479b3c24a64d2db20b626d80f0469ab59d3a483 100644
--- a/mediawiki/defaults/main.yml
+++ b/mediawiki/defaults/main.yml
@@ -12,6 +12,6 @@ mediawiki_dbtype: postgres
mediawiki_dbhost: localhost
mediawiki_dbname: "{{ mediawiki_name }}"
mediawiki_dbuser: "{{ mediawiki_name }}"
-mediawiki_dbpassword:
+mediawiki_dbpassword: ""
-mediawiki_use_ldap: yes
+mediawiki_use_ldap: true
diff --git a/mediawiki/handlers/main.yml b/mediawiki/handlers/main.yml
index ae4e9283c5ed4e8fa6ec2ac017f8ea238ae9c8bb..c119f3029d1108f960ee81ad2888928bd70aa482 100644
--- a/mediawiki/handlers/main.yml
+++ b/mediawiki/handlers/main.yml
@@ -8,7 +8,7 @@
service:
name: "mediawiki-{{ mediawiki_name }}"
state: restarted
- enabled: yes
+ enabled: true
- name: create tmpfiles
shell: systemd-tmpfiles --create
diff --git a/mediawiki/tasks/main.yml b/mediawiki/tasks/main.yml
index 320ce3e6abf2fe087590e723f538d5c3563442c6..2523e5bd78e6dce677f2e7b8bc5cf1aa032ccb26 100644
--- a/mediawiki/tasks/main.yml
+++ b/mediawiki/tasks/main.yml
@@ -5,7 +5,7 @@
apt:
name: mediawiki
state: present
- install_recommends: no
+ install_recommends: false
when: debian_version == "jessie"
tags:
- mediawiki
@@ -24,7 +24,7 @@
group:
name: "{{ mediawiki_group }}"
state: present
- system: yes
+ system: true
tags:
- mediawiki
- webservices
@@ -34,10 +34,10 @@
name: "{{ mediawiki_user }}"
group: "{{ mediawiki_group }}"
state: present
- system: yes
+ system: true
shell: /usr/bin/nologin
home: "{{ mediawiki_web_root }}"
- createhome: no
+ createhome: false
tags:
- mediawiki
- webservices
@@ -76,7 +76,7 @@
state: link
src: "/usr/share/mediawiki/{{ item }}"
dest: "{{ mediawiki_web_root }}/{{ mediawiki_name }}/{{ item }}"
- force: yes
+ force: true
with_items: "{{ mediawiki_other_files.stdout_lines }}"
tags:
- mediawiki
@@ -88,7 +88,7 @@
dest: "/etc/tmpfiles.d/10-mediawiki-{{ mediawiki_name }}.conf"
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- create tmpfiles
tags:
@@ -105,12 +105,12 @@
when: mediawiki_use_ldap
- name: ensure we are running maintenance regularly
- template:
+ template:
src: crontab.j2
dest: "/etc/cron.d/mediawiki-{{ mediawiki_name }}-maint"
owner: root
group: root
- mode: 0644
+ mode: '0644'
tags:
- mediawiki
- webservices
diff --git a/mediawiki/tasks/mysql.yml b/mediawiki/tasks/mysql.yml
index 1ecd76a357afaff6b70d976a9dface236b078c2c..e43ac8edcc6957c43d437ebd371610045eac1618 100644
--- a/mediawiki/tasks/mysql.yml
+++ b/mediawiki/tasks/mysql.yml
@@ -18,4 +18,3 @@
tags:
- mediawiki
- webservices
-
diff --git a/mediawiki/tasks/postgres.yml b/mediawiki/tasks/postgres.yml
index f4fc8fb2dfbad50987e08d68a5ed9a3f5d74464c..737cef5efebcc1a481a26dad4e4478f8e825bd18 100644
--- a/mediawiki/tasks/postgres.yml
+++ b/mediawiki/tasks/postgres.yml
@@ -24,24 +24,24 @@
name: "{{ mediawiki_dbuser }}"
password: "{{ mediawiki_dbpassword }}"
state: present
- no_log: True
- become: yes
+ no_log: true
+ become: true
become_user: postgres
tags:
- mediawiki
- webservices
- name: "ensure the database for {{ mediawiki_name }} exists"
- postgresql_db:
+ postgresql_db:
name: "{{ mediawiki_dbname }}"
owner: "{{ mediawiki_dbuser }}"
state: present
- become: yes
+ become: true
become_user: postgres
tags:
- mediawiki
- webservices
-
+
- name: "ensure the database user has priviliges for {{ mediawiki_name }}"
postgresql_privs:
database: "{{ mediawiki_dbname }}"
@@ -49,7 +49,7 @@
privs: ALL
state: present
type: database
- become: yes
+ become: true
become_user: postgres
tags:
- mediawiki
diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml
index 976c3872d941268c18a124c7802e50d683505f13..76b0f30c3ee3aac75bcb21d02c3f2c4793faf6c9 100644
--- a/php-fpm/tasks/main.yml
+++ b/php-fpm/tasks/main.yml
@@ -22,20 +22,20 @@
tags:
- php-fpm
- webservices
-
+
- name: ensure we have the pool we want
template:
src: pool.conf.j2
dest: "/etc/php/7.0/fpm/pool.d/{{ fpm_pool }}.conf"
owner: root
group: root
- mode: 0644
+ mode: '0644'
when: debian_version == "stretch"
notify:
- restart php-fpm
tags:
- - php-fpm
- - webservices
+ - php-fpm
+ - webservices
- name: ensure we have all the pools we want
template:
@@ -43,11 +43,11 @@
dest: "/etc/php/7.0/fpm/pool.d/{{item.name}}.conf"
owner: root
group: root
- mode: 0644
+ mode: '0644'
when: debian_version == "stretch"
with_items: "{{fpm_pools|default([])}}"
notify:
- restart php-fpm
tags:
- - php-fpm
- - webservices
+ - php-fpm
+ - webservices
diff --git a/sentry/defaults/main.yml b/sentry/defaults/main.yml
index f772cbac74585b42d70cf8d81eba590cde9c6b11..885551b0602d31f1af81026911b70f1027357f95 100644
--- a/sentry/defaults/main.yml
+++ b/sentry/defaults/main.yml
@@ -11,16 +11,16 @@ sentry_db_host: null
sentry_redis_url: redis://localhost:6379/0
sentry_web_host: localhost
sentry_web_port: 9000
-sentry_mail_active: no
+sentry_mail_active: false
sentry_mail_host: mail.example.com
sentry_mail_user: null
sentry_mail_password: null
-sentry_mail_use_tls: no
+sentry_mail_use_tls: false
sentry_mail_from: "sentry@example.com"
sentry_storage_dir: "/tmp/sentry-files"
sentry_default_user_mail: sentry@example.com
sentry_default_user_password: null
-sentry_use_ldap: yes
+sentry_use_ldap: true
sentry_ldap_uri: "ldaps://auth.example.com"
sentry_ldap_distinguished_name: "dc=example,dc=com"
sentry_ldap_deny_group: null
diff --git a/sentry/tasks/main.yml b/sentry/tasks/main.yml
index b8c800b83f1188235a73f23eaddf889fb96111b5..7e10fccdb5df92e3da92ac01ddf181a81f2bf8f7 100644
--- a/sentry/tasks/main.yml
+++ b/sentry/tasks/main.yml
@@ -22,7 +22,10 @@
- monitoring
- name: ensure we have the sentry group
- group: name="{{sentry_group}}" state=present system=yes
+ group:
+ name: "{{sentry_group}}"
+ state: present
+ system: true
tags:
- sentry
- webservices
@@ -33,10 +36,10 @@
name: "{{sentry_user}}"
group: "{{sentry_group}}"
state: present
- system: yes
+ system: true
shell: /usr/bin/nologin
home: "{{sentry_root_dir}}"
- createhome: no
+ createhome: false
tags:
- sentry
- webservices
@@ -46,7 +49,7 @@
