1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_dotfiles.git synced 2024-08-16 16:09:49 +02:00

secure vim for gopass usage and imporve linting

+ secured vim for gopass usage
+ improved linting
+ added yamllinting check
This commit is contained in:
L3D 2021-01-25 16:29:11 +01:00
parent 1d17b45e95
commit ebe7b31f11
Signed by: l3d
GPG key ID: CD08445BFF4313D1
28 changed files with 183 additions and 141 deletions

2
.github/FUNDING.yml vendored
View file

@ -1,5 +1,5 @@
---
# These are supported funding model platforms # These are supported funding model platforms
github: [do1jlr] github: [do1jlr]
liberapay: L3D liberapay: L3D
custom: https://paypal.me/c3woc

View file

@ -1,5 +1,7 @@
---
name: Ansible check archlinux:latest name: Ansible check archlinux:latest
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with archlinux:latest - name: ansible check with archlinux:latest
uses: roles-ansible/check-ansible-archlinux-latest-action@master uses: roles-ansible/check-ansible-archlinux-latest-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check centos:centos7 name: Ansible check centos:centos7
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with ubuntu:centos7 - name: ansible check with ubuntu:centos7
uses: roles-ansible/check-ansible-centos-centos7-action@master uses: roles-ansible/check-ansible-centos-centos7-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check centos:centos8 name: Ansible check centos:centos8
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with ubuntu:centos8 - name: ansible check with ubuntu:centos8
uses: roles-ansible/check-ansible-centos-centos8-action@master uses: roles-ansible/check-ansible-centos-centos8-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check centos:latest name: Ansible check centos:latest
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with ubuntu:latest - name: ansible check with ubuntu:latest
uses: roles-ansible/check-ansible-centos-latest-action@master uses: roles-ansible/check-ansible-centos-latest-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check debian:buster name: Ansible check debian:buster
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with debian:buster - name: ansible check with debian:buster
uses: roles-ansible/check-ansible-debian-buster-action@master uses: roles-ansible/check-ansible-debian-buster-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check debian:latest name: Ansible check debian:latest
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with debian:latest - name: ansible check with debian:latest
uses: roles-ansible/check-ansible-debian-latest-action@master uses: roles-ansible/check-ansible-debian-latest-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check debian:sid name: Ansible check debian:sid
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with debian:sid - name: ansible check with debian:sid
uses: roles-ansible/check-ansible-debian-sid-action@master uses: roles-ansible/check-ansible-debian-sid-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check debian:stable name: Ansible check debian:stable
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with debian:stable - name: ansible check with debian:stable
uses: roles-ansible/check-ansible-debian-stable-action@master uses: roles-ansible/check-ansible-debian-stable-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check debian:stretch name: Ansible check debian:stretch
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with debian:stretch - name: ansible check with debian:stretch
uses: roles-ansible/check-ansible-debian-stretch-action@master uses: roles-ansible/check-ansible-debian-stretch-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check fedora:31 name: Ansible check fedora:31
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with fedora:31 - name: ansible check with fedora:31
uses: roles-ansible/check-ansible-fedora-31-action@master uses: roles-ansible/check-ansible-fedora-31-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check fedora:32 name: Ansible check fedora:32
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with fedora:32 - name: ansible check with fedora:32
uses: roles-ansible/check-ansible-fedora-32-action@master uses: roles-ansible/check-ansible-fedora-32-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check fedora:33 name: Ansible check fedora:33
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with fedora:33 - name: ansible check with fedora:33
uses: roles-ansible/check-ansible-fedora-33-action@master uses: roles-ansible/check-ansible-fedora-33-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check fedora:latest name: Ansible check fedora:latest
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with fedora:latest - name: ansible check with fedora:latest
uses: roles-ansible/check-ansible-fedora-latest-action@master uses: roles-ansible/check-ansible-fedora-latest-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible Lint check name: Ansible Lint check
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,13 +10,13 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Lint Ansible Playbook - name: Lint Ansible Playbook
uses: ansible/ansible-lint-action@master uses: ansible/ansible-lint-action@master
with: with:
targets: "." targets: "."
# [required] # [required]
# Paths to ansible files (i.e., playbooks, tasks, handlers etc..) # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
args: "" args: ""
# [optional] # [optional]

