Don't pin cryptographic modules, fix ansible-lint (notthebee#184)

notthebee · web-flow · commit 0ee0df5eaafa · 2023-05-06T15:12:39.000+02:00
diff --git a/.ansible-lint b/.ansible-lint
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,8 @@
+---
+repos:
+- repo: https://github.com/ansible-community/ansible-lint.git
+  rev: v6.15.0
+  hooks:
+    - id: ansible-lint
+      files: \.(yaml|yml)$
+      entry: ansible-lint . --force-color -v -p
diff --git a/ansible.cfg b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-ask_vault_pass = True
+#ask_vault_pass = True
 inventory = inventory.yml
 interpreter_python = python3
 roles_path = .ansible/roles
diff --git a/bootstrap.sh b/bootstrap.sh
@@ -177,7 +177,7 @@ if [[ "$custom_filled" =~ "custom.yml" ]]; then
   echo "If you want to change something (e.g. username, domain name, etc.)"
   echo "Please edit custom.yml or secret.yml manually, and then re-run this script"
   echo
-  cd $HOME/ansible-easy-vpn && ansible-playbook run.yml
+  cd $HOME/ansible-easy-vpn && ansible-playbook --ask-vault-pass run.yml
   exit 0
 fi
 
@@ -418,12 +418,12 @@ if [[ "$launch_playbook" =~ ^[yY]$ ]]; then
   if [[ $EUID -ne 0 ]]; then
     echo
     echo "Please enter your current sudo password now"
-    cd $HOME/ansible-easy-vpn && ansible-playbook -K run.yml
+    cd $HOME/ansible-easy-vpn && ansible-playbook --ask-vault-pass -K run.yml
   else
-    cd $HOME/ansible-easy-vpn && ansible-playbook run.yml
+    cd $HOME/ansible-easy-vpn && ansible-playbook --ask-vault-pass run.yml
   fi
 else
-  echo "You can run the playbook by executing this script again"
-  echo "cd ${HOME}/ansible-easy-vpn && bash bootstrap.sh"
+  echo "You can run the playbook by executing the bootstrap script again:"
+  echo "cd ~/ansible-easy-vpn && bash bootstrap.sh"
   exit
 fi
diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,5 @@
-cryptography<=36.0.2
-pyOpenSSL<=20.0.1
+cryptography
+pyOpenSSL
 certbot
 requests<2.29.2
 passlib 
diff --git a/roles/docker_network/tasks/main.yml b/roles/docker_network/tasks/main.yml
@@ -1,3 +1,4 @@
+---
 - name: Create the wg network
   community.general.docker_network:
     name: wg_network
diff --git a/roles/system/tasks/firewall-RedHat.yml b/roles/system/tasks/firewall-RedHat.yml
@@ -8,16 +8,14 @@
 
 - name: Configure the firewall with system python3.6 if on CentOS 8
   when: ansible_distribution_major_version | int == 8
-  set_fact:
+  ansible.builtin.set_fact:
     ansible_python_interpreter: "/usr/bin/python3.6"
 
 - name: Configure the firewall with system python3.9 if on CentOS 9
   when: ansible_distribution_major_version | int == 9
-  set_fact:
+  ansible.builtin.set_fact:
     ansible_python_interpreter: "/usr/bin/python3"
 
-
-
 - name: Configure firewalld
   block:
     - name: Allow the defined ports
@@ -34,7 +32,7 @@
         port: "{{ ssh_port }}/tcp"
 
 - name: Put the venv python interpreter back in place
-  set_fact:
+  ansible.builtin.set_fact:
     ansible_python_interpreter: "/{{ lookup('env', 'HOME') }}/ansible-easy-vpn/.venv/bin/python3"
 
 - name: Enable and start firewalld
diff --git a/roles/system/tasks/setup-RedHat.yml b/roles/system/tasks/setup-RedHat.yml
@@ -5,41 +5,45 @@
     name: "*"
     state: latest
     update_cache: yes
+  tags:
+    - skip_ansible_lint
 
 - name: Update and upgrade dnf packages
   when: ansible_distribution_major_version | int >= 8
   ansible.builtin.dnf:
     name: "*"
     state: latest
     update_cache: yes
+  tags:
+    - skip_ansible_lint
 
 - name: Set correct automatic update utility vars (RHEL 8)
-  set_fact:
+  ansible.builtin.set_fact:
     update_utility: dnf-automatic
     update_service: dnf-automatic-install.timer
     update_conf_path: /etc/dnf/automatic.conf
   when: ansible_distribution_major_version | int >= 8
 
 - name: Set correct automatic update utility vars (RHEL <= 7)
-  set_fact:
+  ansible.builtin.set_fact:
     update_utility: yum-cron
     update_service: yum-cron
     update_conf_path: /etc/yum/yum-cron.conf
   when: ansible_distribution_major_version | int <= 7
 
 - name: Install automatic update utility
-  package:
+  ansible.builtin.package:
     name: '{{ update_utility }}'
     state: present
 
 - name: Ensure automatic update utility is running and enabled on boot
-  service:
+  ansible.builtin.service:
     name: '{{ update_service }}'
     state: started
     enabled: true
 
 - name: Configure autoupdates
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: '{{ update_conf_path }}'
     regexp: '^apply_updates = .+'
     line: 'apply_updates = yes'
diff --git a/run.yml b/run.yml
@@ -24,7 +24,6 @@
       tags:
         - system
 
-    
     - role: geerlingguy.docker
       tags:
         - docker

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+---`
`1`	`2`	`- name: Create the wg network`
`2`	`3`	`community.general.docker_network:`
`3`	`4`	`name: wg_network`
-Original file line number
+Diff line change
       tags:
         - system
+-
     - role: geerlingguy.docker
       tags:
         - docker