file:
path: "{{sentry_root_dir}}"
state: directory
- mode: 0750
+ mode: '0750'
owner: root
group: sentry
tags:
@@ -69,31 +72,22 @@
- monitoring
- name: ensure uwsgi is executable
- file: path="{{sentry_root_dir}}/bin/uwsgi" mode="o+rx"
+ file:
+ path: "{{sentry_root_dir}}/bin/uwsgi"
+ mode: "o+rx"
tags:
- sentry
- webservices
- monitoring
-- name: get the database password
- local_action: pass name="db/{{sentry_db_host}}-pgsql-sentry" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
- register: sentry_db_password
- when: sentry_db_host is not none and sentry_db_password is none
- no_log: yes
- tags:
- - sentry
- - webservices
- - monitoring
- - password
- - postgres
-
- name: ensure we have a postgres database user
postgresql_user:
name: "{{sentry_db_user}}"
state: present
- password: "{{sentry_db_password.password|default(sentry_db_password)|default(omit)}}"
+ # yamllint disable-line rule:line-length
+ password: "{{ lookup('passwordstore', 'db/{{sentry_db_host}}-pgsql-sentry create=true length=20') if sentry_db_host is not None and sentry_db_password is None }}"
role_attr_flags: NOSUPERUSER,NOCREATEDB
- become: yes
+ become: true
become_user: postgres
delegate_to: "{{sentry_db_host|default(omit)}}"
tags:
@@ -107,7 +101,7 @@
name: "{{sentry_db_name}}"
owner: "{{sentry_db_user}}"
state: present
- become: yes
+ become: true
become_user: postgres
delegate_to: "{{sentry_db_host|default(omit)}}"
tags:
@@ -123,7 +117,7 @@
privs: ALL
state: present
type: database
- become: yes
+ become: true
become_user: postgres
delegate_to: "{{sentry_db_host|default(omit)}}"
tags:
@@ -135,7 +129,9 @@
- name: ensure the user may login
lineinfile:
dest: /etc/postgresql/9.6/main/pg_hba.conf
+ # yamllint disable-line rule:line-length
insertafter: "host all all 127.0.0.1/32 md5"
+ # yamllint disable-line rule:line-length
line: "host {{sentry_db_name}} {{sentry_db_user}} monitoring.fsmpi.rwth-aachen.de md5"
delegate_to: "{{sentry_db_host|default(omit)}}"
notify:
@@ -148,7 +144,7 @@
- name: ensure the database supports citext
command: "psql {{sentry_db_name}} -c 'CREATE EXTENSION IF NOT EXISTS citext'"
- become: yes
+ become: true
become_user: postgres
delegate_to: "{{sentry_db_host|default(omit)}}"
tags:
@@ -161,11 +157,11 @@
- name: ensure sentry is configured
template:
- src: "{{item}}"
+ src: "{{item}}.j2"
dest: "{{sentry_root_dir}}"
owner: root
group: "{{sentry_group}}"
- mode: 0640
+ mode: '0640'
with_items:
- config.yml
- sentry.conf.py
@@ -178,11 +174,12 @@
- config
# if this fails with 137/kill -9, this might be OOM
-- name: upgrade the sentry database (this may take some time and use much memory)
+- name: upgrade the sentry database (this may take some time and memory)
+ # yamllint disable-line rule:line-length
shell: "SENTRY_CONF={{sentry_root_dir}} {{sentry_root_dir}}/bin/sentry upgrade"
args:
stdin: n
- become: yes
+ become: true
become_user: "{{sentry_user}}"
tags:
- sentry
@@ -196,7 +193,7 @@
dest: /etc/systemd/system
owner: root
group: root
- mode: 0644
+ mode: '0644'
with_items:
- sentry-web.service
- sentry-cron.service
@@ -211,7 +208,9 @@
- service
- name: ensure sentry is activated
- systemd: name=sentry-web enabled=yes
+ systemd:
+ name: sentry-web
+ enabled: true
tags:
- sentry
- webservices
diff --git a/sentry/templates/config.yml b/sentry/templates/config.yml.j2
similarity index 100%
rename from sentry/templates/config.yml
rename to sentry/templates/config.yml.j2
diff --git a/sentry/templates/sentry.conf.py b/sentry/templates/sentry.conf.py.j2
similarity index 100%
rename from sentry/templates/sentry.conf.py
rename to sentry/templates/sentry.conf.py.j2
diff --git a/shibboleth/tasks/main.yml b/shibboleth/tasks/main.yml
index c40465dfee48879a2b8c56e77b314cae554b7e4a..9317d0f178f992ce3a77f748280cc931dd21cc03 100644
--- a/shibboleth/tasks/main.yml
+++ b/shibboleth/tasks/main.yml
@@ -3,6 +3,7 @@
- name: activate the shibboleth apt repository
apt_repository:
+ # yamllint disable-line rule:line-length
repo: "deb [arch=amd64] https://repo.fsmpi.rwth-aachen.de/ {{ansible_facts.distribution_release}} shibboleth"
state: present
notify:
@@ -37,7 +38,7 @@
dest: /etc/shibboleth/shibboleth2.xml
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- reload shibd
tags:
@@ -50,7 +51,7 @@
dest: /etc/shibboleth/attribute-map.xml
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- reload shibd
tags:
@@ -63,7 +64,7 @@
dest: /etc/supervisor/conf.d/
owner: root
group: root
- mode: 0644
+ mode: '0644'
with_items:
- shibauthorizer.conf
- shibresponder.conf
@@ -80,7 +81,7 @@
dest: /etc/nginx/snippets/
owner: root
group: root
- mode: 0644
+ mode: '0644'
tags:
- shibboleth
- nginx
@@ -89,7 +90,7 @@
- name: ensure the services are running
systemd:
name: "{{item}}"
- enabled: yes
+ enabled: true
state: started
with_items:
- supervisor
diff --git a/uwsgi-python/handlers/main.yml b/uwsgi-python/handlers/main.yml
index 8a727df6f3b1d849ddb05c33b41f8933ce408715..ea730430b4c5ece2a6c7b0c43f2ce71b46fd58b0 100644
--- a/uwsgi-python/handlers/main.yml
+++ b/uwsgi-python/handlers/main.yml
@@ -15,7 +15,7 @@
- name: restart uwsgi instance schilder
service: name="uwsgi@schilder" state=restarted
-
+
- name: restart uwsgi instance boxes
service: name="uwsgi@boxes" state=restarted
diff --git a/uwsgi-python/tasks/app.yml b/uwsgi-python/tasks/app.yml
index 5038b96833d8e9d32677e207df1f51fab34893a6..743e1dbc9fa94fa3e8f31713b1fd1c98db5a375f 100644
--- a/uwsgi-python/tasks/app.yml
+++ b/uwsgi-python/tasks/app.yml
@@ -47,18 +47,18 @@
- "{{ app.instance }}"
- block:
- - include: sqlite.yml
- when: app_db_type == "sqlite"
- - include: mysql.yml
- when: app_db_type == "mysql"
- - include: postgres.yml
- when: app_db_type == "postgres"
+ - include: sqlite.yml
+ when: app_db_type == "sqlite"
+ - include: mysql.yml
+ when: app_db_type == "mysql"
+ - include: postgres.yml
+ when: app_db_type == "postgres"
when: app_db_type is defined
- name: ensure we have a group
