From 269f1b22740e0b31683d67d4d032ba5b82f994c9 Mon Sep 17 00:00:00 2001 From: Rasmus Wejlgaard Date: Sat, 28 Mar 2026 13:10:16 +0000 Subject: [PATCH 1/5] fix ansible-lint yaml nitpicks - rules-warning.yml: remove trailing blank line - pr-test.yml: quote 'on' key for yaml truthy, add newline at EOF - add .yamllint config to ignore SOPS-encrypted secrets (line-length unfixable without re-encrypting) --- ansible/.yamllint | 11 +++++++++++ ansible/dotfiles/pr-test.yml | 4 ++-- .../grafana/provisioning/alerting/rules-warning.yml | 1 - 3 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 ansible/.yamllint diff --git a/ansible/.yamllint b/ansible/.yamllint new file mode 100644 index 0000000..7967454 --- /dev/null +++ b/ansible/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 160 + truthy: + allowed-values: ["true", "false"] + +ignore: + - group_vars/all/secrets.enc.yaml diff --git a/ansible/dotfiles/pr-test.yml b/ansible/dotfiles/pr-test.yml index ea73335..35b4070 100644 --- a/ansible/dotfiles/pr-test.yml +++ b/ansible/dotfiles/pr-test.yml @@ -1,6 +1,6 @@ name: PR Test -on: +"on": pull_request: branches: - master @@ -27,4 +27,4 @@ jobs: - name: Only build run: | - docker buildx build --platform linux/amd64 --output "type=image,push=false" -f tests/Dockerfile-${{ matrix.distro }} . \ No newline at end of file + docker buildx build --platform linux/amd64 --output "type=image,push=false" -f tests/Dockerfile-${{ matrix.distro }} . diff --git a/ansible/services/grafana/provisioning/alerting/rules-warning.yml b/ansible/services/grafana/provisioning/alerting/rules-warning.yml index 94bfb16..153645b 100644 --- a/ansible/services/grafana/provisioning/alerting/rules-warning.yml +++ b/ansible/services/grafana/provisioning/alerting/rules-warning.yml @@ -239,4 +239,3 @@ groups: labels: severity: warning isPaused: false - From 6f5cb82ab9571f48628023cf8fb156ed097949c5 Mon Sep 17 00:00:00 2001 From: Rasmus Wejlgaard Date: Sat, 28 Mar 2026 13:11:34 +0000 Subject: [PATCH 2/5] remove pr-test.yml --- ansible/dotfiles/pr-test.yml | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 ansible/dotfiles/pr-test.yml diff --git a/ansible/dotfiles/pr-test.yml b/ansible/dotfiles/pr-test.yml deleted file mode 100644 index 35b4070..0000000 --- a/ansible/dotfiles/pr-test.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: PR Test - -"on": - pull_request: - branches: - - master - - main - -jobs: - test: - strategy: - matrix: - distro: - - alpine - - archlinux - - fedora - - ubuntu - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Only build - run: | - docker buildx build --platform linux/amd64 --output "type=image,push=false" -f tests/Dockerfile-${{ matrix.distro }} . From dc10ceacf5797f7b030ba5fdb130bf7f4cfbe959 Mon Sep 17 00:00:00 2001 From: Rasmus Wejlgaard Date: Sat, 28 Mar 2026 13:13:37 +0000 Subject: [PATCH 3/5] fix remaining yaml lint nitpicks - add missing document start (---) to contact-points.yml and docker-compose files - fix extra spaces inside braces in dotfiles and common role tasks --- ansible/roles/common/tasks/main.yml | 6 +++--- ansible/roles/dotfiles/tasks/main.yml | 6 +++--- ansible/services/authelia/docker-compose.yml | 1 + ansible/services/bitwarden/docker-compose.yml | 1 + ansible/services/forgejo/docker-compose.yml | 1 + .../grafana/provisioning/alerting/contact-points.yml | 1 + 6 files changed, 10 insertions(+), 6 deletions(-) diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index b5b6139..06f2d0a 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -88,9 +88,9 @@ line: "{{ item.line }}" state: present loop: - - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin prohibit-password' } - - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' } - - { regexp: '^#?X11Forwarding', line: 'X11Forwarding no' } + - {regexp: '^#?PermitRootLogin', line: 'PermitRootLogin prohibit-password'} + - {regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no'} + - {regexp: '^#?X11Forwarding', line: 'X11Forwarding no'} notify: Restart sshd when: ansible_facts["os_family"] != "FreeBSD" diff --git a/ansible/roles/dotfiles/tasks/main.yml b/ansible/roles/dotfiles/tasks/main.yml index 50be56f..ebd9409 100644 --- a/ansible/roles/dotfiles/tasks/main.yml +++ b/ansible/roles/dotfiles/tasks/main.yml @@ -15,9 +15,9 @@ mode: '0644' backup: true loop: - - { src: 'config/tmux/tmux.conf', dest: '/root/.tmux.conf' } - - { src: 'config/fish/config.fish', dest: '/root/.config/fish/config.fish' } - - { src: 'config/git/gitconfig', dest: '/root/.gitconfig' } + - {src: 'config/tmux/tmux.conf', dest: '/root/.tmux.conf'} + - {src: 'config/fish/config.fish', dest: '/root/.config/fish/config.fish'} + - {src: 'config/git/gitconfig', dest: '/root/.gitconfig'} failed_when: false when: - dotfiles_dir.stat.exists diff --git a/ansible/services/authelia/docker-compose.yml b/ansible/services/authelia/docker-compose.yml index 45af2d0..4ed6fac 100644 --- a/ansible/services/authelia/docker-compose.yml +++ b/ansible/services/authelia/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Authelia - SSO/authentication portal with LLDAP + MariaDB # Host: helsinki-a (100.67.6.27) # Data: /root/authelia/ diff --git a/ansible/services/bitwarden/docker-compose.yml b/ansible/services/bitwarden/docker-compose.yml index 378c28d..581e561 100644 --- a/ansible/services/bitwarden/docker-compose.yml +++ b/ansible/services/bitwarden/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Bitwarden - Self-hosted password manager # Host: helsinki-a (100.67.6.27) # Data: Docker volume (bitwarden) diff --git a/ansible/services/forgejo/docker-compose.yml b/ansible/services/forgejo/docker-compose.yml index b21563c..6c3ee9e 100644 --- a/ansible/services/forgejo/docker-compose.yml +++ b/ansible/services/forgejo/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Forgejo - Self-hosted Git forge # Host: helsinki-a (100.67.6.27) # Data: /srv/forgejo/data diff --git a/ansible/services/grafana/provisioning/alerting/contact-points.yml b/ansible/services/grafana/provisioning/alerting/contact-points.yml index 7257635..9507dee 100644 --- a/ansible/services/grafana/provisioning/alerting/contact-points.yml +++ b/ansible/services/grafana/provisioning/alerting/contact-points.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Contact points — defines where alerts are sent. From dc198eea8118d9ebd659033b14fa67e632701e99 Mon Sep 17 00:00:00 2001 From: Rasmus Wejlgaard Date: Sat, 28 Mar 2026 13:15:46 +0000 Subject: [PATCH 4/5] fix more yaml document-start and comment indentation - add missing --- to 13 more yml files - fix comment indentation in prometheus.yml --- .../grafana/provisioning/alerting/rules-critical.yml | 1 + .../grafana/provisioning/alerting/rules-warning.yml | 1 + .../grafana/provisioning/dashboards/dashboards.yml | 1 + ansible/services/jellyseerr/docker-compose.yml | 1 + ansible/services/minecraft/docker-compose.yml | 1 + ansible/services/miniflux/docker-compose.yml | 1 + ansible/services/navidrome/docker-compose.yml | 1 + ansible/services/nextcloud-aio/docker-compose.yml | 1 + ansible/services/plex-exporter/docker-compose.yml | 1 + ansible/services/poste-io/docker-compose.yml | 1 + ansible/services/prometheus/prometheus.yml | 7 ++++--- ansible/services/slskd/docker-compose.yml | 1 + ansible/services/smartctl-exporter/docker-compose.yml | 1 + 13 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ansible/services/grafana/provisioning/alerting/rules-critical.yml b/ansible/services/grafana/provisioning/alerting/rules-critical.yml index 66c6c90..3216b01 100644 --- a/ansible/services/grafana/provisioning/alerting/rules-critical.yml +++ b/ansible/services/grafana/provisioning/alerting/rules-critical.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Tier 1 — Critical alerts. These page PagerDuty. diff --git a/ansible/services/grafana/provisioning/alerting/rules-warning.yml b/ansible/services/grafana/provisioning/alerting/rules-warning.yml index 153645b..58155f2 100644 --- a/ansible/services/grafana/provisioning/alerting/rules-warning.yml +++ b/ansible/services/grafana/provisioning/alerting/rules-warning.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Tier 2 — Warning alerts. These send email only (non-paging). diff --git a/ansible/services/grafana/provisioning/dashboards/dashboards.yml b/ansible/services/grafana/provisioning/dashboards/dashboards.yml index 37da2ec..2394d91 100644 --- a/ansible/services/grafana/provisioning/dashboards/dashboards.yml +++ b/ansible/services/grafana/provisioning/dashboards/dashboards.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Dashboard provisioning — tells Grafana where to find dashboard JSON files. diff --git a/ansible/services/jellyseerr/docker-compose.yml b/ansible/services/jellyseerr/docker-compose.yml index fa3d215..c2b0dc8 100644 --- a/ansible/services/jellyseerr/docker-compose.yml +++ b/ansible/services/jellyseerr/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Jellyseerr - Media request management # Host: london-b (100.84.65.101) # Data: /var/share/jellyseer diff --git a/ansible/services/minecraft/docker-compose.yml b/ansible/services/minecraft/docker-compose.yml index 4b808f2..dc51069 100644 --- a/ansible/services/minecraft/docker-compose.yml +++ b/ansible/services/minecraft/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Minecraft - PaperMC server # Host: copenhagen-a (100.89.206.60) # Data: Docker volume (minecraft_minecraftserver) diff --git a/ansible/services/miniflux/docker-compose.yml b/ansible/services/miniflux/docker-compose.yml index ac4fdbd..0bab8b9 100644 --- a/ansible/services/miniflux/docker-compose.yml +++ b/ansible/services/miniflux/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Miniflux - RSS reader # Host: london-b (100.84.65.101) # Data: Docker volume (miniflux-db) diff --git a/ansible/services/navidrome/docker-compose.yml b/ansible/services/navidrome/docker-compose.yml index 593c103..3ed1d18 100644 --- a/ansible/services/navidrome/docker-compose.yml +++ b/ansible/services/navidrome/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Navidrome - Music streaming server # Host: london-b (100.84.65.101) # Data: /root/navidrome (config), /hdd/music (library) diff --git a/ansible/services/nextcloud-aio/docker-compose.yml b/ansible/services/nextcloud-aio/docker-compose.yml index 58b08be..c5b7a18 100644 --- a/ansible/services/nextcloud-aio/docker-compose.yml +++ b/ansible/services/nextcloud-aio/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Nextcloud AIO - All-in-one Nextcloud deployment # Host: london-b (100.84.65.101) # Data: Docker volume (nextcloud_aio_mastercontainer) diff --git a/ansible/services/plex-exporter/docker-compose.yml b/ansible/services/plex-exporter/docker-compose.yml