Automated changes from linter ;P

2024-07-11 20:47:52 +02:00 · 2024-07-11 20:47:52 +02:00 · f7f04e7a41
commit f7f04e7a41
parent 44b73a216f
65 changed files with 392 additions and 324 deletions
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@ -1,35 +1,42 @@
 ---
 - tags: [ debian-upgrade, never ]
-  import_tasks: debian-upgrade.yaml
+  ansible.builtin.import_tasks:
+    file: debian-upgrade.yaml
  when: ansible_facts['distribution_release'] != "bookworm"

 - tags: debian_backports
-  import_tasks: debian-backports.yaml
+  ansible.builtin.import_tasks:
+    file: debian-backports.yaml

 - tags: unattended_updates
-  import_tasks: unattended-updates.yaml
+  ansible.builtin.import_tasks:
+    file: unattended-updates.yaml

 - tags: apt-minimal
-  import_tasks: apt-minimal.yaml
+  ansible.builtin.import_tasks:
+    file: apt-minimal.yaml

 - tags: network
-  import_tasks: network.yaml
+  ansible.builtin.import_tasks:
+    file: network.yaml

 - tags: node-exporter
-  import_tasks: node-exporter.yaml
+  ansible.builtin.import_tasks:
+    file: node-exporter.yaml

 - tags: vm
-  import_tasks: node-exporter.yaml
+  ansible.builtin.import_tasks:
+    file: node-exporter.yaml
  when: is_vm

 - name: Remove Vim
-  apt:
+  ansible.builtin.apt:
    name: vim
    state: absent
    autoremove: true

 - name: Install utilities
-  apt:
+  ansible.builtin.apt:
    name:
      - curl
      - fzf
@ -46,38 +53,38 @@
      - neovim

 - name: Remove netcat-traditional
-  apt:
+  ansible.builtin.apt:
    name: netcat-traditional

 - name: Configure FZF for Bash
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/bash.bashrc
    insertafter: EOF
    regexp: "^source /usr/share/doc/fzf/examples/key-bindings.bash"
    line: "source /usr/share/doc/fzf/examples/key-bindings.bash # Managed by Ansible"

 - name: Configure FZF for Bash (Bookworm)
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/bash.bashrc
    insertafter: EOF
    regexp: "^source /usr/share/doc/fzf/examples/completion.bash"
    state: absent

 - name: Shorten Grub timeout
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/default/grub
    regexp: '^GRUB_TIMEOUT='
    line: "GRUB_TIMEOUT=1 # Managed by Ansible"
  notify: update grub

 - name: Configure cron email
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/crontab
    insertafter: '^PATH'
    line: 'MAILTO={{ notify_email }}'

 - name: Configure SSH
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
@ -91,7 +98,7 @@
  notify: reload sshd

 - name: Allow SSH
-  iptables:
+  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    destination_port: "{{ ssh_port }}"
@ -104,7 +111,7 @@
  notify: persist iptables

 - name: Allow ICMP
-  iptables:
+  ansible.builtin.iptables:
    chain: INPUT
    protocol: "{{ item.proto }}"
    jump: ACCEPT
@ -115,7 +122,7 @@
  notify: persist iptables

 - name: Allow related and established connections
-  iptables:
+  ansible.builtin.iptables:
    chain: INPUT
    ctstate: ESTABLISHED,RELATED
    jump: ACCEPT
@ -126,7 +133,7 @@
  notify: persist iptables

 - name: Allow local connections
-  iptables:
+  ansible.builtin.iptables:
    chain: INPUT
    source: "{{ item.cidr }}"
    jump: ACCEPT
@ -135,7 +142,7 @@
  notify: persist iptables

 - name: Deny inbound connections
-  iptables:
+  ansible.builtin.iptables:
    chain: INPUT
    policy: DROP
    ip_version: "{{ item }}"