View file

@ -1,5 +1,7 @@
---
name: Ansible check ubuntu:bionic name: Ansible check ubuntu:bionic
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with ubuntu:bionic - name: ansible check with ubuntu:bionic
uses: roles-ansible/check-ansible-ubuntu-bionic-action@master uses: roles-ansible/check-ansible-ubuntu-bionic-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check ubuntu:latest name: Ansible check ubuntu:latest
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with ubuntu:latest - name: ansible check with ubuntu:latest
uses: roles-ansible/check-ansible-ubuntu-latest-action@master uses: roles-ansible/check-ansible-ubuntu-latest-action@master
with: with:
targets: "./" targets: "./"

View file

@ -1,5 +1,7 @@
---
name: Ansible check ubuntu:trusty name: Ansible check ubuntu:trusty
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -8,9 +10,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: ansible check with ubuntu:trusty - name: ansible check with ubuntu:trusty
uses: roles-ansible/check-ansible-ubuntu-trusty-action@master uses: roles-ansible/check-ansible-ubuntu-trusty-action@master
with: with:
targets: "./" targets: "./"

22
.github/workflows/yamllint.yaml vendored Normal file
View file

@ -0,0 +1,22 @@
---
name: 'Yamllint GitHub Actions'
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
yamllint:
name: 'Yamllint'
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@master
- name: 'Yamllint'
uses: karancode/yamllint-github-action@master
with:
yamllint_file_or_dir: '.'
yamllint_config_filepath: './.yamllint'
yamllint_strict: false
yamllint_comment: true
# env:
# GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }

View file

@ -1,29 +0,0 @@
---
# OS Details
os: linux
language: python
python: '3.8'
cache:
pip: true
# Install ansible and ansible-lint
install:
- pip install ansible
- pip install ansible-lint
# testing galaxy install and ansible lint
# more advanced testing is currently handled with
# github actions. The gh-actions for our test are there:
# https://github.com/roles-ansible and are tagged
# with 'github-actions' --> https://github.com/search?q=topic%3Agithub-actions+org%3Aroles-ansible&type=Repositories
script:
# - ansible-galaxy install do1jlr.dotfiles
- ansible-lint .
- echo -e "\n\n\n\n\nWe use github actions for more detailed tests.\n\n\n\n\n"
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
email:
on_success: never
on_failure: always

11
.yamllint Normal file
View file

@ -0,0 +1,11 @@
---
extends: default
rules:
# 280 chars should be enough, but don't fail if a line is longer
line-length:
max: 280
level: warning
braces:
level: warning
max-spaces-inside: 1

View file

@ -12,18 +12,17 @@ dotfiles__modify_bashrc: true
# list of aliases used in bashrc # list of aliases used in bashrc
dotfiles__aliases: dotfiles__aliases:
- { alias: "ls", command: "ls ", color: True } - { alias: "ls", command: "ls ", color: true }
- { alias: "grep", command: "grep", color: True } - { alias: "grep", command: "grep", color: true }
- { alias: "ll", command: "ls -alF", color: False } - { alias: "ll", command: "ls -alF", color: false }
- { alias: "la", command: "ls -A", color: False } - { alias: "la", command: "ls -A", color: false }
- { alias: "l", command: "ls -CF", color: False } - { alias: "l", command: "ls -CF", color: false }
- { alias: "lz", command: "ls -Z", color: False } - { alias: "lz", command: "ls -Z", color: false }
- { alias: "EDITOR", command: "/usr/bin/vim", color: False } - { alias: "EDITOR", command: "/usr/bin/vim", color: false }
- { alias: "VISUAL", command: "/usr/bin/gedit", color: False } - { alias: "VISUAL", command: "/usr/bin/gedit", color: false }
- { alias: "gitsubpull", command: "git submodule foreach '(git checkout \\$(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull)'", color: False } - { alias: "gitsubpull", command: "git submodule foreach '(git checkout \\$(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull)'", color: false }
- { alias: "pwgen", command: "/usr/bin/pwgen --num-passwords=3000 --numerals --capitalize --secure --no-vowels --ambiguous --symbols 95 1", color: false } - { alias: "pwgen", command: "/usr/bin/pwgen --num-passwords=3000 --numerals --capitalize --secure --no-vowels --ambiguous --symbols 95 1", color: false }
# enable bash completion # enable bash completion
dotfiles__bash_completion_enabled: true dotfiles__bash_completion_enabled: true

