improve to within linting rules

group_vars/all/secret_vault.yaml.example

@@ -8,4 +8,3 @@ default_passphrase: "kyEoeYaleIbS2LvdahoAJ0XYc4XguIHV"
 default_password: "4sYnCr0n0uzB4cKing15theway"
 porkbun_api_key: pk1_xxx
 porkbun_secret_key: sk1_xxx
-...

roles/setup_install_arbitrum/tasks/main.yaml

@@ -59,8 +59,8 @@
     repo: "{{ item.url }}"
     version: "{{ item.version }}"
   when:
-    - arbnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not arbnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != arbitrum_version
   with_items:
     - { url: "{{ arbitrum_git_repo }}", version: "v{{ arbitrum_version }}", dest: "arbitrum" }
@@ -76,7 +76,7 @@
     creates: "/usr/local/lib/librocksdb.so.{{ arbitrum_rocksdb_version }}"
     chdir: "{{ arbitrum_build_path }}/rocksdb"
   when:
-    - rocksdb.stat.exists == False
+    - not rocksdb.stat.exists
 
 - name: Generate ldconfig file for rocksdb installation
   ansible.builtin.template:
@@ -117,8 +117,8 @@
     creates: "{{ arbitrum_build_path }}/arbitrum/packages/arb-avm-cpp/build/bin/avm_runner"
     chdir: "{{ arbitrum_build_path }}/arbitrum"
   when:
-    - arbnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not arbnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != arbitrum_version
   environment:
     GOROOT: "/usr/local/go"
@@ -140,8 +140,8 @@
     chdir: "{{ arbitrum_build_path }}/arbitrum/packages/arb-rpc-node"
     creates: "{{ arbitrum_base }}/go"
   when:
-    - arbnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not arbnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != arbitrum_version
   environment:
     GOROOT: "/usr/local/go"
@@ -163,8 +163,8 @@
     GOPATH: "{{ arbitrum_base }}/go"
     PATH: "$GOPATH/bin:$GOROOT/bin:/usr/local/go/bin:/usr/local/bin:/usr/bin:/bin"
   when:
-    - arbnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not arbnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != arbitrum_version
   with_items:
     - { path: "packages/arb-rpc-node/cmd", name: "arb-node" }

roles/setup_install_avalanche/tasks/main.yaml

@@ -44,7 +44,7 @@
     creates: "{{ avalanche_base }}/avalanchego-v{{ avalanche_version }}"
   register: avalanche_install
   when:
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != avalanche_version
   notify:
     - Add Service Pinned Status
@@ -95,9 +95,9 @@
     group: "{{ avalanche_user }}"
     mode: '0755'
   when:
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != avalanche_version
-    - avalanche_enable_swimmer == True
+    - avalanche_enable_swimmer
 
 - name: Copy Swimmer extra configs if needed
   ansible.builtin.copy:
@@ -107,7 +107,7 @@
     group: "{{ avalanche_user }}"
     mode: u+rw,g-wx,o-wx
   when:
-    - avalanche_enable_swimmer == True
+    - avalanche_enable_swimmer
   with_items:
     - { source: "chain_1_config.json", destination: "{{ avalanche_chain_config_path }}/2Sk6j8TYVQc2oR1TtUz64EWHAYjDUoDQ4hpbu6FMN2JBKC77xa/config.json" }
     - { source: "chain_2_config.json", destination: "{{ avalanche_chain_config_path }}/2K33xS9AyP9oCDiHYKVrHe7F54h2La5D8erpTChaAhdzeSu2RX/config.json" }

roles/setup_install_foundry/tasks/main.yaml

@@ -12,21 +12,21 @@
     mode: "u+rwx"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-  when: foundryup.stat.exists == False
+  when: not foundryup.stat.exists
   notify:
     - Run foundry installer script
     - Execute Foundry Installer
 
 - name: Run foundry installer script
   ansible.builtin.shell:
     cmd: "/tmp/foundry_install"
-  when: foundryup.stat.exists == False
+  when: not foundryup.stat.exists
   environment:
     FOUNDRY_DIR: /usr/local
 
 - name: Execute Foundry Installer
   ansible.builtin.shell:
     cmd: /usr/local/bin/foundryup
-  when: foundryup.stat.exists == False
+  when: not foundryup.stat.exists
   environment:
     FOUNDRY_DIR: /usr/local

roles/setup_install_optimism/tasks/main.yaml

@@ -91,8 +91,8 @@
     repo: "{{ item.url }}"
     version: "{{ item.version }}"
   when:
-    - optimismnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not optimismnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != optimism_version
   with_items:
     - { url: "{{ optimism_git_repo }}", version: "@eth-optimism/sdk@{{ optimism_version }}", dest: "optimism" }
@@ -105,8 +105,8 @@
       - yarn
     chdir: "{{ optimism_build_path }}/optimism"
   when:
-    - optimismnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not optimismnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != optimism_version
 
 - name: Run yarn build
@@ -118,8 +118,8 @@
       - build
     chdir: "{{ optimism_build_path }}/optimism"
   when:
-    - optimismnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not optimismnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != optimism_version
 
 - name: Run make geth
@@ -139,8 +139,8 @@
     # that does not source /etc/profile where go env settings are stored.
     # So setting all those here is fast
   when:
-    - optimismnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not optimismnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != optimism_version
 
