Merge pull request #166 from cschug/reduce_ansible_lint_issues

Reduce number of issues reported by Ansible Lint

ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml

@@ -1,19 +1,25 @@
 ---
-- name: install fail2ban and configure sshd
+- name: Install fail2ban and configure sshd
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-  - name: install fail2ban
-    ansible.builtin.apt:
-      name:
-        - fail2ban
-      update_cache: yes
-  - name: copy fail2ban configfiles
-    ansible.builtin.copy:
-      src: configfiles/debian-sshd-default.conf
-      dest: /etc/fail2ban/jail.d/debian-sshd-default.conf
-  - name: restart fail2ban
-    ansible.builtin.systemd_service:
-      state: restarted
-      daemon_reload: yes
-      name: fail2ban
+    - name: Install fail2ban
+      ansible.builtin.apt:
+        name:
+          - fail2ban
+        update_cache: true
+
+    - name: Copy fail2ban config file
+      ansible.builtin.copy:
+        src: configfiles/debian-sshd-default.conf
+        dest: /etc/fail2ban/jail.d/debian-sshd-default.conf
+        mode: '0644'
+        owner: root
+        group: root
+
+    - name: Restart fail2ban
+      ansible.builtin.systemd_service:
+        state: restarted
+        daemon_reload: true
+        name: fail2ban

ansible/configuration/ssh/config-add-sshkey.yaml

@@ -1,17 +1,19 @@
 ---
-- name: add ssh key
+- name: Add ssh key
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-  - name: install public keys
-    ansible.posix.authorized_key:
-      user: "{{ lookup('env','USER') }}"
-      state: present
-      key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
-  - name: change sudoers file
-    ansible.builtin.lineinfile:
-      path: /etc/sudoers
-      state: present
-      regexp: '^%sudo'
-      line: '%sudo ALL=(ALL) NOPASSWD: ALL'
-      validate: /usr/sbin/visudo -cf %s
+    - name: Install public keys
+      ansible.posix.authorized_key:
+        user: "{{ lookup('env', 'USER') }}"
+        state: present
+        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+
+    - name: Change sudoers file
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers
+        state: present
+        regexp: '^%sudo'
+        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+        validate: /usr/sbin/visudo -cf %s

ansible/deployment/portainer/deploy-portainer.yaml

@@ -1,19 +1,21 @@
 ---
-- name: deploy portainer-ce latest
+- name: Deploy portainer-ce latest
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
   become_user: "{{ lookup('env','USER') }}"
+
   tasks:
-  - name: create new volume
-    community.docker.docker_volume:
-      name: portainer-data
-  - name: deploy portainer
-    community.docker.docker_container:
-      name: portainer
-      image: "docker.io/portainer/portainer-ce"
-      ports:
-        - "9443:9443"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        - portainer-data:/data
-      restart_policy: unless-stopped
+    - name: Create new volume
+      community.docker.docker_volume:
+        name: portainer-data
+
+    - name: Deploy portainer
+      community.docker.docker_container:
+        name: portainer
+        image: "docker.io/portainer/portainer-ce"
+        ports:
+          - "9443:9443"
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+          - portainer-data:/data
+        restart_policy: unless-stopped

ansible/deployment/traefik/deploy-traefik.yaml

@@ -1,17 +1,18 @@
 ---
-- name: deploy traefik v2.5
+- name: Deploy traefik v2.5
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+
   tasks:
-  - name: deploy traefik
-    become_user: "{{ lookup('env','USER') }}"
-    community.docker.docker_container:
-      name: traefik
-      image: "traefik:v2.5"
-      ports:
-        - "80:80"
-        - "443:443"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        - /etc/traefik:/etc/traefik
-      restart_policy: unless-stopped
+    - name: Deploy traefik
+      community.docker.docker_container:
+        name: traefik
+        image: "traefik:v2.5"
+        ports:
+          - "80:80"
+          - "443:443"
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+          - /etc/traefik:/etc/traefik
+        restart_policy: unless-stopped
+      become: true
+      become_user: "{{ lookup('env', 'USER') }}"

ansible/installation/inst-core.yaml

@@ -1,10 +1,12 @@
-- name: install core packages
+---
+- name: Install core packages
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-  - name: install core packages
-    ansible.builtin.apt:
-      name:
-        - prometheus-node-exporter
-        - nfs-common
-      update_cache: yes
+    - name: Install core packages
+      ansible.builtin.apt:
+        name:
+          - prometheus-node-exporter
+          - nfs-common
+        update_cache: true