group:
name: "{{ app_group }}"
- system: yes
+ system: true
state: present
tags:
- uwsgi-app
@@ -69,10 +69,10 @@
user:
name: "{{ app_user }}"
group: "{{ app_group }}"
- system: yes
+ system: true
home: "{{ app_home }}"
shell: /usr/bin/nologin
- createhome: no
+ createhome: false
state: present
tags:
- uwsgi-app
@@ -85,7 +85,7 @@
dest: "/etc/tmpfiles.d/10-{{ app.instance }}.conf"
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- create tmpfiles
tags:
@@ -99,7 +99,7 @@
dest: "/etc/uwsgi/apps/{{ app.instance }}.ini"
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- "restart uwsgi instance {{ app.instance }}"
tags:
@@ -124,7 +124,7 @@
dest: "/root/.ssh/{{ app.app }}"
owner: root
group: root
- mode: 0600
+ mode: '0600'
when:
- app_deploy_key is defined
- app_deploy_key != ''
@@ -201,7 +201,7 @@
dest: "{{ app_path }}/{{ app_config_file }}"
owner: "{{ app_user }}"
group: "{{ app_group }}"
- mode: 0640
+ mode: '0640'
notify:
- "restart uwsgi instance {{ app.instance }}"
when:
@@ -218,8 +218,8 @@
dest: "{{ app_path }}/secret_config.py"
owner: "{{ app_user }}"
group: "{{ app_group }}"
- mode: 0600
- force: no
+ mode: '0600'
+ force: false
notify:
- "restart uwsgi instance {{ app.instance }}"
tags:
@@ -230,7 +230,7 @@
- app_secret_config is defined
- app_secret_config == True
-- name: ensure the secret config is not considered a change in the git repository
+- name: ensure the secret config is not part of the git repository
lineinfile:
path: "{{app_path}}/.git/info/exclude"
line: "secret_config.py"
@@ -258,11 +258,9 @@
- name: ensure the service is enabled
service:
name: "uwsgi@{{ app.instance }}"
- enabled: yes
+ enabled: true
state: started
tags:
- uwsgi-app
- "{{ app.app }}"
- "{{ app.instance }}"
-
-
diff --git a/uwsgi-python/tasks/apps/lehrpreis.yml b/uwsgi-python/tasks/apps/lehrpreis.yml
index 7c7745d258ad275197da1567c296988840a5929c..079e06bf6e9e5c00d6d77b5abc38824ceafc8e7b 100644
--- a/uwsgi-python/tasks/apps/lehrpreis.yml
+++ b/uwsgi-python/tasks/apps/lehrpreis.yml
@@ -1,15 +1,17 @@
+---
+
- name: ensure we have our branded logo
copy:
src: "{{ lehrpreis_branding_logo_src }}"
dest: "{{ app_path }}/static/images/{{ lehrpreis_branding_logo }}"
owner: "{{ app_user }}"
group: "{{ app_group }}"
- mode: 0644
+ mode: '0644'
notify:
- restart uwsgi instance {{ app.instance }}
when: lehrpreis_branding_logo and lehrpreis_branding_logo_src
-- name: ensure the branded logo is not considered a local change in the git repository
+- name: ensure the branded logo is not considered a part of the git repository
lineinfile:
path: "{{app_path}}/.git/info/exclude"
line: "static/images/{{ lehrpreis_branding_logo }}"
diff --git a/uwsgi-python/tasks/apps/lipclms.yml b/uwsgi-python/tasks/apps/lipclms.yml
index f725b759c0d9920390f2bb6ad7bfbc83e183078e..393f88c34583b636b40a171cbcf2e1ce2c05b992 100644
--- a/uwsgi-python/tasks/apps/lipclms.yml
+++ b/uwsgi-python/tasks/apps/lipclms.yml
@@ -1,6 +1,6 @@
---
-#https://github.com/ansible/ansible/issues/42983
+# https://github.com/ansible/ansible/issues/42983
- name: ensure there exists a .ansible folder
file:
path: "{{app_path}}/.ansible"
@@ -12,15 +12,12 @@
command: "{{app_venv}}/bin/python {{app_path}}/lipclms.py db upgrade"
args:
chdir: "{{app_path}}"
- become: yes
+ become: true
become_user: "{{app_user}}"
notify:
- - "restart uwsgi instance {{app.instance}}"
+ - "restart uwsgi instance {{app.instance}}"
- name: ensure the folder from above is not present anymore
file:
path: "{{app_path}}/.ansible"
state: absent
-
-
-
diff --git a/uwsgi-python/tasks/apps/mail-api.yml b/uwsgi-python/tasks/apps/mail-api.yml
index d64e4156800d0556197cd3958cac761483e61efd..616dda39a9771891e6a3f4759c39485bc14eeb2e 100644
--- a/uwsgi-python/tasks/apps/mail-api.yml
+++ b/uwsgi-python/tasks/apps/mail-api.yml
@@ -6,7 +6,7 @@
dest: /etc/sudoers.d/mailapi
owner: root
group: root
- mode: 0440
+ mode: '0440'
tags:
- usercripts
- mailapi
@@ -14,7 +14,7 @@
- name: check the sudo config
command: visudo -q -c -f /etc/sudoers
- changed_when: no
+ changed_when: false
tags:
- userscripts
- mailapi
diff --git a/uwsgi-python/tasks/apps/mm2-api.yml b/uwsgi-python/tasks/apps/mm2-api.yml
index affb6ac43fedcfc84ac60ac0ef6727655835708b..dc71694450d930395a8107caae110da155f1e765 100644
--- a/uwsgi-python/tasks/apps/mm2-api.yml
+++ b/uwsgi-python/tasks/apps/mm2-api.yml
@@ -6,7 +6,7 @@
dest: /etc/sudoers.d/mm2api
owner: root
group: root
- mode: 0440
+ mode: '0440'
tags:
- usercripts
- mm2api
@@ -14,7 +14,7 @@
- name: check the sudo config
command: visudo -q -c -f /etc/sudoers
- changed_when: no
+ changed_when: false
tags:
- userscripts
- mm2api
diff --git a/uwsgi-python/tasks/apps/nfs-api.yml b/uwsgi-python/tasks/apps/nfs-api.yml
index 32fd576de16bf7d66d1835cc5938835e76d9bbb9..f53ceb4956dca16c6dba89015267796c29ebd90a 100644
--- a/uwsgi-python/tasks/apps/nfs-api.yml
+++ b/uwsgi-python/tasks/apps/nfs-api.yml
@@ -6,7 +6,7 @@
dest: /etc/sudoers.d/nfsapi
owner: root
group: root
- mode: 0440
+ mode: '0440'
tags:
- usercripts
- nfsapi
@@ -14,7 +14,7 @@
- name: check the sudo config
command: visudo -q -c -f /etc/sudoers
- changed_when: no
+ changed_when: false
tags:
- userscripts
- nfsapi
diff --git a/uwsgi-python/tasks/apps/printercount.yml b/uwsgi-python/tasks/apps/printercount.yml
index 9b09441e50a72af5e5787ddcadff648fe76f486c..38128bc3247943af278a9299b6cf136cf4eae420 100644
--- a/uwsgi-python/tasks/apps/printercount.yml
+++ b/uwsgi-python/tasks/apps/printercount.yml
@@ -15,7 +15,7 @@
etype: user
permissions: r
state: present
- recursive: yes
+ recursive: true
tags:
- printercount
@@ -25,7 +25,7 @@
entity: "{{app_user}}"
etype: user
permissions: r
- default: yes
+ default: true
state: present
tags:
- printercount
@@ -39,4 +39,3 @@
state: present
tags:
- printercount
-
diff --git a/uwsgi-python/tasks/apps/protokollsystem.yml b/uwsgi-python/tasks/apps/protokollsystem.yml
index 99b2d1b82eb8e51fbd1844c8fdbb6c0a665b77b0..a60c85170417a1eebebedf0283b3dfd07b40e532 100644
