diff --git a/.yamllint b/.yamllint index 2522155..6e223ae 100644 --- a/.yamllint +++ b/.yamllint @@ -2,6 +2,7 @@ extends: default rules: + comments-indentation: disable line-length: disable truthy: allowed-values: diff --git a/group-k3s.yml b/group-k3s.yml index e653d64..22c521d 100644 --- a/group-k3s.yml +++ b/group-k3s.yml @@ -6,4 +6,4 @@ - name: Ensure nfs-common is installed on k3s VMs ansible.builtin.apt: pkg: nfs-common - state: present \ No newline at end of file + state: present diff --git a/host-beaker.yml b/host-beaker.yml index 1cf198c..ba571fa 100644 --- a/host-beaker.yml +++ b/host-beaker.yml @@ -22,6 +22,6 @@ ansible.builtin.lineinfile: path: /etc/pve/user.cfg regexp: "^group:Admins:" - line: "group:Admins:{{ users | map(attribute = 'logname') | join(\"@pam,\") }}@pam::" + line: "group:Admins:{{ users | map(attribute='logname') | join(\"@pam,\") }}@pam::" handlers: diff --git a/host-krypton.yml b/host-krypton.yml index 7a45ca0..2623afa 100644 --- a/host-krypton.yml +++ b/host-krypton.yml @@ -98,9 +98,9 @@ rule: allow port: '389' proto: tcp - from: "{{ item }}" + from: "{{ item }}" comment: LDAP Docker Access - loop: "{{ docker_ip_ranges }}" + loop: "{{ docker_ip_ranges }}" - name: Allow access to openLDAP from local docker container [2/2] become: true @@ -108,9 +108,9 @@ rule: allow port: '636' proto: tcp - from: "{{ item }}" + from: "{{ item }}" comment: LDAP Docker Access - loop: "{{ docker_ip_ranges }}" + loop: "{{ docker_ip_ranges }}" - name: Ensure container for entities validation service is running diff --git a/host-platon.yml b/host-platon.yml index 41d033c..b16bb93 100644 --- a/host-platon.yml +++ b/host-platon.yml @@ -141,7 +141,7 @@ mode: "0644" register: wiringPi_copy - - name: Install wiringPi library # noqa 503 + - name: Install wiringPi library # noqa: no-handler ansible.builtin.apt: state: present deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb" diff --git a/host-radon.yml b/host-radon.yml index 58e55fa..f82edc9 100644 --- a/host-radon.yml +++ b/host-radon.yml @@ -13,7 +13,7 @@ nodered_image: nodered/node-red:3.0.1-1-18 nodered_data: "{{ data_dir }}/nodered" - rabbitmq_image: bitnami/rabbitmq:4.0.5 + rabbitmq_image: bitnami/rabbitmq:4.0.6 rabbitmq_data: "{{ data_dir }}/rabbitmq" pwr_meter_pulse_gw_image: netz39/power-meter-pulse-gateway:0.3.0 diff --git a/host-unicorn.yml b/host-unicorn.yml index 1c48750..2ccca3a 100644 --- a/host-unicorn.yml +++ b/host-unicorn.yml @@ -13,7 +13,7 @@ - name: Setup the docker container for unifi-controller docker_container: name: unifi-controller - image: jacobalberty/unifi:v9.0.108 + image: jacobalberty/unifi:v9.0.114 state: started restart_policy: unless-stopped container_default_behavior: no_defaults @@ -22,13 +22,13 @@ # These fixed ports are needed. # https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used ports: - - "8080:8080/tcp" # Device command/control - - "8443:8443/tcp" # Web interface + API - - "8843:8843/tcp" # HTTPS portal - - "8880:8880/tcp" # HTTP portal - - "3478:3478/udp" # STUN service - - "6789:6789/tcp" # Speed Test (unifi5 only) - - "10001:10001/udp" # Used for device discovery. + - "8080:8080/tcp" # Device command/control + - "8443:8443/tcp" # Web interface + API + - "8843:8843/tcp" # HTTPS portal + - "8880:8880/tcp" # HTTP portal + - "3478:3478/udp" # STUN service + - "6789:6789/tcp" # Speed Test (unifi5 only) + - "10001:10001/udp" # Used for device discovery. volumes: - "{{ data_dir }}/unifi-controller/data:/unifi/data" - "{{ data_dir }}/unifi-controller/log:/unifi/log" diff --git a/host-wittgenstein.yml b/host-wittgenstein.yml index c770b5f..c7a6869 100644 --- a/host-wittgenstein.yml +++ b/host-wittgenstein.yml @@ -94,7 +94,7 @@ force: no register: wiringPi_download - - name: Install wiringPi library # noqa 503 + - name: Install wiringPi library # noqa: no-handler ansible.builtin.apt: state: present deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb" @@ -140,13 +140,13 @@ detach: yes restart_policy: unless-stopped ports: - - "0.0.0.0:{{ spaceapi_host_port }}:8080" # Must be reached by pottwal + - "0.0.0.0:{{ spaceapi_host_port }}:8080" # Must be reached by pottwal # - "127.0.0.1:{{ spaceapi_host_port }}:8080" env: TZ: "{{ timezone }}" MQTT_BROKER: "platon.n39.eu" MQTT_TOPIC_STATUS: "{{ spaceapi_topic_status }}" - MQTT_TOPIC_LASTCHANGE: "{{ spaceapi_topic_lastchange }}" + MQTT_TOPIC_LASTCHANGE: "{{ spaceapi_topic_lastchange }}" tags: - spaceapi diff --git a/host_vars/pottwal.n39.eu/vars.yml b/host_vars/pottwal.n39.eu/vars.yml index aa8fc15..936605a 100644 --- a/host_vars/pottwal.n39.eu/vars.yml +++ b/host_vars/pottwal.n39.eu/vars.yml @@ -12,23 +12,23 @@ cleanuri_amqp_vhost: "/cleanuri" forgejo_host_port: 9091 forgejo_ssh_port: 2222 forgejo_domain_name: git.n39.eu -forgejo_image: codeberg.org/forgejo/forgejo:10.0.0 +forgejo_image: codeberg.org/forgejo/forgejo:10.0.1 shlink_host_port: 8083 shlink_domain_name: sl.n39.eu -shlink_image: shlinkio/shlink:4.4.0 +shlink_image: shlinkio/shlink:4.4.4 shlink_initial_api_key: "{{ vault_shlink_initial_api_key }}" shlink_postgres_password: "{{ vault_shlink_postgres_password }}" hedgedoc_host_port: 8084 hedgedoc_domain_name: pad.n39.eu -hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.10.0 +hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.10.2 hedgedoc_db_image: postgres:16.4-alpine hedgedoc_postgres_password: "{{ vault_hedgedoc_postgres_password }}" redmine_host_port: 8087 redmine_domain_name: redmine.n39.eu -redmine_image: redmine:6.0.2 +redmine_image: redmine:6.0.3 redmine_mysql_image: mysql:8.4 redmine_database: redmine redmine_database_password: "{{ vault_redmine_database_password }}" @@ -42,7 +42,7 @@ influxdb_init_password: "{{ vault_influxdb_init_password }}" jabber_host_port: 8086 prosody_domain_name: jabber.n39.eu prosody_image: netz39/prosody:0.11 -prosody_web_image: joseluisq/static-web-server:2.35 +prosody_web_image: joseluisq/static-web-server:2.36 prosody_config_dir: "/etc/prosody" prosody_data_dir: "{{ data_dir }}/prosody" @@ -52,14 +52,14 @@ uptimekuma_image: louislam/uptime-kuma:1.23.16 grafana_host_port: 8089 grafana_domain_name: grafana.n39.eu -grafana_image: grafana/grafana:11.4.0 +grafana_image: grafana/grafana:11.5.2 grafana_admin_password: "{{ vault_grafana_admin_password }}" homebox_host_port: 8092 homebox_domain_name: inventory.n39.eu homebox_image: ghcr.io/hay-kot/homebox:v0.10.3 -renovate_image: renovate/renovate:39.84.0 +renovate_image: renovate/renovate:39.161.0 renovate_forgejo_pat: "{{ vault_renovate_forgejo_pat }}" renovate_github_pat: "{{ vault_renovate_github_pat }}" renovate_git_user: "Renovate Bot " diff --git a/host_vars/radon.n39.eu/vars.yml b/host_vars/radon.n39.eu/vars.yml index e224d5c..0fe0902 