Fix CI, edit TODO

.ansible-lint

@@ -1,9 +1,6 @@
-# [108] role names have "-"
-# [208] file permissions not mentioned
+---
 skip_list:
-  - '106'
-  - '208'
-# use_default_rules: true
-# verbosity: 1
-
-# example: https://opendev.org/openstack/openstack-zuul-jobs/src/branch/master/.ansible-lint
+  - "risky-file-permissions"
+  - "var-naming[no-role-prefix]"
+  - "package-latest"
+  - "no-changed-when"

.github/workflows/lint.yml

@@ -1,53 +1,37 @@
 ---
-name: Run linters
+name: Linters
 
-on:
+"on":
   push:
     branches:
       - main
   pull_request:
-
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
 jobs:
-###############
   ansible-lint:
     name: ansible-lint
     runs-on: ubuntu-latest
     steps:
-      - name: Check out the codebase
-        uses: actions/checkout@v2
-
-      - name: Set up Python 3
-        uses: actions/setup-python@v2
-        with:
-          python-version: '3.x'
-
-      - name: Install ansible-lint
-        # run: pip3 install ansible-lint==4.3.7
-        run: pip3 install ansible-lint
-
+      - uses: actions/checkout@v4
       - name: Run ansible-lint
-        # ansible-lint ./provisioning.yml -x 106,208
-        run: |
-          ansible-lint ./provisioning.yml
-###############
+        uses: ansible/ansible-lint@main # or version tag instead of 'main'
+
   yamllint:
-    name: yamllint
+    name: yaml-lint
     runs-on: ubuntu-latest
     steps:
-      - name: Check out the codebase
-        uses: actions/checkout@v2
-
-      - name: Set up Python 3
-        uses: actions/setup-python@v2
+      - uses: actions/checkout@master
+      - name: Run yamllint
+        uses: karancode/yamllint-github-action@master
         with:
-          python-version: '3.x'
-
-      - name: Install yamllint
-        run: pip3 install yamllint
+          yamllint_strict: true
+          yamllint_comment: false
 
-      - name: Run yamllint
-        run: |
-          yamllint .
+  markdown-lint:
+    name: markdown-lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - uses: articulate/actions-markdownlint@v1

README.md

@@ -1,5 +1,7 @@
 # Ansible playbook for provisioning mayurifag.ru
 
+[![Linters](https://github.com/Mayurifag/mayurifag.ru/actions/workflows/lint.yml/badge.svg)](https://github.com/Mayurifag/mayurifag.ru/actions/workflows/lint.yml)
+
 ## Description
 
 **DONT USE THIS REPOSITORY NO MATTER WHAT** due to security reasons (i.e. there
@@ -17,15 +19,15 @@ Cloudflare or your favourite DNS provider.
 
 ### VPS
 
-- Debian 10-11 (maybe works fine on other `apt` distros)
-- Large folder for docker data (Done by VPS via large disk)
-- ssh authorization key for root user (Done by VPS or
+* Debian 10-11 (maybe works fine on other `apt` distros)
+* Large folder for docker data (Done by VPS via large disk)
+* ssh authorization key for root user (Done by VPS or
 `ssh-copy-id [email protected]`)
 
 ### Your PC
 
-- Ansible `python3 -m pip install --user ansible`
-- (only MacOS) - passlib `python3 -m pip install --user passlib` (to use crypto
+* Ansible `python3 -m pip install --user ansible`
+* (only MacOS) - passlib `python3 -m pip install --user passlib` (to use crypto
 module from ansible)
 
 ## Instructions
@@ -54,13 +56,13 @@ apt-get --allow-releaseinfo-change update
 
 #### Optional in-before steps
 
-- Remove old remote host identification
+* Remove old remote host identification
 
 ```sh
 ssh-keygen -R mayurifag.ru ; ssh-keygen -R $(host mayurifag.ru | awk '/has address/ {print $4}')
 ```
 