--- a/uwsgi-python/tasks/apps/protokollsystem.yml
+++ b/uwsgi-python/tasks/apps/protokollsystem.yml
@@ -1,8 +1,7 @@
---
# file: protokollsystem/tasks/main.yml
-
-#https://github.com/ansible/ansible/issues/42983
+# https://github.com/ansible/ansible/issues/42983
- name: ensure there exists a .ansible folder
file:
path: "{{app_path}}/.ansible"
@@ -11,21 +10,22 @@
group: "{{app_group}}"
- name: check our config
+ # yamllint disable-line rule:line-length
command: "{{app_venv}}/bin/python {{app_path}}/configproxy.py check --log-level warning"
args:
chdir: "{{app_path}}"
- become: yes
+ become: true
become_user: "{{app_user}}"
- changed_when: no
+ changed_when: false
- name: ensure data model upgrades are applied
command: "{{app_venv}}/bin/python {{app_path}}/server.py db upgrade"
args:
chdir: "{{app_path}}"
- become: yes
+ become: true
become_user: "{{app_user}}"
notify:
- - "restart uwsgi instance {{app.instance}}"
+ - "restart uwsgi instance {{app.instance}}"
- name: ensure the folder from above is not present anymore
file:
@@ -38,17 +38,21 @@
dest: "{{ app_path }}/"
owner: "{{ protokolle_user }}"
group: "{{ protokolle_group }}"
- mode: 0644
+ mode: '0644'
when: protokolle_local_templates|default('') != ''
notify:
- "restart uwsgi instance {{app.instance}}"
- name: ensure one local template is the default
file:
+ # yamllint disable-line rule:line-length
src: "{{ app_path }}/{{ protokolle_latex_local_templates }}/{{ protokolle_local_templates_default }}/{{ item.path }}"
+ # yamllint disable-line rule:line-length
dest: "{{ app_path }}/{{ protokolle_latex_local_templates }}/{{ item.path }}"
state: link
+ # yamllint disable-line rule:line-length
with_filetree: "{{ protokolle_local_templates }}/{{ protokolle_local_templates_default }}"
+ # yamllint disable-line rule:line-length
when: protokolle_local_templates|default(False) and protokolle_local_templates_default|default(False)
notify:
- "restart uwsgi instance {{app.instance}}"
@@ -59,7 +63,7 @@
dest: "/etc/systemd/system/{{ app_name }}-celery.service"
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- reload systemd service files
- "restart uwsgi instance {{app.instance}}"
@@ -67,5 +71,5 @@
- name: ensure the celery service is enabled
service:
name: "{{app_name}}-celery"
- enabled: yes
+ enabled: true
state: started
diff --git a/uwsgi-python/tasks/apps/redeleitsystem.yml b/uwsgi-python/tasks/apps/redeleitsystem.yml
index e21cc14d710dc51c0358996dee33996d2ae6e541..a0f07f0ef8cdd8a4c99ddab74dd7924c15da0ea6 100644
--- a/uwsgi-python/tasks/apps/redeleitsystem.yml
+++ b/uwsgi-python/tasks/apps/redeleitsystem.yml
@@ -1,7 +1,6 @@
---
-
-#https://github.com/ansible/ansible/issues/42983
+# https://github.com/ansible/ansible/issues/42983
- name: ensure there exists a .ansible folder
file:
path: "{{app_path}}/.ansible"
@@ -13,11 +12,11 @@
command: "{{app_venv}}/bin/python {{app_path}}/server.py db upgrade"
args:
chdir: "{{app_path}}"
- become: yes
+ become: true
become_user: "{{app_user}}"
notify:
- - "restart uwsgi instance {{app.instance}}"
-
+ - "restart uwsgi instance {{app.instance}}"
+
- name: ensure the folder from above is not present anymore
file:
path: "{{app_path}}/.ansible"
diff --git a/uwsgi-python/tasks/apps/repo-sync.yml b/uwsgi-python/tasks/apps/repo-sync.yml
index 1b8973e3f9e52517ec15662d5f067bcf1d4eaf77..5ac1fe3524aaf6d116e17fd0c1828b18107c2a68 100644
--- a/uwsgi-python/tasks/apps/repo-sync.yml
+++ b/uwsgi-python/tasks/apps/repo-sync.yml
@@ -1,10 +1,12 @@
+---
+
- name: ensure we have a directory for additional ssh keys
file:
state: directory
dest: "{{ app_home }}/.ssh/"
owner: "{{ app_user }}"
group: "{{ app_group }}"
- mode: 0700
+ mode: '0700'
- name: ensure we have additional ssh keys
copy:
@@ -12,7 +14,7 @@
dest: "{{ app_home }}/.ssh/"
owner: "{{ app_user }}"
group: "{{ app_group }}"
- mode: 0600
+ mode: '0600'
with_items:
- "{{ repo_sync_ssh_keys }}"
- - "{{ repo_sync_ssh_keys }}".pub
+ - "{{ repo_sync_ssh_keys }}.pub"
diff --git a/uwsgi-python/tasks/apps/schilder.yml b/uwsgi-python/tasks/apps/schilder.yml
index d51093e58adbca88fdc5b39eb42229466e9cdbc0..0d22fbbc43d3519e4e36f55c9170bfc4a9afa52d 100644
--- a/uwsgi-python/tasks/apps/schilder.yml
+++ b/uwsgi-python/tasks/apps/schilder.yml
@@ -1,3 +1,5 @@
+---
+
# https://github.com/ansible/ansible/issues/27699
- name: ensure git module is able to clone
command: mount -o remount,exec /tmp
diff --git a/uwsgi-python/tasks/apps/wahlhelfer.yml b/uwsgi-python/tasks/apps/wahlhelfer.yml
index 9d889f335352250764090db12e7fd4ab05445b42..5a6ad5af188cc7e2c7e2bbde38b93a8da146947f 100644
--- a/uwsgi-python/tasks/apps/wahlhelfer.yml
+++ b/uwsgi-python/tasks/apps/wahlhelfer.yml
@@ -6,11 +6,10 @@
dest: "{{ app_path }}/zibopt/"
owner: "{{ app_user }}"
group: "{{ app_group }}"
- mode: 0755
+ mode: '0755'
with_items:
- scip
- zimpl
tags:
- wahlhelfer
- webservices
-
diff --git a/uwsgi-python/tasks/apps/wahlsystem.yml b/uwsgi-python/tasks/apps/wahlsystem.yml
index 5d029af634105aef81b97d7bf69e8948b32b7188..3f6db2e89ecdc5b0fceeffc0425a80c3c810eaff 100644
--- a/uwsgi-python/tasks/apps/wahlsystem.yml
+++ b/uwsgi-python/tasks/apps/wahlsystem.yml
@@ -6,7 +6,7 @@
state: directory
owner: "{{ app_user }}"
group: "{{ app_group }}"
- mode: 0755
+ mode: '0755'
tags:
- wahlsystem
- webservices
@@ -17,7 +17,7 @@
dest: "/etc/systemd/system/{{ app_name }}-celery.service"
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- reload systemd service files
- "restart uwsgi instance {{app.instance}}"
@@ -25,5 +25,5 @@
- name: ensure the celery service is enabled
service:
name: "{{app_name}}-celery"
- enabled: yes
+ enabled: true
state: started
diff --git a/uwsgi-python/tasks/main.yml b/uwsgi-python/tasks/main.yml
index b569b6b7a5892cc63e58e76340a7ed307bee8430..0e5f871baf1355a0990e4c8ab7b3c0ac21365e75 100644
--- a/uwsgi-python/tasks/main.yml
+++ b/uwsgi-python/tasks/main.yml
@@ -1,7 +1,6 @@
---
