Merge pull request #8 from EthDevOps/lint-fixes

pauljickling · web-flow · commit 2f2b33a13c8b · 2026-03-05T16:34:43.000-05:00
chore: linting
diff --git a/roles/acme_certificates/tasks/main.yaml b/roles/acme_certificates/tasks/main.yaml
@@ -6,35 +6,29 @@
     pkg:
       - certbot
       - python3-certbot-dns-cloudflare
-
 - name: Install snapd
   ansible.builtin.apt:
     pkg:
       - snapd
- 
 - name: Enable and start snapd socket
   ansible.builtin.systemd:
     name: snapd.socket
     enabled: true
     state: started
-
 - name: Install snap core
   community.general.snap:
     name: core
     state: present
-
 - name: Install certbot via snap
   community.general.snap:
     name: certbot
     classic: true
     state: present
-
 - name: Create certbot symlink
   ansible.builtin.file:
     src: /snap/bin/certbot
     dest: /usr/bin/certbot
     state: link
-
 - name: Download acme-dns-hook
   ansible.builtin.get_url:
     url: >-
@@ -67,9 +61,11 @@
   when: item.stat.exists
   ansible.builtin.shell:
     cmd: |
+      set -o pipefail
       start=$(openssl x509 -startdate -noout -in /etc/letsencrypt/live/{{ item.item.domain }}/cert.pem | cut -d= -f2)
       end=$(openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item.item.domain }}/cert.pem | cut -d= -f2)
       echo $(( ($(date -d "$end" +%s) - $(date -d "$start" +%s)) / 86400 ))
+    executable: /bin/bash
   loop: "{{ acme_certificates_cert_status.results }}"
   loop_control:
     label: "{{ item.item.domain }}"
diff --git a/roles/bootstrap/tasks/deploy_patchman.yaml b/roles/bootstrap/tasks/deploy_patchman.yaml
@@ -8,7 +8,7 @@
     url: https://repo.openbytes.ie/openbytes.gpg
     dest: /etc/apt/keyrings/openbytes.gpg
 - name: Remove old openbytes repo configuration
-  file:
+  ansible.builtin.file:
     path: /etc/apt/sources.list.d/repo_openbytes_ie_patchman_debian.list
     state: absent
 - name: Add openbytes repo
diff --git a/roles/bootstrap/tasks/disable_auto_updates.yaml b/roles/bootstrap/tasks/disable_auto_updates.yaml
@@ -4,26 +4,22 @@
     name: apt-daily.timer
     state: stopped
     enabled: false
-
 - name: Stop and disable apt-daily-upgrade timer
   ansible.builtin.systemd_service:
     name: apt-daily-upgrade.timer
     state: stopped
     enabled: false
-
 - name: Stop and disable unattended-upgrades service
   ansible.builtin.systemd_service:
     name: unattended-upgrades.service
     state: stopped
     enabled: false
-
 - name: Stop and disable update-notifier-download timer
   ansible.builtin.systemd_service:
     name: update-notifier-download.timer
     state: stopped
     enabled: false
   failed_when: false
-
 - name: Disable automatic package list updates and unattended upgrades
   ansible.builtin.copy:
     dest: /etc/apt/apt.conf.d/20auto-upgrades
diff --git a/roles/haproxy_lb/defaults/main.yaml b/roles/haproxy_lb/defaults/main.yaml
@@ -11,7 +11,6 @@ haproxy_lb_sites: []
 haproxy_lb_tunnels: []
 haproxy_lb_redirects: []
 haproxy_lb_k8s_services: []
-
 # Custom backend configuration snippets for HAProxy backends
 # Keyed by backend name, value is raw HAProxy config to inject
 # Supported backend types and their keys:
diff --git a/roles/k3s/tasks/cache.yaml b/roles/k3s/tasks/cache.yaml
@@ -1,6 +1,6 @@
 ---
 - name: Create cache config directory
-  file:
+  ansible.builtin.file:
     state: directory
     path: /etc/rancher/k3s
     mode: '0755'
diff --git a/roles/openbao_agent/defaults/main.yaml b/roles/openbao_agent/defaults/main.yaml
@@ -1,26 +1,19 @@
 ---
 # OpenBao version to install
 openbao_agent_version: "2.4.4"
-
 # OpenBao server address
 openbao_agent_server_addr: "https://vault.example.com:8200"
-