-- Generate new ssh key and add it to your inventory vars file
+* Generate new ssh key and add it to your inventory vars file
 
 ```sh
 ssh-keygen -t rsa -b 4096 -C "[email protected]" -f ~/Desktop/mayurifag.ru
@@ -69,7 +71,7 @@ vi inventories/my-provision/group_vars/sample.yml # add key here in section
 keepassxc # Make new ssh agent entry
 ```
 
-- Make new ssh config section. You need to change it after deploy.
+* Make new ssh config section. You need to change it after deploy.
 
 ```sh
 vi ~/.ssh/config
@@ -126,76 +128,78 @@ need to deploy my services once again.
 
 ### High priority
 
-- [x] Some strange things with Traefik config. If problem with "my-headers@file" ->
-  return "my-headers@file"
-- [ ] Log rotation for docker containers
-- [ ] ~~https://github.com/alexta69/metube~~
-- [ ] ~~Add cleaning up apt-get to get extra 1GB~~
-- [ ] ~~Think how to rotate logs easily for docker (takes all the space in a year or more)~~
-- [ ] Ssh configuration: change port and make the sshd configuration cheatsheet with Readme
-- [x] Comment out ports sections on containers and try to work with them
-- [x] Add Dozzle <https://github.com/amir20/dozzle>
-- [ ] Uptime Kuma
-- [x] Blocky DNS
-- [ ] Add systemd services
-- [ ] Migrate to dashboard which is easy maintainable: flame (with labels)
-- [ ] Add Authentik / Remove baseauth
-- [ ] Add Cloudflare companion tiredofit/traefik-cloudflare-companion:latest docker
-- [ ] Add Vikunja <https://vikunja.io/docs/full-docker-example/>
-- [ ] Move this section to issues and kanban
-- [ ] Add zswap
-- [ ] ~~<https://github.com/pglombardo/PasswordPusher>~~
-- [x] Migrate from mysql to postgres for nextcloud. Look other perfomance boosters. cron at docker for nextcloud. bump versions
-  - [x] <https://github.com/ReinerNippes/nextcloud_on_docker>
-  - [x] <https://help.nextcloud.com/t/howto-ubuntu-docker-nextcloud-talk-collabora/76430>
-  - [x] <https://docs.nextcloud.com/server/18/admin_manual/configuration_server/caching_configuration.html>
-  - [x] <https://docs.nextcloud.com/server/18/admin_manual/installation/server_tuning.html>
+* [x] Some strange things with Traefik config. If problem with
+  "my-headers@file" -> return "my-headers@file"
+* [ ] Log rotation for docker containers - or default settings after install
+* [ ] ~~<https://github.com/alexta69/metube>~~
+* [ ] ~~Add cleaning up apt-get to get extra 1GB~~
+* [ ] ~~Think how to rotate logs easily for docker (takes all the space in a
+  year or more)~~
+* [ ] Ssh configuration: change port and make the sshd configuration cheatsheet
+  with Readme
+* [x] Comment out ports sections on containers and try to work with them
+* [x] Add Dozzle <https://github.com/amir20/dozzle>
+* [ ] ~~Uptime Kuma~~
+* [x] Blocky DNS
+* [ ] ~~Add systemd services - do I need them or I'm fine~~
+* [ ] Migrate to dashboard which is easy maintainable: flame (with labels)
+* [ ] Add Authentik / Remove baseauth
+* [ ] Add Cloudflare companion tiredofit/traefik-cloudflare-companion:latest docker
+* [ ] ~~Add Vikunja <https://vikunja.io/docs/full-docker-example/>~~
+* [ ] Move this section to issues and kanban
+* [ ] Add zswap
+* [ ] ~~<https://github.com/pglombardo/PasswordPusher>~~
+* [x] Migrate from mysql to postgres for nextcloud. Look other perfomance
+  boosters. cron at docker for nextcloud. bump versions
+  * [x] <https://github.com/ReinerNippes/nextcloud_on_docker>