# file: uwsgi-python/tasks/main.yml
-
- name: ensure uwsgi is installed
apt:
name: uwsgi
@@ -11,30 +10,30 @@
- webservices
- name: ensure we have archlinux's systemd-service file
- copy:
+ copy:
src: uwsgi@.service
dest: /etc/systemd/system/uwsgi@.service
owner: root
group: root
- mode: 0644
- notify:
+ mode: '0644'
+ notify:
- reload systemd service files
tags:
- uwsgi
- webservices
- name: ensure the uwsgi app folder is present
- file:
+ file:
path: /etc/uwsgi/apps/
state: directory
owner: root
group: root
- mode: 0755
+ mode: '0755'
tags:
- uwsgi
- webservices
-- include_tasks: app.yml
+- include_tasks: app.yml
with_items: "{{ webapps }}"
loop_control:
loop_var: app
@@ -42,4 +41,3 @@
tags:
- uwsgi
- webservices
-
diff --git a/uwsgi-python/tasks/mysql.yml b/uwsgi-python/tasks/mysql.yml
index 9790131c15010e2ec0fe288e33a676275642e666..e98ebdd7016d9941626bde68153d2d13a4b214ea 100644
--- a/uwsgi-python/tasks/mysql.yml
+++ b/uwsgi-python/tasks/mysql.yml
@@ -17,8 +17,9 @@
name: "{{ app_db_name }}"
state: present
login_user: root
+ # yamllint disable-line rule:line-length
login_password: "{{ lookup('passwordstore', 'db/{{ansible_facts.hostname}}-mysql create=true length=20') }}"
-# no_log: True
+ no_log: true
tags:
- uwsgi-python
- webservices
@@ -26,12 +27,14 @@
- name: ensure the database user for mysql exists
mysql_user:
name: "{{ app_user }}"
+ # yamllint disable-line rule:line-length
password: "{{ lookup('passwordstore', 'db/{{ansible_facts.hostname}}-mysql-{{app_user}} create=true length=20') }}"
state: present
login_user: root
+ # yamllint disable-line rule:line-length
login_password: "{{lookup('passwordstore', 'db/{{ansible_facts.hostname}}-mysql create=true length=20')}}"
priv: "{{ app_db_name }}.*:ALL"
-# no_log: True
+ no_log: true
tags:
- uwsgi-python
- webservices
diff --git a/uwsgi-python/tasks/postgres.yml b/uwsgi-python/tasks/postgres.yml
index c05f688345a5685bcd314ce1ec77a40ca9299e74..f97b3e77b0e0ea57f83c4d95a6939817b6497c2c 100644
--- a/uwsgi-python/tasks/postgres.yml
+++ b/uwsgi-python/tasks/postgres.yml
@@ -5,7 +5,7 @@
postgresql_user:
name: "{{ app_user }}"
state: present
- become: yes
+ become: true
become_user: postgres
tags:
- uwsgi-python
@@ -16,7 +16,7 @@
name: "{{ app_db_name }}"
owner: "{{ app_user }}"
state: present
- become: yes
+ become: true
become_user: postgres
tags:
- uwsgi-python
@@ -29,7 +29,7 @@
privs: ALL
state: present
type: database
- become: yes
+ become: true
become_user: postgres
tags:
- uwsgi-python
diff --git a/uwsgi-python/tasks/sqlite.yml b/uwsgi-python/tasks/sqlite.yml
index 5a3095046967db9811b8233529869ef721b1ec0e..28d31cb918b698a2345e912b866fcb9652d2eb15 100644
--- a/uwsgi-python/tasks/sqlite.yml
+++ b/uwsgi-python/tasks/sqlite.yml
@@ -8,4 +8,3 @@
tags:
- uwsgi-python
- webservices
-
diff --git a/uwsgi-python/vars/ak-tracker.yml b/uwsgi-python/vars/ak-tracker.yml
index 13c1efe618d026c457305ecbd27e39286a6cfeeb..b07e6cde57f79bbd5000599aa362bf1e6fe5a821 100644
--- a/uwsgi-python/vars/ak-tracker.yml
+++ b/uwsgi-python/vars/ak-tracker.yml
@@ -1,3 +1,5 @@
+---
+
app_name: 'ak-tracker'
app_python_version: 3
app_program: 'tracker.py'
@@ -12,7 +14,7 @@ app_git_version: 'HEAD'
app_requirements_file: 'requirements.txt'
app_config_file: 'config.py'
-app_secret_config: True
+app_secret_config: true
ak_tracker_ad_host: 'ad.example.com'
ak_tracker_ad_domain: 'EXAMPLE'
@@ -22,4 +24,4 @@ ak_tracker_ad_ca_cert: ''
ak_tracker_ad_auth_group: 'users'
ak_tracker_kif_wiki: 'https://kif.fsinf.de/'
-ak_tracker_kif_wiki_verify: True
+ak_tracker_kif_wiki_verify: true
diff --git a/uwsgi-python/vars/default.yml b/uwsgi-python/vars/default.yml
index f3fa3a2863c44542cb97a4967ab1968205dd84f7..c7017bf78c09f442a96097ae25f4b23614e195cc 100644
--- a/uwsgi-python/vars/default.yml
+++ b/uwsgi-python/vars/default.yml
@@ -1,3 +1,5 @@
+---
+
app_name: "{{ app.app }}"
app_user: "{{ app.app }}"
app_group: "{{ app.app }}"
@@ -28,4 +30,3 @@ app_requirements_file: requirements.txt
app_config_file: config.py
app_secret_config: true
app_secret_config_keys: []
-
diff --git a/uwsgi-python/vars/gitlab-connector.yml b/uwsgi-python/vars/gitlab-connector.yml
index ae62d2182a7ec8738de14e36ef879472f1d9e09a..a1df130b611185474b1d257383858be3e2cec793 100644
--- a/uwsgi-python/vars/gitlab-connector.yml
+++ b/uwsgi-python/vars/gitlab-connector.yml
@@ -1,3 +1,5 @@
+---
+
app_name: 'gitlab-connector'
app_python_version: 3
app_program: 'connector.py'
@@ -9,7 +11,7 @@ app_git_version: 'HEAD'
app_requirements_file: 'requirements.txt'
app_config_file: 'config.py'
-app_secret_config: True
+app_secret_config: true
glcon_ad_host: 'ad.example.com'
glcon_ad_domain: 'EXAMPLE'
@@ -29,7 +31,7 @@ glcon_ad_to_gitlab:
- name: 'users'
gitlab:
- name: 'ad-users'
- is_group: True
+ is_group: true
access_level: 'developer'
- name: 'secret/project'
- is_group: False
+ is_group: false
diff --git a/uwsgi-python/vars/gnt-web.yml b/uwsgi-python/vars/gnt-web.yml
index 77897deaa102bbea97a9f08954a6eb364514d1fe..abd65ba3db7cc24193404493a6c32b1d21692790 100644
--- a/uwsgi-python/vars/gnt-web.yml
+++ b/uwsgi-python/vars/gnt-web.yml
@@ -1,3 +1,5 @@
+---
+
app_name: gnt-web
app_user: gnt-web
app_group: gnt-web
diff --git a/uwsgi-python/vars/isic.yml b/uwsgi-python/vars/isic.yml
index 4cb8a1a89c22936e93e077d70b7c600610012854..03dbf404bd794c9f72ef2c66151c938f51523fc5 100644
--- a/uwsgi-python/vars/isic.yml
+++ b/uwsgi-python/vars/isic.yml
@@ -1,3 +1,5 @@
+---
+
app_name: isic
app_user: isic
app_group: isic
diff --git a/uwsgi-python/vars/lehrpreis.yml b/uwsgi-python/vars/lehrpreis.yml
index 70d0ec2537ea9918b18aac43f23346868fecd138..34a3a666d2976f2dd1ae07b04be2e5716b68017a 100644
--- a/uwsgi-python/vars/lehrpreis.yml
+++ b/uwsgi-python/vars/lehrpreis.yml
@@ -1,3 +1,5 @@
+---
+
app_name: lehrpreis
app_user: lehrpreis
app_group: lehrpreis
@@ -49,7 +51,7 @@ lehrpreis_branding_logo_src: ''
lehrpreis_branding_information_de: ''
lehrpreis_branding_information_en: ''
