Merge branch 'add-CI' into 'master'

Add CI pipeline

See merge request aurore/ansible!6

.gitlab-ci.yml

@@ -0,0 +1,6 @@
+---
+image: quay.io/ansible/molecule:2.19
+
+yamllint:
+  script: yamllint -c .yamllint.yml .
+...

.yamllint.yml

@@ -0,0 +1,7 @@
+---
+extends: default
+
+rules:
+  line-length:
+    level: warning
+...

README.md

@@ -47,4 +47,3 @@ d'Ansible.
 ```
 ansible -i hosts ldap-replica-fleming1.adm.auro.re -m setup --ask-vault-pass
 ```
-

base.yml

@@ -3,4 +3,3 @@
 - hosts: all
   roles:
    - baseconfig
-

dokuwiki.yml

@@ -4,4 +4,3 @@
 - hosts: horus-wikitest
   roles:
    - dokuwiki
-

etherpad.yml

@@ -4,4 +4,3 @@
   roles:
    - debian-backports
    - etherpad
-

group_vars/all/vars.yml

@@ -30,4 +30,3 @@ ssh_pub_keys: "{{ vault_ssh_pub_keys }}"
 
 # Monitoring
 monitoring_mail: 'monitoring.aurore@lists.crans.org'
-

group_vars/fleming/ldap_local_replica.yml

@@ -1,5 +1,4 @@
 ---
 ldap_local_replica_uri:
-- 'ldap://ldap-replica-fleming1.adm.auro.re'
+  - 'ldap://ldap-replica-fleming1.adm.auro.re'
-- 'ldap://ldap-replica-fleming2.adm.auro.re'
+  - 'ldap://ldap-replica-fleming2.adm.auro.re'
-

group_vars/ovh-testing/ldap_local_replica.yml

@@ -1,4 +1,3 @@
 ---
 ldap_local_replica_uri:
-- 'ldap://10.128.0.100'
+  - 'ldap://10.128.0.100'
-

hosts

@@ -61,4 +61,3 @@ fleming-pve
 # every LDAP replica
 [ldap-replica:children]
 fleming-vm-ldap-replica
-

ldap.yml

@@ -6,7 +6,6 @@
 
 # Clone LDAP on local geographic location
 # DON'T DO THIS AS IT RECREATES THE REPLICA
-#- hosts: ldap-replica
+# - hosts: ldap-replica
 #   roles:
 #     - ldap-replica
-

matrix.yml

@@ -12,4 +12,3 @@
 - hosts: riot.adm.auro.re
   roles:
     - matrix-riot
-

nginx-reverse-proxy.yml

@@ -35,4 +35,3 @@
         to: codimd.adm.auro.re:8080
   roles:
     - nginx-reverse-proxy
-

roles/baseconfig/tasks/apt-listchanges.yml

@@ -17,4 +17,3 @@
     confirm: 'confirm=true'
     email_address: "email_address={{ monitoring_mail }}"
     which: 'which=both'
-

roles/baseconfig/tasks/main.yml

@@ -29,7 +29,9 @@
 
 # Configure APT mirrors on Debian Stretch
 - name: Configure APT mirrors
-  when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
+  when:
+    - ansible_distribution == 'Debian'
+    - ansible_distribution_release == 'stretch'
   template:
     src: 'apt/sources.list.j2'
     dest: '/etc/apt/sources.list'
@@ -55,4 +57,3 @@
   with_dict:
     dot_zshrc: .zshrc
     dot_zshrc.local: .zshrc.local
-

roles/baseconfig/tasks/molly-guard.yml

@@ -13,4 +13,3 @@
     dest: /etc/molly-guard/rc
     regexp: '^#*\s*ALWAYS_QUERY_HOSTNAME.*$'
     line: 'ALWAYS_QUERY_HOSTNAME=true'
-

roles/baseconfig/templates/apt/sources.list.j2

@@ -28,4 +28,3 @@ deb {{ debian_security_mirror }} {{ ansible_distribution_release }}/updates {{ d
 # Backports
 deb {{ debian_security_mirror }} {{ ansible_distribution_release }}-backports {{ debian_components }}
 {% endif %}
-