+  * [x] <https://help.nextcloud.com/t/howto-ubuntu-docker-nextcloud-talk-collabora/76430>
+  * [x] <https://docs.nextcloud.com/server/18/admin_manual/configuration_server/caching_configuration.html>
+  * [x] <https://docs.nextcloud.com/server/18/admin_manual/installation/server_tuning.html>
 
 ### Medium priority
 
-- [ ] https://github.com/epoupon/lms
-- [ ] Add automatic backup solution (duplicati?). Do I need anything more than
+* [x] <https://github.com/epoupon/lms>
+* [ ] Add automatic backup solution (duplicati?). Do I need anything more than
       /data/docker_data?
-- [ ] Add ufw with rules + make docker respect the rules
-- [ ] Add pastebin
-- [ ] ~~Make traefik to write logs to file + logrotate them~~
-- [ ] Suggest if I need more fail2ban jail rules
-  - [ ] <https://shadowsocks.org/en/wiki/Setup-fail2ban.html>
-- [ ] Add motd.txt to server
-  - [ ] About lazydocker
-  - [ ] Aliases
-- [ ] ~~<https://github.com/EmbarkStudios/wg-ui>~~
-- [x] Navidrome
-- [x] Doku https://github.com/tborychowski/self-hosted-cookbook/blob/master/apps/docker/doku.md
-- [ ] ~~<https://github.com/tborychowski/self-hosted-cookbook/blob/master/apps/other/firefox.md>~~
-- [x] FileRun
-- [x] Simple proxy server in docker
-- [x] Makefiles + info to launch only specified tags
-- [ ] Librespeed
+* [ ] Add ufw with rules + make docker respect the rules
+* [ ] Add pastebin
+* [ ] ~~Make traefik to write logs to file + logrotate them~~
+* [ ] Suggest if I need more fail2ban jail rules
+  * [ ] <https://shadowsocks.org/en/wiki/Setup-fail2ban.html>
+* [ ] Add motd.txt to server
+  * [ ] About lazydocker
+  * [ ] Aliases
+* [ ] ~~<https://github.com/EmbarkStudios/wg-ui>~~
+* [x] Navidrome
+* [x] Doku <https://github.com/tborychowski/self-hosted-cookbook/blob/master/apps/docker/doku.md>
+* [ ] ~~<https://github.com/tborychowski/self-hosted-cookbook/blob/master/apps/other/firefox.md>~~
+* [x] FileRun
+* [x] Simple proxy server in docker
+* [x] Makefiles + info to launch only specified tags
 
 ### Low priority
 
-- [ ] Add zsh
-- [ ] Make CI working
-- [x] Add instructions for requirements and deployment
-- [ ] Try to make deploy from zero to hero. Add instructions if needed.
-- [x] Add lightweight filesharing nextcloud alternative (FileRun?)
-- [ ] Add web analytics (matomo?)
-- [ ] Add rocket.chat
-- [ ] Add url shortener
-- [ ] Add wiki
-- [ ] Add ci/cd runner for gitlab/github
-- [ ] Add bitwarden
-- [ ] Add Git (gitea/gitlab)
-- [ ] Check security <https://github.com/docker/docker-bench-security> <https://github.com/quay/clair>
-- [ ] Make connection to docker through proxy fluencelabs/docker-socket-proxy
-- [x] Migrate from dante to something docker based
-  - [x] <https://hub.docker.com/r/serjs/go-socks5-proxy/>
-  - [x] <https://github.com/schors/tgdante2>
-- [x] Migrate from shadowsocks-rust + v2ray to shadowsocks2-go + x-ray / maybe docker
-  - [x] <https://github.com/dmirubtsov/ss-xray-docker>
-  - [x] <https://habr.com/ru/post/358126/>
-- [ ] https://hub.docker.com/r/linuxserver/librespeed
+* [ ] Add zsh
+* [ ] Make CI working
+* [x] Add instructions for requirements and deployment
+* [ ] Try to make deploy from zero to hero. Add instructions if needed.
+* [x] Add lightweight filesharing nextcloud alternative (FileRun?)
+* [ ] Add web analytics (matomo?)
+* [ ] Add rocket.chat
+* [ ] ~~Add url shortener~~
+* [ ] Add wiki
+* [ ] Add Git (gitea/gitlab/else)
+  * [ ] Add ci/cd runner for selfhosted git