-lehrpreis_mail_enabled: True
+lehrpreis_mail_enabled: true
lehrpreis_mail_address: 'committee@example.com'
lehrpreis_mail_host: mail.example.com
lehrpreis_mail_locale: en
diff --git a/uwsgi-python/vars/lipclms.yml b/uwsgi-python/vars/lipclms.yml
index 7d0f7489cd0f3b9faa12ac3f6bf5e7d131aae6d5..db11bf89f29387aaf570e1bed407d9b756204919 100644
--- a/uwsgi-python/vars/lipclms.yml
+++ b/uwsgi-python/vars/lipclms.yml
@@ -1,3 +1,5 @@
+---
+
app_name: lipclms
app_user: lipclms
app_group: lipclms
diff --git a/uwsgi-python/vars/mail-api.yml b/uwsgi-python/vars/mail-api.yml
index 980dd70f79c47416ec76ff7bcd4bca7dd7402bf4..0c5977a0ef041ebd2ca1fc0629c86e036a85f234 100644
--- a/uwsgi-python/vars/mail-api.yml
+++ b/uwsgi-python/vars/mail-api.yml
@@ -1,3 +1,5 @@
+---
+
app_name: mail-api
app_user: mailapi
app_group: mailapi
diff --git a/uwsgi-python/vars/meckerkasten.yml b/uwsgi-python/vars/meckerkasten.yml
index 6a7e0345de32c051d68ac119b1271356d177ba83..8c0f32b7e4703bbf43abf107c235acd25778473f 100644
--- a/uwsgi-python/vars/meckerkasten.yml
+++ b/uwsgi-python/vars/meckerkasten.yml
@@ -1,3 +1,5 @@
+---
+
app_name: meckerkasten
app_user: meckerkasten
app_group: meckerkasten
@@ -40,4 +42,3 @@ app_service_env:
- MECKERKASTEN_WEB_ROOT=/var/www/meckerkasten/
- MECKERKASTEN_WEB_SUBDIR=meckerkasten
# - LDAPTLS_CACERT=
-
diff --git a/uwsgi-python/vars/mm2-api.yml b/uwsgi-python/vars/mm2-api.yml
index 12935961bc88508158d0319d3abe0864649d51b1..0fa8b5b5bfe03744c923c3b2c3457daa4f2e8ce7 100644
--- a/uwsgi-python/vars/mm2-api.yml
+++ b/uwsgi-python/vars/mm2-api.yml
@@ -1,3 +1,5 @@
+---
+
app_name: mm2-api
app_user: mm2api
app_group: mm2api
diff --git a/uwsgi-python/vars/nfs-api.yml b/uwsgi-python/vars/nfs-api.yml
index 220bb1115582bc526b19b3570c472a45dbc72d3e..8524f8ff32981040fa3d37b5dec2265f4b6bd03e 100644
--- a/uwsgi-python/vars/nfs-api.yml
+++ b/uwsgi-python/vars/nfs-api.yml
@@ -1,3 +1,5 @@
+---
+
app_name: nfs-api
app_user: nfsapi
app_group: nfsapi
@@ -36,6 +38,6 @@ nfs_api_domain: "EXAMPLE"
nfs_api_user_dn: "cn=users,dc=example,dc=com"
nfs_api_group_dn: "cn=users,dc=example,dc=com"
nfs_api_ca_cert: ""
-nfs_api_quota: False
+nfs_api_quota: false
nfs_api_quota_soft: '45g'
nfs_api_quota_hard: '50g'
diff --git a/uwsgi-python/vars/printercount.yml b/uwsgi-python/vars/printercount.yml
index 4304a5daab3f78375efa053ae0653ad92a579f58..7d3b6d392c7d7520ce32bb19576aee0ca7c2e012 100644
--- a/uwsgi-python/vars/printercount.yml
+++ b/uwsgi-python/vars/printercount.yml
@@ -1,3 +1,5 @@
+---
+
app_name: printercount
app_user: printercount
app_group: printercount
diff --git a/uwsgi-python/vars/protokollsystem.yml b/uwsgi-python/vars/protokollsystem.yml
index 66a8054f5e32a78300574e2d248b0b1ebe4b7d74..d50858c75e3cc5485a230f6048657abd837b51ab 100644
--- a/uwsgi-python/vars/protokollsystem.yml
+++ b/uwsgi-python/vars/protokollsystem.yml
@@ -1,3 +1,5 @@
+---
+
app_name: protokollsystem
app_user: protokolle
app_group: protokolle
@@ -38,4 +40,5 @@ protokolle_celery_concurrency: 4
protokolle_wiki_type: MEDIAWIKI
protokolle_logos: []
+# yamllint disable-line rule:line-length
protokolle_sentry_dsn: ""
diff --git a/uwsgi-python/vars/redeleitsystem.yml b/uwsgi-python/vars/redeleitsystem.yml
index 8d74a7bbf49064ab8aa563651d96a50d334d833c..9fc62777c1e92b81a9a05e3ff699824cc9742c2c 100644
--- a/uwsgi-python/vars/redeleitsystem.yml
+++ b/uwsgi-python/vars/redeleitsystem.yml
@@ -1,3 +1,5 @@
+---
+
app_name: redeleitsystem
app_user: redeleitsystem
app_group: redeleitsystem
diff --git a/uwsgi-python/vars/repo-sync.yml b/uwsgi-python/vars/repo-sync.yml
index ed6ac1cc686a9a0c84ef2498e84c76800ec9e08f..33901dfc1d6cb874c725abb1a10c294a45ad8aa2 100644
--- a/uwsgi-python/vars/repo-sync.yml
+++ b/uwsgi-python/vars/repo-sync.yml
@@ -1,3 +1,5 @@
+---
+
app_name: repo-sync
app_user: repo-sync
app_group: repo-sync
diff --git a/uwsgi-python/vars/samba-migration.yml b/uwsgi-python/vars/samba-migration.yml
index e6f9eb178b53a0a46d3226b6ee61d17f60d4c962..f9d6680aba02f0aaaa09852c2878c100cf0ed6a6 100644
--- a/uwsgi-python/vars/samba-migration.yml
+++ b/uwsgi-python/vars/samba-migration.yml
@@ -1,3 +1,5 @@
+---
+
app_name: migration-webapp
app_user: migration-webapp
app_group: migration-webapp
@@ -28,4 +30,3 @@ app_git_version: HEAD
app_config_file: ''
app_secret_config: false
app_secret_config_keys: []
-
diff --git a/uwsgi-python/vars/schilder.yml b/uwsgi-python/vars/schilder.yml
index faa380f058366c320980875fc67049db3aa19002..e39a5f41aace454e973619658c7fd7a86b3ead1e 100644
--- a/uwsgi-python/vars/schilder.yml
+++ b/uwsgi-python/vars/schilder.yml
@@ -1,3 +1,5 @@
+---
+
app_name: schilder
app_user: schilder
app_group: schilder
@@ -28,7 +30,6 @@ app_config_file: config.py
app_secret_config: true
app_secret_config_keys: []
-
schilder_printsrv: printsrv.example.de
schilder_printers:
- description: "1 - Kopierer Turing"
@@ -37,4 +38,5 @@ schilder_printers:
name: "Kopierer2"
schilder_lproptions:
- "-o fitplot"
+# yamllint disable-line rule:line-length
schilder_templates_url: git@git.example.com:schilder/templates-example-schilder.git
diff --git a/uwsgi-python/vars/schrank.yml b/uwsgi-python/vars/schrank.yml
index c033a1cd9c1e851702e8d90669c8c09609405bf1..d5b2df705f3ed7571723c269a7c0e8611fa08e3a 100644
--- a/uwsgi-python/vars/schrank.yml
+++ b/uwsgi-python/vars/schrank.yml
@@ -1,3 +1,5 @@
+---
+
app_name: schrank
app_user: schrankweb
app_group: schrankweb
diff --git a/uwsgi-python/vars/shorturl.yml b/uwsgi-python/vars/shorturl.yml
index eccb172cb5bd0d37dea0101b725f0780f5ed5797..8646fada77d6be87a9118af976746a0d7a3a0aca 100644
--- a/uwsgi-python/vars/shorturl.yml
+++ b/uwsgi-python/vars/shorturl.yml
@@ -1,3 +1,5 @@
+---
+
app_name: shorturl
app_user: shorturl
app_group: shorturl
@@ -42,6 +44,7 @@ shorturl_ad_cert: "/etc/ssl/certs/example_cacert.pem"
shorturl_target_regex: '^https://([a-zA-Z0-9-]+\.)*example\.com(/(.*))?$'
shorturl_branding_name: 'Example'
shorturl_branding_domain: 'short.example'