roles/codimd/handlers/main.yml

@@ -10,4 +10,3 @@
 # Reload systemd daemons when a service file changes
 - name: Reload systemd daemons
   command: systemctl daemon-reload
-

roles/codimd/tasks/0_apt_dependencies.yml

@@ -1,7 +1,9 @@
 ---
 # For NodeJS package
 - name: Configure NodeJS pin
-  when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
+  when:
+    - ansible_distribution == 'Debian'
+    - ansible_distribution_release == 'stretch'
   template:
     src: apt/nodejs.j2
     dest: /etc/apt/preferences.d/nodejs

roles/codimd/tasks/main.yml

@@ -7,7 +7,7 @@
 
 # Download CodiMD
 # TODO : temporally disabled until 1.3.0 is out (because of uws bug)
-#- name: Clone CodiMD project
+# - name: Clone CodiMD project
 #   git:
 #     repo: https://github.com/hackmdio/codimd.git
 #     dest: /var/local/codimd/codimd
@@ -66,4 +66,3 @@
     name: codimd
     state: started
     enabled: true
-

roles/codimd/templates/apt/nodejs.j2

@@ -3,4 +3,3 @@
 Package: node* libuv1*
 Pin: release a=stretch-backports
 Pin-Priority: 600
-

roles/codimd/templates/systemd/codimd.service.j2

@@ -16,4 +16,3 @@ Restart=always
 
 [Install]
 WantedBy=multi-user.target
-

roles/debian-backports/tasks/main.yml

@@ -5,4 +5,3 @@
     src: backports.list.j2
     dest: /etc/apt/sources.list.d/backports.list
     mode: 0644
-

roles/debian-backports/templates/backports.list.j2

@@ -6,4 +6,3 @@
 {% endif %}
 
 deb {{ debian_mirror }} {{ ansible_distribution_release }}-backports main
-

roles/dokuwiki/tasks/main.yml

@@ -1,7 +1,9 @@
 ---
 # For DokuWiki package
 - name: Configure Debian Buster mirrors
-  when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
+  when:
+    - ansible_distribution == 'Debian'
+    - ansible_distribution_release == 'stretch'
   template:
     src: apt/buster.list.j2
     dest: /etc/apt/sources.list.d/buster.list
@@ -9,7 +11,9 @@
 
 # For DokuWiki package
 - name: Configure DokuWiki pin
-  when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
+  when:
+    - ansible_distribution == 'Debian'
+    - ansible_distribution_release == 'stretch'
   template:
     src: apt/dokuwiki.j2
     dest: /etc/apt/preferences.d/dokuwiki
@@ -20,4 +24,3 @@
   apt:
     name: dokuwiki
     update_cache: yes
-

roles/dokuwiki/templates/apt/buster.list.j2

@@ -7,4 +7,3 @@
 
 deb {{ debian_mirror }} buster main
 deb-src {{ debian_mirror }} buster main
-

roles/dokuwiki/templates/apt/dokuwiki.j2

@@ -7,4 +7,3 @@ Pin-Priority: 990
 Package: dokuwiki
 Pin: release n=buster
 Pin-Priority: 990
-

roles/etherpad/handlers/main.yml

@@ -2,4 +2,3 @@
 # Reload systemd daemons when a service file changes
 - name: Reload systemd daemons
   command: systemctl daemon-reload
-

roles/etherpad/tasks/0_apt_dependencies.yml

@@ -1,7 +1,9 @@
 ---
 # For NodeJS package
 - name: Configure NodeJS pin
-  when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
+  when:
+    - ansible_distribution == 'Debian'
+    - ansible_distribution_release == 'stretch'
   template:
     src: apt/nodejs.j2
     dest: /etc/apt/preferences.d/nodejs
@@ -19,4 +21,3 @@
     - git
     - nodejs
     - npm
-