View file

@ -1,6 +1,6 @@
--- ---
- name: Create a global bashrc configuration - name: Create a global bashrc configuration
become: yes become: true
template: template:
src: 'templates/bash.bashrc' src: 'templates/bash.bashrc'
dest: '/etc/bash.bashrc' dest: '/etc/bash.bashrc'
@ -9,7 +9,7 @@
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
- name: Copy bashrc configuration to root - name: Copy bashrc configuration to root
become: yes become: true
template: template:
src: 'templates/bashrc' src: 'templates/bashrc'
dest: '/root/.bashrc' dest: '/root/.bashrc'
@ -19,7 +19,7 @@
when: not dotfiles__allow_own_root_bashrc | bool when: not dotfiles__allow_own_root_bashrc | bool
- name: Copy bashrc configuration to non admin users - name: Copy bashrc configuration to non admin users
become: yes become: true
template: template:
src: 'templates/bashrc' src: 'templates/bashrc'
dest: '/home/{{ item }}/.bashrc' dest: '/home/{{ item }}/.bashrc'

View file

@ -1,9 +1,9 @@
--- ---
- name: install the latest libselinux-python package - name: install the latest libselinux-python package
become: yes be:come: true
dnf: dnf:
name: libselinux-python name: libselinux-python
state: present state: present
when: when:
- ansible_distribution == "Fedora" - ansible_distribution == "Fedora"
failed_when: false failed_when: false

View file

@ -9,7 +9,7 @@
when: dotfiles__modify_bashrc | bool when: dotfiles__modify_bashrc | bool
- name: Copy vimrc configuration to root - name: Copy vimrc configuration to root
become: yes become: true
copy: copy:
src: 'templates/vimrc' src: 'templates/vimrc'
dest: '/root/.vimrc' dest: '/root/.vimrc'
@ -18,7 +18,7 @@
mode: 'u=rw,g=r,o=' mode: 'u=rw,g=r,o='
- name: Copy vimrc configuration to non admin users - name: Copy vimrc configuration to non admin users
become: yes become: true
copy: copy:
src: 'templates/vimrc' src: 'templates/vimrc'
dest: '/home/{{ item }}/.vimrc' dest: '/home/{{ item }}/.vimrc'
@ -36,7 +36,7 @@
file: file:
path: "/home/{{ item }}/.config/ranger" path: "/home/{{ item }}/.config/ranger"
state: directory state: directory
recurse: yes recurse: true
owner: "{{ item }}" owner: "{{ item }}"
group: "{{ item }}" group: "{{ item }}"
mode: '0644' mode: '0644'

View file

@ -13,7 +13,7 @@
src: "/etc/.ansible-version/{{ playbook_version_path }}" src: "/etc/.ansible-version/{{ playbook_version_path }}"
register: playbook_version register: playbook_version
when: submodules_versioncheck|bool when: submodules_versioncheck|bool
ignore_errors: yes ignore_errors: true
failed_when: false failed_when: false
- name: Print remote role version - name: Print remote role version

View file

@ -1,8 +1,12 @@
" gopass secure editor
au BufNewFile,BufRead /dev/shm/gopass.* setlocal noswapfile nobackup noundofile
" vim layout
syntax on " enable syntax highlighting syntax on " enable syntax highlighting
set cursorline " highlight the current line set cursorline " highlight the current line
set fileencoding=utf-8 set fileencoding=utf-8
set encoding=utf-8 set encoding=utf-8
colorscheme elflord colorscheme elflord
set cursorline " highlight the current line set cursorline " highlight the current line
" tabs and indenting " tabs and indenting

View file

@ -1,2 +1,3 @@
playbook_version_number: 2065 # should be over ninethousand ---
playbook_version_number: 2066 # should be increased integer
playbook_version_path: 'role_dotfiles_chaos-bodensee_github.version' playbook_version_path: 'role_dotfiles_chaos-bodensee_github.version'