+# yamllint disable-line rule:line-length
shorturl_branding_domain_regex: '^(?!(https?://)?(www\.)?(short\.example)/?)(.*)'
shorturl_branding_contact: 'contact@example.com'
@@ -49,4 +52,3 @@ shorturl_mail_subject: 'confirmation request ShortURL service'
shorturl_mail_domain: 'example.com'
shorturl_mail_admin: 'contact@example.com'
shorturl_mail_host: 'mail.example.com'
-
diff --git a/uwsgi-python/vars/sso.yml b/uwsgi-python/vars/sso.yml
index c7be87d7a28567ec06071b4d3d988aa61cf95939..9019f577d88ef51c2d93335d2654bce5ebeadb43 100644
--- a/uwsgi-python/vars/sso.yml
+++ b/uwsgi-python/vars/sso.yml
@@ -1,3 +1,5 @@
+---
+
app_name: sso
app_user: sso
app_group: sso
@@ -28,7 +30,7 @@ app_secret_config_keys: []
app_additional_software: []
-sso_auth_use_ad: yes
+sso_auth_use_ad: true
sso_auth_host: auth.example.com
sso_auth_user_dn: "cn=users,dc=example,dc=com"
sso_auth_group_dn: "dc=example,dc=com"
@@ -36,4 +38,3 @@ sso_auth_ca_cert: ''
sso_auth_domain: EXAMPLE
sso_domain: "{{ domain }}"
-
diff --git a/uwsgi-python/vars/timer.yml b/uwsgi-python/vars/timer.yml
index 5ba6383cbafb8b9b32af1ddbba385a36920e20e5..bb7ff119403a4b1fd0a92e44325fb7df8f539492 100644
--- a/uwsgi-python/vars/timer.yml
+++ b/uwsgi-python/vars/timer.yml
@@ -1,3 +1,5 @@
+---
+
app_name: timer
app_user: timer
app_group: timer
diff --git a/uwsgi-python/vars/vampir-mitglieder.yml b/uwsgi-python/vars/vampir-mitglieder.yml
index c3fb25d77a1323f2aeceb436c0c019fc48dad243..b1b8301733ead3c12ebfac360480b9bd4e1326f3 100644
--- a/uwsgi-python/vars/vampir-mitglieder.yml
+++ b/uwsgi-python/vars/vampir-mitglieder.yml
@@ -1,3 +1,5 @@
+---
+
app_name: vampir-mitglieder
app_user: vampirmitglieder
app_group: vampirmitglieder
diff --git a/uwsgi-python/vars/wahlhelfer.yml b/uwsgi-python/vars/wahlhelfer.yml
index 2bae6bb74ccb1ef67732169ff96cc20e0ec36d8d..995318f99180e2b1ae7080ea2f307e788b6cac9a 100644
--- a/uwsgi-python/vars/wahlhelfer.yml
+++ b/uwsgi-python/vars/wahlhelfer.yml
@@ -1,3 +1,5 @@
+---
+
app_name: wahlhelfer
app_user: wahlhelfer
app_group: wahlhelfer
@@ -39,4 +41,3 @@ wahlhelfer_allowed_hosts: ['example.com']
app_service_env:
- WAHLHELFER_WEB_ROOT=/var/www/wahlhelfer/
# - LDAPTLS_CACERT=
-
diff --git a/uwsgi-python/vars/wahlsystem.yml b/uwsgi-python/vars/wahlsystem.yml
index 61c7bb71407b75b01ba88a49fa4b3c5e3d078a0a..8f51d25acacff0d7eb6b22682a17454aaf9bdd08 100644
--- a/uwsgi-python/vars/wahlsystem.yml
+++ b/uwsgi-python/vars/wahlsystem.yml
@@ -1,3 +1,5 @@
+---
+
app_name: wahlsystem
app_user: wahl
app_group: wahl
@@ -35,12 +37,12 @@ wahl_celery_broker: 'redis://localhost:6379/0'
wahl_celery_concurrency: 1
wahl_ldap_cert: ''
-wahl_mail: True
+wahl_mail: true
wahl_mail_from: 'wahl@example.com'
wahl_mail_host: 'mail.example.com:25'
wahl_mail_user: ''
wahl_mail_password: ''
-wahl_mail_tls: False
+wahl_mail_tls: false
wahl_mail_prefix: 'Wahlsystem'
wahl_server_name: 'wahl.example.com'
wahl_url_root: 'wahl.example.com'
diff --git a/webserver/tasks/configure_placeholder.yml b/webserver/tasks/configure_placeholder.yml
index 58e250ea4947c6b6d4b4b76ab0f69dc0bc0da153..770a918cdf81af6cc380b5192e918c0977cba988 100644
--- a/webserver/tasks/configure_placeholder.yml
+++ b/webserver/tasks/configure_placeholder.yml
@@ -7,8 +7,8 @@
dest: /etc/nginx/sites-available/tls-proxy
owner: root
group: root
- mode: 0644
- force: no
+ mode: '0644'
+ force: false
notify:
- restart nginx-proxy
@@ -18,7 +18,7 @@
dest: /etc/nginx/sites-available/main
owner: root
group: root
- mode: 0644
- force: no
+ mode: '0644'
+ force: false
notify:
- restart nginx
diff --git a/webserver/tasks/configure_sites.yml b/webserver/tasks/configure_sites.yml
index 2012684a7330f9106c31bb533e68b2df823540cc..4698265e7abf11bd456b1ffcad666011b6492b50 100644
--- a/webserver/tasks/configure_sites.yml
+++ b/webserver/tasks/configure_sites.yml
@@ -7,7 +7,7 @@
state: directory
owner: root
group: root
- mode: 0644
+ mode: '0644'
with_items:
- proxy-sites-available
- proxy-sites-enabled
@@ -18,7 +18,7 @@
dest: "/etc/nginx/sites-available/{{item.name}}.conf"
owner: root
group: root
- mode: 0644
+ mode: '0644'
with_items: "{{webservers}}"
when: item.servers|selectattr("internal_locations", "defined") is any
loop_control:
@@ -59,8 +59,9 @@
dest: "/etc/nginx/proxy-sites-available/{{item.name}}.conf"
owner: root
group: root
- mode: 0644
+ mode: '0644'
with_items: "{{webservers}}"
+ # yamllint disable-line rule:line-length
when: item.servers|selectattr("public_locations", "defined")|map(attribute="public_locations") is any
loop_control:
label: "{{item.name}}"
@@ -74,6 +75,7 @@
state: link
with_items: "{{webservers}}"
when:
+ # yamllint disable-line rule:line-length
- item.servers|selectattr("public_locations", "defined")|map(attribute="public_locations") is any
- item.enabled
loop_control:
@@ -87,6 +89,7 @@
state: absent
with_items: "{{webservers}}"
when:
+ # yamllint disable-line rule:line-length
- item.servers|selectattr("public_locations", "defined")|map(attribute="public_locations") is any
- not item.enabled
loop_control:
diff --git a/webserver/tasks/main.yml b/webserver/tasks/main.yml
index 7db77a35183eb3ee730a6e34511ba433200deb80..8167e3cf5e6113d0867b941eb804d87404965427 100644
--- a/webserver/tasks/main.yml
+++ b/webserver/tasks/main.yml
@@ -20,7 +20,7 @@
dest: /etc/nginx/nginx.conf
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- restart nginx
tags:
@@ -33,7 +33,7 @@
dest: /etc/nginx/nginx-proxy.conf
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- restart nginx-proxy
tags:
@@ -44,7 +44,7 @@
group:
name: nginx-proxy
state: present
- system: yes
+ system: true
tags:
- nginx
- webservices
@@ -54,10 +54,10 @@
name: nginx-proxy
state: present
group: nginx-proxy
- system: yes
+ system: true
shell: /usr/sbin/nologin
home: /var/www
- createhome: no
+ createhome: false
tags:
- nginx
- webservices
@@ -68,7 +68,7 @@
dest: /etc/pam.d/nginx
owner: root
group: root
- mode: 0644
+ mode: '0644'
tags:
- nginx
- webservices