roles/etherpad/tasks/1_user_group.yml

@@ -24,4 +24,3 @@
     owner: etherpad
     group: etherpad
     mode: 0750
-

roles/etherpad/tasks/main.yml

@@ -57,4 +57,3 @@
 # TODO-list
 #  * Configure admin user, logs
 # Plugins : https://framacloud.org/fr/cultiver-son-jardin/etherpad.html#concernant-framapad
-

roles/etherpad/templates/apt/nodejs.j2

@@ -3,4 +3,3 @@
 Package: node* libuv1*
 Pin: release a=stretch-backports
 Pin-Priority: 600
-

roles/etherpad/templates/systemd/etherpad-lite.service.j2

@@ -15,4 +15,3 @@ Restart=always
 
 [Install]
 WantedBy=multi-user.target
-

roles/ldap-client/handlers/main.yml

@@ -14,4 +14,3 @@
     state: restarted
   ignore_errors: true  # Sometimes service do not exist
   listen: Restart nslcd service
-

roles/ldap-client/tasks/0_install_ldap.yml

@@ -12,7 +12,7 @@
 
 # Reduce LDAP load
 # For the moment it is broken on Stretch when using PHP7.3
-#- name: Install LDAP cache package
+# - name: Install LDAP cache package
 #   apt:
 #     name: nscd
 #     state: present
@@ -38,4 +38,3 @@
     shadow: 'shadow:         files ldap'
     sudoers: 'sudoers:        files ldap'
   notify: Restart nslcd service
-

roles/ldap-client/tasks/1_group_security.yml

@@ -18,4 +18,3 @@
     dest: /etc/sudoers
     regexp: "^%{{ sudo_group }}"
     line: "%{{ sudo_group }}	ALL=(ALL:ALL) ALL"
-

roles/ldap-client/tasks/2_userland_scripts.yml

@@ -15,4 +15,3 @@
     src: /usr/local/bin/chsh
     dest: /usr/local/bin/chsh.ldap
     state: link
-

roles/ldap-client/tasks/main.yml

@@ -22,4 +22,3 @@
     key: "{{ ssh_pub_keys }}"
     state: present
 #    exclusive: True
-

roles/ldap-client/templates/passwd.j2

@@ -1,4 +1,3 @@
 #!/bin/sh
 # {{ ansible_managed }}
 echo "Pour changer votre mot de passe,\nAllez sur l'intranet : {{intranet_url}}"
-

roles/ldap-replica/tasks/main.yml

@@ -56,4 +56,3 @@
 # Save the day
 - name: Start LDAP server
   service: name=slapd state=started
-

roles/ldap-replica/templates/schema.ldiff.j2

@@ -1183,4 +1183,3 @@ createTimestamp: 20150305013830Z
 entryCSN: 20160607103125.521039Z#000000#000#000000
 modifiersName: cn=config
 modifyTimestamp: 20160607103125Z
-

roles/matrix-mxisd/handlers/main.yml

@@ -4,4 +4,3 @@
   service:
     name: mxisd
     state: restarted
-

roles/matrix-mxisd/templates/mxisd/mxisd.yaml.j2

@@ -87,4 +87,3 @@ threepid:
 
           # Password for the account
           password: ""
-

roles/matrix-riot/tasks/main.yml

@@ -49,4 +49,3 @@
     dest: /etc/nginx/sites-enabled/riot
     state: link
   notify: Reload NGINX service
-

roles/matrix-synapse/handlers/main.yml

@@ -4,4 +4,3 @@
   service:
     name: matrix-synapse
     state: restarted
-

roles/matrix-synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2

@@ -15,4 +15,3 @@ listeners:
         compress: true
       - names: [federation]
         compress: false
-

roles/nginx-reverse-proxy/handlers/main.yml

@@ -4,4 +4,3 @@
   service:
     name: nginx
     state: reloaded
-

roles/nginx-reverse-proxy/tasks/main.yml

@@ -29,4 +29,3 @@
     state: link
   loop: "{{ reversed_proxy_subdomains }}"
   notify: Reload NGINX service
-

roles/nginx-reverse-proxy/templates/nginx-sites-available.j2

@@ -33,4 +33,3 @@ server {
         add_header X-Clacks-Overhead "GNU Terry Pratchett";
     }
 }
-