 # AppRole auth mount path
 openbao_agent_approle_mount_path: "approle"
-
 # Role name pattern uses inventory_hostname
 # The actual role name will be: host-{{ inventory_hostname }}
-
 # Wrap TTL for secret-id (how long the wrapped token is valid)
 openbao_agent_wrap_ttl: "120s"
-
 # Agent configuration
 openbao_agent_cache_enabled: false
 openbao_agent_listener_address: "127.0.0.1:8100"
-
 # Auto-auth sink file path (where the agent writes the token)
 openbao_agent_sink_path: "/run/openbao-agent/token"
-
 # Template destinations (optional list of templates the agent should render)
 # Example:
 # openbao_agent_templates:
diff --git a/roles/openbao_agent/tasks/main.yml b/roles/openbao_agent/tasks/main.yml
@@ -5,48 +5,40 @@
       - gpg
     state: present
     update_cache: true
-
 - name: Set architecture mapping
   ansible.builtin.set_fact:
-    openbao_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else 'arm64' if ansible_architecture == 'aarch64' else ansible_architecture }}"
-
+    openbao_agent_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else 'arm64' if ansible_architecture == 'aarch64' else ansible_architecture }}"
 - name: Download OpenBao GPG key
   ansible.builtin.get_url:
     url: https://openbao.org/assets/openbao-gpg-pub-20240618.asc
     dest: /tmp/openbao-gpg-pub.asc
     mode: "0644"
-
 - name: Import OpenBao GPG key
   ansible.builtin.command:
     cmd: gpg --import /tmp/openbao-gpg-pub.asc
-  register: gpg_import_result
-  changed_when: "'imported' in gpg_import_result.stderr"
-
+  register: openbao_agent_gpg_import_result
+  changed_when: "'imported' in openbao_agent_gpg_import_result.stderr"
 - name: Download OpenBao deb package
   ansible.builtin.get_url:
-    url: "https://github.com/openbao/openbao/releases/download/v{{ openbao_agent_version }}/bao_{{ openbao_agent_version }}_linux_{{ openbao_arch }}.deb"
-    dest: "/tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_arch }}.deb"
+    url: "https://github.com/openbao/openbao/releases/download/v{{ openbao_agent_version }}/bao_{{ openbao_agent_version }}_linux_{{ openbao_agent_arch }}.deb"
+    dest: "/tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_agent_arch }}.deb"
     mode: "0644"
-
 - name: Download OpenBao deb signature
   ansible.builtin.get_url:
-    url: "https://github.com/openbao/openbao/releases/download/v{{ openbao_agent_version }}/bao_{{ openbao_agent_version }}_linux_{{ openbao_arch }}.deb.gpgsig"
-    dest: "/tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_arch }}.deb.gpgsig"
+    url: "https://github.com/openbao/openbao/releases/download/v{{ openbao_agent_version }}/bao_{{ openbao_agent_version }}_linux_{{ openbao_agent_arch }}.deb.gpgsig"
+    dest: "/tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_agent_arch }}.deb.gpgsig"
     mode: "0644"
-
 - name: Verify GPG signature of OpenBao deb package
   ansible.builtin.command:
     cmd: >
       gpg --verify
-      /tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_arch }}.deb.gpgsig
-      /tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_arch }}.deb
+      /tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_agent_arch }}.deb.gpgsig
+      /tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_agent_arch }}.deb
   changed_when: false
-
 - name: Install OpenBao from deb package
   ansible.builtin.apt:
-    deb: "/tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_arch }}.deb"
+    deb: "/tmp/bao_{{ openbao_agent_version }}_linux_{{ openbao_agent_arch }}.deb"
     state: present
-
 - name: Create openbao-agent directories
   ansible.builtin.file:
     path: "{{ item }}"
@@ -59,19 +51,16 @@
     - /etc/openbao-agent/conf.d