@@ -80,7 +80,7 @@
dest: /etc/pam.d/nginx-{{pam_group}}
owner: root
group: root
- mode: 0644
+ mode: '0644'
loop: "{{nginx_pam_groups}}"
loop_control:
loop_var: pam_group
@@ -117,7 +117,7 @@
dest: /etc/nginx/snippets/
owner: root
group: root
- mode: 0644
+ mode: '0644'
with_fileglob:
- "snippets/*.conf"
tags:
@@ -130,7 +130,7 @@
dest: /etc/tmpfiles.d/10-nginx.conf
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- create tmpfiles
tags:
@@ -143,7 +143,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: '0755'
notify:
- reload systemd service files
tags:
@@ -156,7 +156,7 @@
dest: /etc/systemd/system/nginx.service.d/sockets.conf
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- reload systemd service files
tags:
@@ -179,21 +179,21 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: '0755'
tags:
- nginx
- webservices
- name: check our website config
command: nginx -tqc /etc/nginx/nginx.conf
- changed_when: no
+ changed_when: false
tags:
- nginx
- webservices
- name: check our proxy config
command: nginx -tqc /etc/nginx/nginx-proxy.conf
- changed_when: no
+ changed_when: false
tags:
- nginx
- webservices
@@ -204,7 +204,7 @@
dest: /etc/systemd/system/nginx-proxy.service
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- reload systemd service files
- restart nginx-proxy
@@ -218,7 +218,7 @@
service:
name: nginx
state: started
- enabled: yes
+ enabled: true
tags:
- nginx
- webservices
@@ -227,7 +227,7 @@
service:
name: nginx-proxy
state: started
- enabled: yes
+ enabled: true
tags:
- nginx
- webservices
diff --git a/webserver/vars/main.yml b/webserver/vars/main.yml
index 8d030c82a68fed1a0792cedb37c7d563d778f13f..63346fad5d48e5fc63512c745aac1e05e3f6f4bd 100644
--- a/webserver/vars/main.yml
+++ b/webserver/vars/main.yml
@@ -1,4 +1,5 @@
---
+# yamllint disable rule:line-length
ciphers:
modern: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
diff --git a/wordpress/defaults/main.yml b/wordpress/defaults/main.yml
index 45f4a4b2197de4312d8f3c5d6c0ab47795db38ae..470dd70dc85e8e66fc945948ef65c4780a5014d0 100644
--- a/wordpress/defaults/main.yml
+++ b/wordpress/defaults/main.yml
@@ -10,7 +10,7 @@ wordpress_group: wordpress
wordpress_dbtype: mysql
wordpress_dbhost: localhost
-wordpress_dbislocal: yes
+wordpress_dbislocal: true
wordpress_dbname: "{{ wordpress_name }}"
wordpress_dbuser: "{{ wordpress_name }}"
-wordpress_dbpassword:
+wordpress_dbpassword: ''
diff --git a/wordpress/tasks/main.yml b/wordpress/tasks/main.yml
index 864894c27467da2d80d2129baa0727af9c5c2bd9..22d4b036b6c34462c730e0dbfdc652e3f5da76fb 100644
--- a/wordpress/tasks/main.yml
+++ b/wordpress/tasks/main.yml
@@ -5,7 +5,7 @@
apt:
name: aufs-tools
state: present
- install_recommends: no
+ install_recommends: false
tags:
- wordpress
- webservices
@@ -14,7 +14,7 @@
apt:
name: wordpress
state: present
- install_recommends: no
+ install_recommends: false
default-release: jessie-backports
when: debian_version == 'jessie'
tags:
@@ -25,7 +25,7 @@
apt:
name: wordpress
state: present
- install_recommends: no
+ install_recommends: false
when: debian_version == 'stretch'
tags:
- wordpress
@@ -35,7 +35,7 @@
group:
name: "{{ wordpress_user }}"
state: present
- system: yes
+ system: true
tags:
- wordpress
- webservices
@@ -45,10 +45,10 @@
name: "{{ wordpress_user }}"
group: "{{ wordpress_group }}"
state: present
- system: yes
+ system: true
shell: /usr/bin/nologin
home: "{{ wordpress_web_root }}"
- createhome: no
+ createhome: false
tags:
- wordpress
- webservices
@@ -67,6 +67,7 @@
- wordpress
- webservices
+# yamllint disable-line rule:line-length
- name: "ensure local folders without write permissions for {{ wordpress_name }} exist"
file:
state: directory
@@ -80,6 +81,7 @@
- wordpress
- webservices
+# yamllint disable-line rule:line-length
- name: "ensure local folders with write permissions for {{ wordpress_name }} exist"
file:
state: directory
@@ -97,11 +99,13 @@
- wordpress
- webservices
+# yamllint disable-line rule:line-length
- name: "ensure the directories for {{ wordpress_name }} are mounted above each other"
mount:
state: mounted
fstype: aufs
name: "{{ wordpress_web_root }}/{{ wordpress_name }}/"
+ # yamllint disable-line rule:line-length
opts: "br={{ wordpress_web_root }}/{{ wordpress_name }}-files/:/usr/share/wordpress,udba=reval"
src: none
tags:
@@ -131,11 +135,12 @@
template:
src: secrets.php.j2
dest: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/secrets.php"
- force: no
+ force: false
tags:
- wordpress
- webservices
+# yamllint disable-line rule:line-length
- name: "ensure wordpress can access javascript files that debian places somewhere else"
file:
src: /usr/share/javascript
@@ -146,4 +151,3 @@
- webservices
- include: mysql.yml
-
diff --git a/wordpress/tasks/mysql.yml b/wordpress/tasks/mysql.yml
index 903e40a11c9218d42c79533683f4012f15edeb88..699c22e405a7c1e749150555d93941776986052e 100644
--- a/wordpress/tasks/mysql.yml
+++ b/wordpress/tasks/mysql.yml
@@ -4,7 +4,7 @@
- name: ensure php can talk with mysql
apt:
name: php5-mysql
- state: latest
+ state: present
when: debian_version == 'jessie'
tags:
- wordpress
@@ -13,7 +13,7 @@
- name: ensure php can talk with mysql
apt:
name: php-mysql
- state: latest
+ state: present
when: debian_version == 'stretch'
tags:
- wordpress
@@ -24,8 +24,9 @@
name: "{{ wordpress_dbname }}"
state: present
login_user: root
+ # yamllint disable-line rule:line-length
login_password: "{{ lookup('passwordstore', 'db/{{ wordpress_dbhost }}-{{ wordpress_dbtype }} create=true length=20')}}"
- no_log: True
+ no_log: true
tags:
- wordpress
- webservices
@@ -36,10 +37,10 @@
password: "{{ wordpress_dbpassword }}"
state: present
login_user: root
+ # yamllint disable-line rule:line-length
login_password: "{{ lookup('passwordstore', 'db/{{ wordpress_dbhost }}-{{ wordpress_dbtype }} create=true length=20')}}"
priv: "{{ wordpress_dbname }}.*:ALL"
- no_log: True
+ no_log: true
tags:
- wordpress
- webservices
-