ansible/installation/inst-docker-ubuntu.yaml

@@ -1,9 +1,10 @@
 ---
-- name: install docker
+- name: Install docker
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-    - name: install docker dependencies
+    - name: Install docker dependencies
       ansible.builtin.apt:
         name:
           - apt-transport-https
@@ -11,18 +12,21 @@
           - curl
           - gnupg-agent
           - software-properties-common
-        update_cache: yes
-    - name: add docker gpg key
+        update_cache: true
+
+    - name: Add docker gpg key
       ansible.builtin.apt_key:
         url: https://download.docker.com/linux/ubuntu/gpg
         state: present
         keyring: /etc/apt/keyrings/docker.gpg
-    - name: add docker repository
+
+    - name: Add docker repository
       ansible.builtin.apt_repository:
-        filename: docker 
-        repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename|lower }} stable
+        filename: docker
+        repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename | lower }} stable
         state: present
-    - name: install docker engine
+
+    - name: Install docker engine
       ansible.builtin.apt:
         name:
           - docker-ce
@@ -31,4 +35,4 @@
           - docker-buildx-plugin
           - docker-scan-plugin
           - docker-compose-plugin
-        update_cache: yes
+        update_cache: true

ansible/installation/inst-k8s/inst-k8s.yaml

@@ -1,5 +1,4 @@
 ---
-
 - name: Setup Prerequisites To Install Kubernetes
   hosts: instance
   become: true

ansible/installation/inst-microk8s.yaml

@@ -1,11 +1,16 @@
 ---
-- name: install microk8s
+- name: Install microk8s
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-    - name: install microk8s
+    - name: Install microk8s
       community.general.snap:
-        classic: yes
+        classic: true
         name: microk8s
-    - name: add userpermissions
-      ansible.builtin.shell: "usermod -aG microk8s {{ lookup('env','USER') }}"
+
+    - name: Add user to group microk8s
+      ansible.builtin.user:
+        name: "{{ lookup('env', 'USER') }}"
+        groups: microk8s
+        append: true

ansible/installation/inst-qemu-agent.yaml

@@ -2,7 +2,8 @@
 - name: Install qemu-guest-agent package
   hosts: all
   become: true
-  become_method: sudo
+  become_method: ansible.builtin.sudo
+
   tasks:
     - name: Install qemu-guest-agent
       ansible.builtin.apt:

ansible/installation/inst-vm-core.yaml

@@ -1,17 +1,19 @@
 ---
-- name: install core packages for virtual machines
+- name: Install core packages for virtual machines
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-  - name: install packages
-    ansible.builtin.apt:
-      name:
-        - prometheus-node-exporter
-        - nfs-common
-        - qemu-guest-agent
-      update_cache: yes
-  - name: start guest qemu-guest-agent
-    ansible.builtin.service:
-      name: qemu-guest-agent
-      state: started
-      enabled: yes
+    - name: Install packages
+      ansible.builtin.apt:
+        name:
+          - prometheus-node-exporter
+          - nfs-common
+          - qemu-guest-agent
+        update_cache: true
+
+    - name: Start guest qemu-guest-agent
+      ansible.builtin.service:
+        name: qemu-guest-agent
+        state: started
+        enabled: true

ansible/installation/inst-wireguard.yaml

@@ -1,13 +1,15 @@
 ---
-- name: install wireguard
+- name: Install wireguard
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-    - name: install wireguard
+    - name: Install wireguard
       ansible.builtin.apt:
         name: wireguard
-        update_cache: yes
-    - name: generate private and public keypair
+        update_cache: true
+
+    - name: Generate private and public keypair
       ansible.builtin.shell: |
         wg genkey | tee privatekey | wg pubkey > publickey
         chmod 0400 privatekey

ansible/installation/inst-zsh.yaml

@@ -1,9 +1,10 @@
 ---
-- name: install zsh
+- name: Install zsh
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-    - name: install zsh
+    - name: Install zsh
       ansible.builtin.apt:
         name: zsh
         state: present

ansible/maintenance/maint-diskspace.yaml

@@ -1,14 +1,19 @@
 ---
-- name: check disk space
+- name: Check disk space
   hosts: "{{ my_hosts | d([]) }}"
+
   tasks:
-    - name: get disk usage
-      ansible.builtin.command: df -h
+    - name: Check disk space available
+      ansible.builtin.shell:
+        cmd: |
+          set -euo pipefail
+          df -Ph / | awk 'NR==2 {print $5}'
+        executable: /bin/bash
+      changed_when: false
+      check_mode: false
       register: disk_usage
-    - name: check disk space available
-      ansible.builtin.shell: df -Ph / | awk 'NR==2 {print $5}'
-      register: disk_usage
-    # - name: send discord message when disk space is over 80%
+
+    # - name: Send discord message when disk space is over 80%
     #   uri:
     #     url: "your-webhook"
     #     method: POST

ansible/maintenance/maint-docker-clean.yaml

@@ -1,8 +1,9 @@
 ---
-- name: clean docker
+- name: Clean docker
   hosts: "{{ my_hosts | d([]) }}"
+
   tasks:
-    - name: prune non-dangling images
+    - name: Prune non-dangling images
       community.docker.docker_prune:
         containers: false
         images: true

