Merge pull request #435 from konstruktoid/lint

lint rewrite

defaults/main/password.yml

@@ -23,7 +23,7 @@ password_remember: 5
 pwquality:
   dcredit: -1
   dictcheck: 1
-  dictpath: ''
+  dictpath: ""
   difok: 8
   enforce_for_root: true
   enforcing: 1

defaults/main/sshd.yml

@@ -59,7 +59,7 @@ sshd_kex_algorithms:
   - ecdh-sha2-nistp256
   - diffie-hellman-group-exchange-sha256
 sshd_listen:
-  - 0.0.0.0
+  - "0.0.0.0"
 sshd_log_level: VERBOSE
 sshd_login_grace_time: 20
 sshd_macs:
@@ -73,7 +73,7 @@ sshd_match_local_ports: {}
 sshd_match_users: {}
 sshd_max_auth_tries: 3
 sshd_max_sessions: 3
-sshd_max_startups: '10:30:60'
+sshd_max_startups: 10:30:60
 sshd_password_authentication: false
 sshd_permit_empty_passwords: false
 sshd_permit_root_login: false
@@ -88,8 +88,8 @@ sshd_rekey_limit: 512M 1h
 sshd_required_rsa_size: 2048
 sshd_sftp_enabled: true
 sshd_sftp_only_chroot: true
-sshd_sftp_only_chroot_dir: '%h'
-sshd_sftp_only_group: ''
+sshd_sftp_only_chroot_dir: "%h"
+sshd_sftp_only_group: ""
 sshd_sftp_subsystem: internal-sftp -f LOCAL6 -l INFO
 sshd_strict_modes: true
 sshd_syslog_facility: AUTH

molecule/almalinux/molecule.yml

@@ -20,15 +20,15 @@ provisioner:
       almalinux8:
         enable_timesyncd: false
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
         suid_sgid_permissions: false
       almalinux9:
         enable_timesyncd: false
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo

molecule/debian/molecule.yml

@@ -20,7 +20,7 @@ provisioner:
       bookworm:
         ansible_python_interpreter: /usr/bin/python3
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
@@ -30,7 +30,7 @@ provisioner:
         ansible_become_pass: vagrant
         ansible_python_interpreter: /usr/bin/python3
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
@@ -39,7 +39,7 @@ provisioner:
         ansible_become_pass: vagrant
         ansible_python_interpreter: /usr/bin/python3
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo

molecule/default/molecule.yml

@@ -19,15 +19,15 @@ provisioner:
         enable_timesyncd: false
         install_aide: false
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
         suid_sgid_permissions: false
       almalinux9:
         enable_timesyncd: false
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
@@ -36,7 +36,7 @@ provisioner:
         ansible_python_interpreter: /usr/bin/python3
         disable_wireless: false
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
@@ -46,7 +46,7 @@ provisioner:
         disable_wireless: true
         install_aide: false
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
@@ -56,7 +56,7 @@ provisioner:
         block_blacklisted: true
         disable_wireless: true
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo

molecule/default/verify.yml

@@ -83,7 +83,7 @@
 
     - name: Set ssh version as fact
       ansible.builtin.set_fact:
-        ssh_installed_version: "{{ ssh_version.stderr | regex_search('^OpenSSH_([0-9+].[0-9]+)', '\\1') | join('.') | float }}"  # noqa jinja[spacing]
+        ssh_installed_version: "{{ ssh_version.stderr | regex_search('^OpenSSH_([0-9+].[0-9]+)', '\\1') | join('.') | float }}" # noqa jinja[spacing]
       tags:
         - sshd
         - sshd_config
@@ -323,8 +323,7 @@
         _listenaddress: "{{ ['ListenAddress '] | product(sshd_listen) | map('join') | list }}"
         _port: "{{ ['Port '] | product(sshd_ports) | map('join') | list }}"
       ansible.builtin.set_fact:
-        sshd_config_parameters:
-          "{{ (sshd_config_parameters + _hostkey + _listenaddress + _port) | select() }}"
+        sshd_config_parameters: "{{ (sshd_config_parameters + _hostkey + _listenaddress + _port) | select() }}"
 
