From cfe756f38c9829f4b813b9e2266d0e5e4e08bc22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Fri, 18 Aug 2023 14:32:03 +0200
Subject: [PATCH] style: satisfy linter

---
 .ansible-lint                           |  1 +
 .gitlab-ci.yml                          |  3 +-
 handlers/main.yml                       | 29 ++++++++--------
 meta/main.yml                           | 46 ++++++++++++++++---------
 molecule/resources/playbooks/verify.yml |  6 ++--
 tasks/configure-iptables.yml            |  4 +--
 tasks/configure-nfs-mounts.yml          |  2 +-
 7 files changed, 53 insertions(+), 38 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index e008c8f..2576476 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -42,6 +42,7 @@ use_default_rules: true
 skip_list:
   - skip_this_tag
   - git-latest
+  - name[casing]
 
 # Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
 # mentioned in the enable_list:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1751e61..aaf5bcc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,3 +1,4 @@
+---
 # A pipeline is composed of independent jobs that run scripts, grouped into stages.
 # Stages run in sequential order, but jobs within stages run in parallel.
 #
@@ -32,5 +33,5 @@ test-job:
     - molecule create --scenario-name default
     - molecule converge --scenario-name default
     - molecule idempotence --scenario-name default
-      #- molecule verify --scenario-name default
+    # - molecule verify --scenario-name default
     - molecule destroy --scenario-name default
diff --git a/handlers/main.yml b/handlers/main.yml
index db701ee..7b7b356 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -8,17 +8,18 @@
     mode: 0755
   listen: "save iptables rules"
 
-- name: install netfilter-persistent to be able to save iptables rules
-  ansible.builtin.apt:
-    name: "netfilter-persistent"
-    state: present
-  listen: "save iptables rules"
-
-- name: save iptables rules
-  ansible.builtin.command: 'netfilter-persistent save'
-  listen: "save iptables rules"
-
-- name: restart squid proxy
-  ansible.builtin.systemd:
-    name: "squid.service"
-    state: restarted
+- name: persist changes in iptables configuration
+  block:
+    - name: install netfilter-persistent to be able to save iptables rules
+      ansible.builtin.apt:
+        name: "netfilter-persistent"
+        state: present
+      listen: "save iptables rules"
+    - name: save iptables rules
+      ansible.builtin.command: 'netfilter-persistent save'
+      changed_when: false
+      listen: "save iptables rules"
+    - name: restart squid proxy
+      ansible.builtin.systemd:
+        name: "squid.service"
+        state: restarted
diff --git a/meta/main.yml b/meta/main.yml
index 3513b05..0861c88 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,17 +1,32 @@
 ---
 galaxy_info:
+  role_name: ansible_lza_proxy
+  namespace: slub
   author: Jörg Sachse
-  description: role to install Squid caching proxy server for the SLUBarchiv digital preservation repository
   company: SLUB Dresden
-  namespace: slub
-  # If the issue tracker for your role is not on github, uncomment the next line and provide a value issue_tracker_url: http://example.com/issue/tracker Some suggested licenses: - BSD
-  # (default) - MIT - GPLv2 - GPLv3 - Apache - CC-BY
-  license: public domain
-  min_ansible_version: "2.4"
+  description: role to install Squid caching proxy server for the SLUBarchiv digital preservation repository
+  # galaxy_tags: []
+  # List tags for your role here, one per line. A tag is a keyword that describes and categorizes the role. Users find roles by searching for tags. Be sure to remove the '[]' above, if you
+  # add tags to this list.
+  #
+  # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+  #       Maximum 20 tags per role.
+  # issue_tracker_url: "https://example.com/"
+  # If the issue tracker for your role is not on github, uncomment the next line and provide a value issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: GPL-3.0-or-later
+
+  min_ansible_version: "2.5"
   # If this a Container Enabled role, provide the minimum Ansible Container version. min_ansible_container_version: Optionally specify the branch Galaxy will use when accessing the GitHub repo
   # for this role. During role install, if no tags are available, Galaxy will use this branch. During import Galaxy will access files on this branch. If Travis integration is configured, only
   # notifications for this branch will be accepted. Otherwise, in all cases, the repo's default branch (usually master) will be used. github_branch:
-  #
   # Provide a list of supported platforms, and for each platform a list of versions. If you don't wish to enumerate all versions for a particular platform, use 'all'. To view available
   # platforms and versions (or releases), visit: https://galaxy.ansible.com/api/v1/platforms/
   #
@@ -20,13 +35,10 @@ galaxy_info:
   platforms:
     - name: Debian
       versions:
-        - all
-  galaxy_tags: []
-  # List tags for your role here, one per line. A tag is a keyword that describes and categorizes the role. Users find roles by searching for tags. Be sure to remove the '[]' above, if you
-  # add tags to this list.
-  #
-  # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-  #       Maximum 20 tags per role.
-dependencies:
-# - ansible_lza_install_common
-# - ansible_lza_server_hardening
+        - "bullseye"
+        - "bookworm"
+    - name: EL
+      versions:
+        - "7"
+        - "8"
+dependencies: []
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
index 79044cd..d836443 100644
--- a/molecule/resources/playbooks/verify.yml
+++ b/molecule/resources/playbooks/verify.yml
@@ -5,6 +5,6 @@
   hosts: all
   gather_facts: false
   tasks:
-  - name: Example assertion
-    assert:
-      that: true
+    - name: Example assertion
+      assert:
+        that: true
diff --git a/tasks/configure-iptables.yml b/tasks/configure-iptables.yml
index 83b8706..9ad3ca6 100644
--- a/tasks/configure-iptables.yml
+++ b/tasks/configure-iptables.yml
@@ -15,7 +15,7 @@
     source_port: "{{ item.src_port | default(omit) }}"
     state: "{{ item.state | default('present') }}"
     table: filter
-  loop: "{{ vault_iptables|flatten(levels=1) }}"
+  loop: "{{ vault_iptables | flatten(levels=1) }}"
   notify:
     - save iptables rules
 
@@ -35,6 +35,6 @@
     source_port: "{{ item.src_port | default(omit) }}"
     state: "{{ item.state | default('present') }}"
     table: filter
-  loop: "{{ vault_iptables|flatten(levels=1) }}"
+  loop: "{{ vault_iptables | flatten(levels=1) }}"
   notify:
     - save iptables rules
diff --git a/tasks/configure-nfs-mounts.yml b/tasks/configure-nfs-mounts.yml
index 650eccd..7194ec2 100644
--- a/tasks/configure-nfs-mounts.yml
+++ b/tasks/configure-nfs-mounts.yml
@@ -9,7 +9,7 @@
     mode: 0755
 
 - name: NFS-Shares für Logging mounten
-  ansible.builtin.mount:
+  ansible.posix.mount:
     name: "{{ vault_nfs_mounts.log.mountpoint }}"
     src: "{{ vault_nfs_mounts.log.share }}/{{ ansible_hostname }}"
     state: mounted
-- 
GitLab