ansible/maintenance/maint-reboot-required.yaml

@@ -1,13 +1,16 @@
 ---
-- name: check if system reboot is required
+- name: Check if system reboot is required
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-    - name: check if system reboot is required
+    - name: Check if system reboot is required
       become: true
       ansible.builtin.stat:
         path: /var/run/reboot-required
       register: reboot_required
-    - ansible.builtin.debug:
+
+    - name: Report if reboot is required
+      ansible.builtin.debug:
         msg: "Reboot is required"
       when: reboot_required.stat.exists

ansible/maintenance/maint-reboot.yaml

@@ -1,8 +1,9 @@
 ---
-- name: reboot machine
+- name: Reboot machine
   hosts: "{{ my_hosts | d([]) }}"
-  become: yes
+  become: true
+
   tasks:
-  - name: reboot machine
-    ansible.builtin.reboot:
-      reboot_timeout: 3600
+    - name: Reboot machine
+      ansible.builtin.reboot:
+        reboot_timeout: 3600

ansible/notification/notify-discord.yaml

@@ -9,7 +9,7 @@
 # In order to generate a webhook, please see
 # https://support.discord.com/hc/en-us/articles/360045093012-Server-Integrations-Page
 
-- name: notify discord
+- name: Notify discord
 
   hosts: "{{ my_hosts | d([]) }}"
 
@@ -62,7 +62,7 @@
     notify_discord_send_from_host: localhost
 
   tasks:
-    - name: send discord message
+    - name: Send Discord message
       community.general.discord:
         username: "{{ notify_discord_username }}"
         webhook_id: "{{ notify_discord_webhook_id }}"

ansible/update/upd-apt-dist.yaml

@@ -1 +1 @@
-
+---

ansible/update/upd-apt.yaml

@@ -1,17 +1,18 @@
 ---
 - name: Update and upgrade apt packages
-  hosts: all 
+  hosts: all
+
   tasks:
     - name: Update packages with apt
       when: ansible_pkg_mgr == 'apt'
       ansible.builtin.apt:
-        update_cache: yes
+        update_cache: true
 
     - name: Update packages with yum
       when: ansible_pkg_mgr == 'yum'
       ansible.builtin.yum:
         name: '*'
-        state: latest
+        state: latest # noqa: package-latest
 
     - name: Upgrade packages with apt
       when: ansible_pkg_mgr == 'apt'
@@ -22,5 +23,5 @@
       when: ansible_pkg_mgr == 'yum'
       ansible.builtin.yum:
         name: '*'
-        state: latest
+        state: latest # noqa: package-latest
         exclude: kernel*

vagrant/hyperv/ubuntu/docker/playbook.yaml

@@ -1,29 +1,38 @@
 ---
-- hosts: all
-  become: yes
+- name: Install Docker
+  hosts: all
+  become: true
+
   tasks:
-    - name: install prerequisites
+    - name: Install prerequisites
       ansible.builtin.apt:
         name:
           - apt-transport-https
-          - ca-certificates 
-          - curl 
+          - ca-certificates
+          - curl
           - gnupg-agent
           - software-properties-common
-        update_cache: yes
-    - name: add apt-key
+        update_cache: true
+
+    - name: Add apt-key
       ansible.builtin.apt_key:
         url: https://download.docker.com/linux/ubuntu/gpg
-    - name: add docker repo
+
+    - name: Add docker repo
       ansible.builtin.apt_repository:
         repo: deb https://download.docker.com/linux/ubuntu focal stable
-    - name: install docker 
+
+    - name: Install docker
       ansible.builtin.apt:
-        name: 
+        name:
           - docker-ce
           - docker-ce-cli
           - containerd.io
           - docker-compose
-        update_cache: yes
-    - name: add userpermissions
-      ansible.builtin.shell: "usermod -aG docker vagrant"
+        update_cache: true
+
+    - name: Add user vagrant to group docker
+      ansible.builtin.user:
+        name: vagrant
+        groups: docker
+        append: true

vagrant/hyperv/ubuntu/microk8s-installed/playbook.yaml

@@ -1,11 +1,16 @@
 ---
-- hosts: all
-  become: yes
+- name: Install microk8s
+  hosts: all
+  become: true
+
   tasks:
-  - name: install microk8s
-    community.general.snap:
-      classic: yes
-      name: microk8s
-  - name: add userpermissions
-    ansible.builtin.shell: "usermod -aG microk8s vagrant"
+    - name: Install microk8s
+      community.general.snap:
+        classic: true
+        name: microk8s
 
+    - name: Add user vagrant to group microk8s
+      ansible.builtin.user:
+        name: vagrant
+        groups: microk8s
+        append: true

vagrant/hyperv/ubuntu/plain-with-cockpit/playbook.yaml

@@ -1,8 +1,10 @@
 ---
-- hosts: all
-  become: yes
+- name: Install Cockpit
+  hosts: all
+  become: true
+
   tasks:
-  - name: install cockpit
-    ansible.builtin.apt:
-      name: cockpit
-      update_cache: yes
+    - name: Install cockpit
+      ansible.builtin.apt:
+        name: cockpit
+        update_cache: true