100644 --- a/host_vars/radon.n39.eu/vars.yml +++ b/host_vars/radon.n39.eu/vars.yml @@ -11,4 +11,3 @@ kiosk_grafana_user: "{{ vault_kiosk_grafana_user }}" kiosk_grafana_pass: "{{ vault_kiosk_grafana_pass }}" kiosk_mqtt_host: "mqtt.n39.eu" kiosk_mqtt_topic: "Netz39/Things/HackingDashboard/Screenshot" - diff --git a/host_vars/wittgenstein.n39.eu/vars.yml b/host_vars/wittgenstein.n39.eu/vars.yml index 6479b44..6bca558 100644 --- a/host_vars/wittgenstein.n39.eu/vars.yml +++ b/host_vars/wittgenstein.n39.eu/vars.yml @@ -1,3 +1,4 @@ +--- server_admin: "admin+wittgenstein@netz39.de" mac: "b8:27:eb:48:f1:59" ansible_python_interpreter: /usr/bin/python3 diff --git a/roles/cleanuri/tasks/main.yml b/roles/cleanuri/tasks/main.yml index b968729..9490a6f 100644 --- a/roles/cleanuri/tasks/main.yml +++ b/roles/cleanuri/tasks/main.yml @@ -35,7 +35,7 @@ env: TZ: "{{ timezone }}" AMQP_HOST: "{{ cleanuri_amqp_host }}" - AMQP_USER: "{{ cleanuri_amqp_user }}" + AMQP_USER: "{{ cleanuri_amqp_user }}" AMQP_PASS: "{{ cleanuri_amqp_pass }}" AMQP_VHOST: "{{ cleanuri_amqp_vhost }}" GATEWAY_RESULT_QUEUE: "{{ cleanuri_amqp_results }}" @@ -52,7 +52,7 @@ env: TZ: "{{ timezone }}" AMQP_HOST: "{{ cleanuri_amqp_host }}" - AMQP_USER: "{{ cleanuri_amqp_user }}" + AMQP_USER: "{{ cleanuri_amqp_user }}" AMQP_PASS: "{{ cleanuri_amqp_pass }}" AMQP_VHOST: "{{ cleanuri_amqp_vhost }}" CANONIZER_TASK_QUEUE: "{{ cleanuri_amqp_canonizer }}" @@ -69,7 +69,7 @@ env: TZ: "{{ timezone }}" AMQP_HOST: "{{ cleanuri_amqp_host }}" - AMQP_USER: "{{ cleanuri_amqp_user }}" + AMQP_USER: "{{ cleanuri_amqp_user }}" AMQP_PASS: "{{ cleanuri_amqp_pass }}" AMQP_VHOST: "{{ cleanuri_amqp_vhost }}" EXTRACTION_TASK_QUEUE: "{{ cleanuri_amqp_retrieval }}" diff --git a/roles/docker_setup/tasks/main.yml b/roles/docker_setup/tasks/main.yml index cdfedfb..5a42436 100644 --- a/roles/docker_setup/tasks/main.yml +++ b/roles/docker_setup/tasks/main.yml @@ -34,7 +34,7 @@ dest: /etc/apt/sources.list.d/docker.list register: apt_repo -- name: Update package cache # noqa 503 +- name: Update package cache # noqa: no-handler ansible.builtin.apt: update_cache: true when: apt_repo.changed diff --git a/roles/nfs-host/tasks/main.yml b/roles/nfs-host/tasks/main.yml index c1ac52d..a6423ff 100644 --- a/roles/nfs-host/tasks/main.yml +++ b/roles/nfs-host/tasks/main.yml @@ -3,9 +3,9 @@ ansible.builtin.apt: state: present name: - - nfs-kernel-server - - nfs-common - - parted + - nfs-kernel-server + - nfs-common + - parted - name: Create a new ext4 primary partition community.general.parted: diff --git a/roles/nginx_https_ingress/tasks/main.yml b/roles/nginx_https_ingress/tasks/main.yml index 64884a5..b922472 100644 --- a/roles/nginx_https_ingress/tasks/main.yml +++ b/roles/nginx_https_ingress/tasks/main.yml @@ -8,9 +8,9 @@ ansible.builtin.apt: state: present name: - - apt-transport-https - - ca-certificates - - gnupg2 + - apt-transport-https + - ca-certificates + - gnupg2 ### Setup APT cache for the nginx repository # @@ -33,7 +33,7 @@ src: files/apt-preference-99nginx dest: /etc/apt/preferences.d/99nginx -- name: Update package cache # noqa 503 +- name: Update package cache # noqa: no-handler ansible.builtin.apt: update_cache: true when: apt_repo.changed @@ -45,7 +45,7 @@ state: present name: # This version of nginx comes with the ngx_stream_core_module module - - nginx + - nginx ### Configuration