     - name: Verify sshd configuration
       become: true

molecule/redhat/molecule.yml

@@ -22,7 +22,7 @@ provisioner:
     host_vars:
       redhat:
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo

molecule/single/molecule.yml

@@ -20,7 +20,7 @@ provisioner:
       focal:
         disable_ipv6: true
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo

molecule/ubuntu/molecule.yml

@@ -19,25 +19,25 @@ provisioner:
     host_vars:
       focal:
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
       jammy:
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
       lunar:
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo
       mantic:
         sshd_admin_net:
-          - 0.0.0.0/0
+          - "0.0.0.0/0"
         sshd_allow_groups:
           - vagrant
           - sudo

tasks/compilers_dnf_post_transaction_actions_plugin.yml

@@ -5,7 +5,7 @@
   block:
     - name: Get package name rpm of binary file {{ item }}
       become: true
-      ansible.builtin.command: rpm --query --queryformat='%{NAME}' --file {{ item }}  # noqa command-instead-of-module
+      ansible.builtin.command: rpm --query --queryformat='%{NAME}' --file {{ item }} # noqa command-instead-of-module
       register: compiler_package
       changed_when: compiler_package.rc != 0
       check_mode: false

tasks/password.yml

@@ -81,7 +81,7 @@
     - name: Remove 'nullok'
       ansible.builtin.replace:
         path: "{{ item }}"
-        regexp: '\s*nullok'
+        regexp: \s*nullok
         mode: "0644"
         owner: root
         group: root
@@ -99,8 +99,8 @@
     - name: Set hashing algorithm for password
       ansible.builtin.replace:
         path: "{{ item }}"
-        regexp: '\s+(bigcrypt|blowfish|gost_yescrypt|md5|sha256|sha512|yescrypt)\s+'
-        replace: ' {{ password_algorithm }} '
+        regexp: \s+(bigcrypt|blowfish|gost_yescrypt|md5|sha256|sha512|yescrypt)\s+
+        replace: " {{ password_algorithm }} "
         mode: "0644"
         owner: root
         group: root
@@ -116,8 +116,8 @@
     - name: Set rounds
       ansible.builtin.replace:
         path: "{{ item }}"
-        regexp: '(\s+{{ password_algorithm }}.*?(?=\s+rounds=\d+|$))(\s+rounds=\d+)*'
-        replace: '\1 rounds={{ "65536" if (password_algorithm == "sha512") else "8" }}'
+        regexp: (\s+{{ password_algorithm }}.*?(?=\s+rounds=\d+|$))(\s+rounds=\d+)*
+        replace: \1 rounds={{ "65536" if (password_algorithm == "sha512") else "8" }}
         mode: "0644"
         owner: root
         group: root
@@ -133,8 +133,8 @@
     - name: Set remember
       ansible.builtin.replace:
         path: "{{ item }}"
-        regexp: '(\s+use_authtok.*?(?=\s+remember=\d+|$))(\s+remember=\d+)*'
-        replace: '\1 remember={{ password_remember }}'
+        regexp: (\s+use_authtok.*?(?=\s+remember=\d+|$))(\s+remember=\d+)*
+        replace: \1 remember={{ password_remember }}
         mode: "0644"
         owner: root
         group: root

tasks/sysctl.yml

@@ -8,8 +8,8 @@
 - name: Template the sysctl file with general sysctl hardening settings
   become: true
   ansible.builtin.template:
-    src: '{{ sysctl_main_config_template }}'
-    dest: '{{ sysctl_conf_dir }}/zz-main-hardening.conf'
+    src: "{{ sysctl_main_config_template }}"
+    dest: "{{ sysctl_conf_dir }}/zz-main-hardening.conf"
     mode: "0755"
     owner: root
     group: root