index 6afc5ed..c4e76e9 100644 --- a/ansible/services/plex-exporter/docker-compose.yml +++ b/ansible/services/plex-exporter/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Plex exporter - Plex metrics for Prometheus # Host: london-b (100.84.65.101) # Access: http://london-b:9000/metrics diff --git a/ansible/services/poste-io/docker-compose.yml b/ansible/services/poste-io/docker-compose.yml index bd4346d..cc7f371 100644 --- a/ansible/services/poste-io/docker-compose.yml +++ b/ansible/services/poste-io/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Poste.io - Self-hosted mail server # Host: nuremberg-a (100.117.235.28) # Data: /root/postio/data diff --git a/ansible/services/prometheus/prometheus.yml b/ansible/services/prometheus/prometheus.yml index e5dc8c3..a42df80 100644 --- a/ansible/services/prometheus/prometheus.yml +++ b/ansible/services/prometheus/prometheus.yml @@ -1,3 +1,4 @@ +--- # Prometheus configuration — extracted from london-a (FreeBSD) # Config file location on london-a: /usr/local/etc/prometheus.yml # Prometheus runs as: /usr/local/bin/prometheus --config.file=/usr/local/etc/prometheus.yml @@ -11,11 +12,11 @@ alerting: alertmanagers: - static_configs: - targets: - # - alertmanager:9093 + # - alertmanager:9093 rule_files: - # - "first_rules.yml" - # - "second_rules.yml" + # - "first_rules.yml" + # - "second_rules.yml" scrape_configs: - job_name: "prometheus" diff --git a/ansible/services/slskd/docker-compose.yml b/ansible/services/slskd/docker-compose.yml index c6dc9d9..2fe8d0b 100644 --- a/ansible/services/slskd/docker-compose.yml +++ b/ansible/services/slskd/docker-compose.yml @@ -1,3 +1,4 @@ +--- # slskd - Soulseek client (web UI) # Host: london-b (100.84.65.101) # Data: /root/slskd (app), /hdd/music/slskd (downloads) diff --git a/ansible/services/smartctl-exporter/docker-compose.yml b/ansible/services/smartctl-exporter/docker-compose.yml index d83c9ec..657f18e 100644 --- a/ansible/services/smartctl-exporter/docker-compose.yml +++ b/ansible/services/smartctl-exporter/docker-compose.yml @@ -1,3 +1,4 @@ +--- # smartctl-exporter - SMART disk metrics for Prometheus # Host: london-b (100.84.65.101) # Access: http://london-b:9633/metrics From 46063246a2517a73343c90d6010311240a8c7706 Mon Sep 17 00:00:00 2001 From: Rasmus Wejlgaard Date: Sat, 28 Mar 2026 13:17:42 +0000 Subject: [PATCH 5/5] fix last 3 yaml lint failures - add missing --- to notification-policy.yml - prometheus.yml: replace commented-out template defaults with empty lists --- .../grafana/provisioning/alerting/notification-policy.yml | 1 + ansible/services/prometheus/prometheus.yml | 7 ++----- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/ansible/services/grafana/provisioning/alerting/notification-policy.yml b/ansible/services/grafana/provisioning/alerting/notification-policy.yml index 9b4a6d4..0ef3d8e 100644 --- a/ansible/services/grafana/provisioning/alerting/notification-policy.yml +++ b/ansible/services/grafana/provisioning/alerting/notification-policy.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Notification routing policy. diff --git a/ansible/services/prometheus/prometheus.yml b/ansible/services/prometheus/prometheus.yml index a42df80..e85a017 100644 --- a/ansible/services/prometheus/prometheus.yml +++ b/ansible/services/prometheus/prometheus.yml @@ -11,12 +11,9 @@ global: alerting: alertmanagers: - static_configs: - - targets: - # - alertmanager:9093 + - targets: [] -rule_files: - # - "first_rules.yml" - # - "second_rules.yml" +rule_files: [] scrape_configs: - job_name: "prometheus"