     - /etc/openbao-agent/templates.d
     - /var/lib/openbao-agent
-
 - name: Create runtime directory for agent token
   ansible.builtin.file:
     path: /run/openbao-agent
     state: directory
     owner: openbao
     group: openbao
     mode: "0750"
-
 - name: Set OpenBao role name fact
   ansible.builtin.set_fact:
     openbao_agent_role_name: "host-{{ inventory_hostname }}"
-
 - name: Fetch role-id from OpenBao on control node
   ansible.builtin.command:
     cmd: >
@@ -81,11 +70,9 @@
   become: false
   register: openbao_agent_role_id_result
   changed_when: false
-
 - name: Set role-id fact
   ansible.builtin.set_fact:
     openbao_agent_role_id: "{{ openbao_agent_role_id_result.stdout }}"
-
 - name: Fetch secret-id from OpenBao on control node
   ansible.builtin.command:
     cmd: >
@@ -95,27 +82,23 @@
   become: false
   register: openbao_agent_secret_id_result
   changed_when: false
-
 - name: Set secret-id fact
   ansible.builtin.set_fact:
     openbao_agent_secret_id: "{{ openbao_agent_secret_id_result.stdout }}"
-
 - name: Deploy role-id file
   ansible.builtin.copy:
     content: "{{ openbao_agent_role_id }}"
     dest: /etc/openbao-agent/role-id
     owner: openbao
     group: openbao
     mode: "0400"
-
 - name: Deploy wrapped secret-id file
   ansible.builtin.copy:
     content: "{{ openbao_agent_secret_id }}"
     dest: /etc/openbao-agent/secret-id
     owner: openbao
     group: openbao
     mode: "0400"
-
 - name: Deploy OpenBao agent configuration
   notify: Restart openbao-agent
   ansible.builtin.template:
@@ -124,7 +107,6 @@
     owner: openbao
     group: openbao
     mode: "0640"
-
 - name: Deploy systemd service file
   notify: Restart openbao-agent
   ansible.builtin.template:
@@ -133,11 +115,9 @@
     owner: root
     group: root
     mode: "0644"
-
 - name: Reload systemd daemon
   ansible.builtin.systemd:
     daemon_reload: true
-
 - name: Enable and start OpenBao agent
   ansible.builtin.systemd:
     name: openbao-agent
diff --git a/roles/vector/defaults/main.yaml b/roles/vector/defaults/main.yaml
@@ -3,7 +3,6 @@ vector_extra_metrics: ""
 vector_install_nodexporter: true
 vector_version: "0.51.1-1"
 vector_use_openbao: false
-
 # OpenBao/Vault secret configuration
 vector_vault_secret_path: "secret/common/metric_ingress"
 vector_vault_user_field: "metrics_username"
diff --git a/roles/vector/tasks/main.yaml b/roles/vector/tasks/main.yaml
@@ -48,20 +48,17 @@
     groups: docker
     append: true
   when: vector_docker_group_check.rc == 0
-
 - name: Create config file (direct)
   when: not vector_use_openbao
   ansible.builtin.template:
     src: vector.yaml.j2
     dest: /etc/vector/vector.yaml
   notify: Restart Vector
-
 - name: Ensure ACL package is installed
   when: vector_use_openbao
   ansible.builtin.package:
     name: acl
     state: present
-
 - name: Ensure vector config file exists for ACL
   when: vector_use_openbao
   ansible.builtin.file:
@@ -72,7 +69,6 @@
     mode: '0644'
     modification_time: preserve
     access_time: preserve
-
 - name: Set ACL for openbao on vector dir
   when: vector_use_openbao
   ansible.posix.acl:
@@ -81,7 +77,6 @@
     etype: user
     permissions: rwx
     state: present
-
 - name: Set ACL for openbao on vector config
   when: vector_use_openbao
   ansible.posix.acl:
@@ -90,13 +85,11 @@
     etype: user
     permissions: rw
     state: present
-
 - name: Create config file (openbao)
   when: vector_use_openbao
   ansible.builtin.template:
     src: vector.yaml.tpl
     dest: /etc/openbao-agent/templates.d/vector.yaml.tpl
-
 - name: Copy OpenBao template config file
   when: vector_use_openbao
   ansible.builtin.copy:
