feat(pre-commit): Added linting

2025-07-27 22:46:23 +02:00
parent 2882abfc0b
commit 6eef96b302
18 changed files with 57 additions and 25 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -25,7 +25,7 @@ enable_list:
  - no-changed-when

 # Offline mode disables any features that require internet access.
-offline: true
+offline: false

 # Set the desired verbosity level.
 verbosity: 1
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,23 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+  - repo: local
+    hooks:
+      - id: ansible-galaxy-install
+        name: Install ansible-galaxy collections
+        entry: ansible-galaxy collection install -r requirements.yml
+        language: system
+        pass_filenames: false
+        always_run: true
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v6.22.2
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$
+        additional_dependencies:
+          - ansible-core==2.15.8
--- a/ansible.cfg.default
+++ b/ansible.cfg.default
@@ -688,4 +688,3 @@

 # (list) default list of tags to skip in your plays, has precedence over Run Tags
 ;skip=
-
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,12 +1,19 @@
 cachetools==5.5.2
 certifi==2025.1.31
+cfgv==3.4.0
 charset-normalizer==3.4.1
+distlib==0.4.0
 durationpy==0.10
+filelock==3.18.0
 google-auth==2.40.3
+identify==2.6.12
 idna==3.10
 kubernetes==33.1.0
 nc-dnsapi==0.1.3
+nodeenv==1.9.1
 oauthlib==3.3.1
+platformdirs==4.3.8
+pre_commit==4.2.0
 proxmoxer==2.2.0
 pyasn1==0.6.1
 pyasn1_modules==0.4.2
@@ -17,4 +24,5 @@ requests-oauthlib==2.0.0
 rsa==4.9.1
 six==1.17.0
 urllib3==2.3.0
+virtualenv==20.32.0
 websocket-client==1.8.0
--- a/requirements.yml
+++ b/requirements.yml
@@ -0,0 +1,5 @@
+---
+collections:
+  - name: community.docker
+  - name: community.general
+  - name: kubernetes.core
--- a/roles/common/files/ssh/root/sshd_config
+++ b/roles/common/files/ssh/root/sshd_config
@@ -16,4 +16,3 @@ TrustedUserCAKeys /etc/ssh/vault-ca.pub
 UseDNS yes
 AcceptEnv LANG LC_*
 Subsystem	sftp	/usr/lib/openssh/sftp-server
-
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -3,4 +3,4 @@
  service:
    name: sshd
    state: restarted
-  become: yes
+  become: true
--- a/roles/k3s_agent/handlers/main.yml
+++ b/roles/k3s_agent/handlers/main.yml
@@ -3,4 +3,4 @@
  service:
    name: k3s
    state: restarted
-  become: yes
+  become: true
--- a/roles/k3s_agent/tasks/main.yml
+++ b/roles/k3s_agent/tasks/main.yml
@@ -1,2 +1,3 @@
 ---
- include_tasks: installation.yml
+- name: Install k3s agent
+  include_tasks: installation.yml
--- a/roles/k3s_server/handlers/main.yml
+++ b/roles/k3s_server/handlers/main.yml
@@ -3,4 +3,4 @@
  service:
    name: k3s
    state: restarted
-  become: yes
+  become: true
--- a/roles/k3s_server/tasks/pull_token.yml
+++ b/roles/k3s_server/tasks/pull_token.yml
@@ -21,6 +21,6 @@
  run_once: true

 - name: Encrypt k3s token
-  ansible.builtin.shell: cd ../; ansible-vault encrypt "{{ playbook_dir }}/{{k3s_server_token_vault_file}}"
+  ansible.builtin.shell: cd ../; ansible-vault encrypt "{{ playbook_dir }}/{{ k3s_server_token_vault_file }}"
  delegate_to: localhost
  run_once: true
--- a/roles/k3s_storage/handlers/main.yml
+++ b/roles/k3s_storage/handlers/main.yml
@@ -3,4 +3,4 @@
  service:
    name: k3s
    state: restarted
-  become: yes
+  become: true
--- a/roles/kubernetes_argocd/tasks/main.yml
+++ b/roles/kubernetes_argocd/tasks/main.yml
@@ -25,7 +25,9 @@
        name: argocd-server
        namespace: "{{ argocd_namespace }}"
      register: rollout_status
-      until: rollout_status.resources[0].status.readyReplicas is defined and rollout_status.resources[0].status.readyReplicas == rollout_status.resources[0].spec.replicas
+      until: >
+        rollout_status.resources[0].status.readyReplicas is defined and
+        rollout_status.resources[0].status.readyReplicas == rollout_status.resources[0].spec.replicas
      retries: 30
      delay: 10

--- a/roles/proxmox/tasks/06_hardware_acceleration.yml
+++ b/roles/proxmox/tasks/06_hardware_acceleration.yml
@@ -3,15 +3,12 @@
  ansible.builtin.lineinfile:
    path: /etc/default/grub
    regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
-    line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1 modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"'
-    backup: true
-  register: iommu_result
-
- name: Set GRUB_CMDLINE_LINUX_DEFAULT for PCI passthrough
-  ansible.builtin.lineinfile:
-    path: /etc/default/grub
-    regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
-    line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1 modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"'
+    line: >
+      GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt
+      pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init
+      video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off
+      disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1
+      modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"
    backup: true
  register: iommu_result

@@ -34,7 +31,7 @@
  # notify:
  #   - Reboot Node

- name: update grub configuration
+- name: Update grub configuration
  ansible.builtin.command: update-grub
  when: iommu_result.changed or vfio_result.changed
  # notify:
--- a/roles/proxmox/tasks/15_create_secret.yml
+++ b/roles/proxmox/tasks/15_create_secret.yml
@@ -17,7 +17,7 @@

 - name: Setup secret name
  ansible.builtin.set_fact:
-    vm_name_secret: "{{ proxmox_secrets_prefix }}_{{ vm_name | replace('-','_') }}"
+    vm_name_secret: "{{ proxmox_secrets_prefix }}_{{ vm_name | replace('-', '_') }}"

 - name: Check if variable is in vault
  ansible.builtin.set_fact:
@@ -30,7 +30,7 @@

 - name: Set new secret
  ansible.builtin.set_fact:
-    new_vault_data: "{{ vault_data | combine({ vm_name_secret: cipassword }) }}"
+    new_vault_data: "{{ vault_data | combine({vm_name_secret: cipassword}) }}"
  when: not variable_exists

 - name: Write updated Vault content to file (temporary plaintext)
--- a/vars/k3s.ini
+++ b/vars/k3s.ini
@@ -18,4 +18,3 @@ k3s-agent12

 [k3s_loadbalancer]
 k3s-loadbalancer
-
--- a/vars/vps.ini
+++ b/vars/vps.ini
@@ -1,3 +1,2 @@
 [vps]
 mii
-