+* [x] Add ~~bitwarden~~ Vaultwarden
+* [ ] Check security <https://github.com/docker/docker-bench-security> <https://github.com/quay/clair>
+* [ ] Make connection to docker through proxy fluencelabs/docker-socket-proxy
+* [x] Migrate from dante to something docker based
+  * [x] <https://hub.docker.com/r/serjs/go-socks5-proxy/>
+  * [x] <https://github.com/schors/tgdante2>
+* [x] Migrate from shadowsocks-rust + v2ray to shadowsocks2-go + x-ray / maybe docker
+  * [x] <https://github.com/dmirubtsov/ss-xray-docker>
+  * [x] <https://habr.com/ru/post/358126/>
+* [ ] <https://hub.docker.com/r/linuxserver/librespeed>
 
 ## Older implementation
 
@@ -206,8 +210,8 @@ migrate into newer implementation.
 
 ## Based on / inspired / helpful
 
-- <https://github.com/davestephens/ansible-nas>
-- <https://davidstephens.uk/ansible-nas/testing>
-- <https://www.smarthomebeginner.com/traefik-2-docker-tutorial>
-- <https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker>
-- <https://www.reddit.com/r/selfhosted/>
+* <https://github.com/davestephens/ansible-nas>
+* <https://davidstephens.uk/ansible-nas/testing>
+* <https://www.smarthomebeginner.com/traefik-2-docker-tutorial>
+* <https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker>
+* <https://www.reddit.com/r/selfhosted/>

collections/requirements.yml

@@ -0,0 +1,8 @@
+---
+collections:
+  - name: community.docker
+    version: 3.9.0
+  - name: community.general
+    version: 8.6.0
+  - name: ansible.posix
+    version: 1.5.4

provisioning.yml

@@ -1,5 +1,6 @@
 ---
-- hosts: all
+- name: Bootstrap
+  hosts: all
   become: yes
   gather_facts: no
   roles:
@@ -8,7 +9,8 @@
         - bootstrap
       when: (bootstrap_enabled | default(True))
 
-- hosts: all
+- name: Provisioning
+  hosts: all
   gather_facts: no
   roles:
     ###
@@ -24,11 +26,11 @@
         - swap
       when: (swap_enabled | default(False))
 
-    - role: server-general-preparations
+    - role: server_general_preparations
       tags:
         - mayurifag-general
 
-    - role: upgrade-packages
+    - role: upgrade_packages
       tags:
         - mayurifag-general
 

roles/blocky/tasks/main.yml

@@ -1,23 +1,23 @@
 ---
 - name: Delete Blocky directory
-  file:
+  ansible.builtin.file:
     path: "{{ blocky_data_directory }}"
     state: absent
 
 - name: Create Blocky directory
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
   with_items:
     - "{{ blocky_data_directory }}/"
 
 - name: Template Blocky config.yaml
-  template:
+  ansible.builtin.template:
     src: config.yaml.j2
     dest: "{{ blocky_data_directory }}/config.yaml"
 
 - name: Blocky Docker Container
-  docker_container:
+  community.docker.docker_container:
     name: blocky
     image: spx01/blocky
     pull: true

roles/cheatsheet/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 # TODO: show only if enabled
 - name: Show cheatsheet
-  pause:
+  ansible.builtin.pause:
     seconds: 1
     prompt: |
       ===============================

roles/doku/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Doku Docker Container
-  docker_container:
+  community.docker.docker_container:
     name: doku
     image: amerkurev/doku
     pull: true

roles/dozzle/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Create Dozzle Docker Container
-  docker_container:
+  community.docker.docker_container:
     name: dozzle
     image: amir20/dozzle:latest
     pull: true