pre-commit overhaul. (4a51650f) · Commits · shore / homelab

.pre-commit-config.yaml

+110 −23

Original line number	Diff line number	Diff line
		---
		repos:
		- repo: https://github.com/pre-commit/pre-commit-hooks.git
		rev: v3.4.0
		rev: v4.0.1
		hooks:
		- id: check-added-large-files
		- id: check-executables-have-shebangs
		- id: check-json
		- id: check-merge-conflict
		- id: check-shebang-scripts-are-executable
		- id: check-symlinks
		- id: check-toml
		- id: check-xml
		- id: check-yaml
		exclude: ^Ansible/roles/(wap\|router)/vars/main\.yaml$
		- id: detect-private-key
		- id: end-of-file-fixer
		- id: trailing-whitespace
		exclude: \.diff$

		- repo: https://github.com/Yelp/detect-secrets
		rev: v0.14.3
		- repo: https://github.com/codespell-project/codespell.git
		rev: v2.1.0
		hooks:
		- id: codespell
		args:
		- '-L=doas,fo'

		- repo: https://github.com/Yelp/detect-secrets.git
		rev: v1.1.0
		hooks:
		- id: detect-secrets
		exclude: \|-
		nsd/shore\.co\.il\|roles/router/vars/main\.yaml\|roles/wap/vars/main\.yaml
		exclude: ^Ansible/roles/router/files/nsd/

		- repo: https://github.com/adrienverge/yamllint
		rev: v1.25.0
		- repo: https://gitlab.com/devopshq/gitlab-ci-linter.git
		rev: v1.0.4
		hooks:
		- id: yamllint
		- id: gitlab-ci-linter
		args:
		- "--server"
		- https://git.shore.co.il

		- repo: https://github.com/amperser/proselint/
		- repo: https://github.com/amperser/proselint.git
		rev: 0.10.2
		hooks:
		- id: proselint
		types: [markdown]
		types: [plain-text]
		exclude: LICENSE

		- repo: https://github.com/adrienverge/yamllint.git
		rev: v1.26.3
		hooks:
		- id: yamllint

		- repo: https://github.com/executablebooks/mdformat.git
		rev: 0.5.3
		rev: 0.7.10
		hooks:
		- id: mdformat

		- repo: https://git.shore.co.il/nimrod/shell-pre-commit.git
		rev: v0.6.0
		- repo: https://github.com/ambv/black.git
		rev: 21.9b0
		hooks:
		- id: shell-lint
		- id: black
		args:
		- \|
		--line-length=79

		- repo: https://github.com/shellcheck-py/shellcheck-py.git
		rev: v0.7.1.1
		- repo: https://github.com/Lucas-C/pre-commit-hooks-markup.git
		rev: v1.0.1
		hooks:
		- id: shellcheck
		- id: rst-linter

		- repo: https://github.com/myint/rstcheck.git
		rev: master
		hooks:
		- id: rstcheck

		- repo: https://github.com/PyCQA/prospector.git
		rev: 1.5.1
		hooks:
		- id: prospector
		args:
		- \|-
		--max-line-length=79
		- \|-
		--with-tool=pyroma
		- \|-
		--with-tool=bandit
		- \|-
		--without-tool=pep257
		- \|-
		--doc-warnings
		- \|-
		--test-warnings
		- \|-
		--full-pep8
		- \|-
		--strictness=high
		- \|-
		--no-autodetect
		additional_dependencies:
		- bandit
		- pyroma

		- repo: https://gitlab.com/pycqa/flake8.git
		rev: 3.9.2
		hooks:
		- id: flake8
		args:
		- \|-
		--doctests
		additional_dependencies:
		- flake8-bugbear

		- repo: https://git.shore.co.il/ansible/ansible-pre-commit.git
		rev: v0.10.0
		- repo: https://github.com/pre-commit/pre-commit.git
		rev: v2.15.0
		hooks:
		- id: validate_manifest

		- repo: https://git.shore.co.il/nimrod/pre-commit-hooks.git
		rev: v0.2.0
		hooks:
		- id: shell-validate
		- id: ansible-syntax-check
		# yamllint disable-line rule:line-length
		files: (bootstrap\|update\|renew-certs\|debian_server\|kodi\|router)\.yaml
		- id: terraform-fmt
		- id: terraform-validate
		- id: poetry-check
		- id: docker-compose

		- repo: https://github.com/ansible/ansible-lint
		rev: v4.3.7
		- repo: https://github.com/shellcheck-py/shellcheck-py.git
		rev: v0.7.2.1
		hooks:
		- id: shellcheck

		- repo: https://github.com/ansible/ansible-lint.git
		rev: v5.1.3
		hooks:
		- id: ansible-lint

		- repo: https://github.com/AleksaC/hadolint-py.git
		rev: v2.1.0
		hooks:
		- id: hadolint

Ansible/ansible.cfg

+1 −1

Original line number	Diff line number	Diff line
		@@ -11,7 +11,7 @@ pipelining = True
		retry_files_save_path = /tmp/
		system_warnings = True
		unparsed_is_failed = True
		vault_password_file = vault-passhole
		vault_password_file = vault-passhole ;# pragma: allowlist secret
		verbosity = 2

		[inventory]

Ansible/roles/debian_server/tasks/main.yml

+1 −0

Original line number	Diff line number	Diff line
		@@ -92,6 +92,7 @@
		backup: true
		create: true
		line: '{{ item }}: {{ item }}@shore.co.il'
		mode: 0o0644
		path: /etc/aliases
		regexp: '^{{ item }}:'
		state: present

Ansible/roles/router/files/pf.conf

+1 −1

Original line number	Diff line number	Diff line
		@@ -49,7 +49,7 @@ pass in quick proto tcp to (egress:0) port { smtp, submission, imaps } rdr-to ho
		pass out quick proto tcp to host01.shore.co.il port { submission, smtp, imaps } received-on ingress nat-to ingress set prio ( 4, 6 )
		pass in quick proto { tcp, udp } to (egress:0) port bittorrent rdr-to kodi.shore.co.il set queue bulk set prio 1

		# Allowd NAT and proxying
		# Allowed NAT and proxying
		#pass in quick on ingress inet proto tcp to egress:network port www divert-to localhost port wwwproxy
		pass in quick on ingress inet proto tcp to port ftp divert-to localhost port ftpproxy
		pass in quick on ingress inet to !(ingress:0)

Ansible/roles/router/tasks/main.yaml

+3 −2

Original line number	Diff line number	Diff line
		---
		- name: Configure sysctl
		ignore_errors: true
		with_dict:
		net.inet.ip.forwarding: "1"
		ansible.posix.sysctl:
		@@ -66,9 +65,11 @@

		- name: Configure the network interfaces
		with_dict:
		# yamllint disable rule:line-length
		em1: \|
		description "Connected to the fiber cable, used for PPPoE connection to the ISP."
		up
		# yamllint enable rule:line-length
		em5: \|
		description "Connected to internal LAN."
		inet 192.168.3.1 255.255.255.0
		@@ -498,7 +499,7 @@
		fw_update -an \| grep -v '^quirks'
		dest: /etc/daily.local
		group: wheel
		mode: 0o044
		mode: 0o0444
		owner: root
		tags:
		- cron