 - name: Install optimism
@@ -150,8 +150,8 @@
       - "{{ optimism_build_path }}/optimism"
       - "{{ optimism_base }}/optimism-v{{ optimism_version }}"
   when:
-    - optimismnode.stat.exists == False
-    - ansible_local['noderole']['node']['pinned'] != "True"
+    - not optimismnode.stat.exists
+    - not ansible_local['noderole']['node']['pinned']
     - ansible_local['noderole']['node']['version'] != optimism_version
   notify:
     - Remove Optimism Build Directory
@@ -186,7 +186,7 @@
     mode: "u+rw"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-  when: l2gethdata.stat.exists == False
+  when: not l2gethdata.stat.exists
 
 - name: Generate empty password file
   ansible.builtin.file:
@@ -216,7 +216,7 @@
       - "init"
       - "/tmp/genesis.json"
     chdir: "{{ optimism_base }}/optimism-v{{ optimism_version }}/l2geth/build/bin"
-  when: l2gethdata.stat.exists == False
+  when: not l2gethdata.stat.exists
 
 - name: Import Optimism geth account
   become: True

roles/setup_install_prometheus/tasks/prometheus-tasks.yaml

@@ -2,32 +2,31 @@
 # Reworked tasks for Prometheus setup
 
 - name: Fetch the latest version of Prometheus
-  ansible.builtin.shell:
-    cmd: |
-      set -o pipefail
-      wget $(curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest | grep "tag_name" | awk '{print "https://github.com/prometheus/prometheus/releases/download/" substr($2, 2, length($2)-3) "/prometheus-" substr($2, 3, length($2)-4) ".linux-amd64.tar.gz"}')
-      tar xvf prometheus-*.tar.gz
+  ansible.builtin.get_url:
+    url: "{{ prometheus_download_url }}"
+    dest: "/tmp/prometheus.tar.gz"
+  vars:
+    prometheus_download_url: "{{ lookup('url', 'https://api.github.com/repos/prometheus/prometheus/releases/latest', wantlist=True) | json_query('[0].assets[?content_type==`application/gzip`].browser_download_url') | first }}"
+  register: download_result
+  until: download_result is succeeded
+  retries: 3
+  delay: 5
 
+- name: Extract Prometheus package
+  ansible.builtin.unarchive:
+    src: "/tmp/prometheus.tar.gz"
+    dest: "/tmp"
+    remote_src: yes
+    creates: "/usr/local/bin/prometheus"
+
 - name: Move Prometheus binaries to the desired location
-  ansible.builtin.shell:
-    cmd: |
-      mv ./prometheus-*.linux-amd64/prometheus /usr/local/bin/
-      mv ./prometheus-*.linux-amd64/promtool /usr/local/bin/
-      cp -r ./prometheus-*.linux-amd64/consoles /etc/prometheus
-      cp -r ./prometheus-*.linux-amd64/console_libraries /etc/prometheus
+  ansible.builtin.command:
+    cmd: "mv /tmp/prometheus-{{ prometheus_version }}/prometheus* /usr/local/bin/"
+    creates: "/usr/local/bin/prometheus"
+  vars:
+    prometheus_version: "{{ lookup('url', 'https://api.github.com/repos/prometheus/prometheus/releases/latest', wantlist=True) | json_query('[0].tag_name') }}"
 
-- name: Ensure Prometheus group exists
-  ansible.builtin.group:
-    name: prometheus
-    state: present
-
-- name: Ensure Prometheus user exists and is a member of the Prometheus group
-  ansible.builtin.user:
-    name: prometheus
-    state: present
-    group: prometheus
-
-- name: Create necessary Prometheus directories
+- name: Ensure Prometheus directories exist
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
@@ -37,22 +36,25 @@
   loop:
     - /etc/prometheus/
     - /var/lib/prometheus/
+    - /usr/local/bin/
 
-- name: Clean up downloaded Prometheus packages
-  ansible.builtin.shell:
-    cmd: rm -rf ./prometheus*
+- name: Remove downloaded Prometheus package
+  ansible.builtin.file:
+    path: "/tmp/prometheus.tar.gz"
+    state: absent
 
 - name: Deploy Prometheus configuration
   ansible.builtin.copy:
     src: files/prometheus.yml
     dest: /etc/prometheus/prometheus.yml
     owner: prometheus
     group: prometheus
-    mode: "0755"
+    mode: "0644"
 
 - name: Validate Prometheus configuration
-  ansible.builtin.shell:
-    cmd: promtool check config /etc/prometheus/prometheus.yml
+  ansible.builtin.command:
+    cmd: "promtool check config /etc/prometheus/prometheus.yml"
+    creates: "/etc/prometheus/prometheus.yml.valid"
 
 - name: Manage Prometheus service
   block:

roles/setup_install_wireguard/meta/main.yaml

@@ -22,4 +22,4 @@ galaxy_info:
     - linux
     - vpn
     - wireguard
-  dependencies: []
+  dependencies:

roles/setup_install_wireguard/tasks/main.yaml

@@ -1,6 +1,5 @@
 ---
 # tasks/main.yaml for WireGuard
-
 - name: Check if necessary files exist
   ansible.builtin.stat:
     path: "{{ item }}"
@@ -9,37 +8,31 @@
     - /etc/wireguard/private.key
   register: file_status
 
-- name: Set Umask for session
-  ansible.builtin.shell:
-    cmd: "umask 077"
-  changed_when: False
-
 - name: Generate the VPN private key (admin)
-  ansible.builtin.shell:
-    cmd: wg genkey
+  ansible.builtin.command:
+    cmd: wg genkey > /etc/wireguard/private.key
+    creates: /etc/wireguard/private.key
+  args:
     creates: /etc/wireguard/private.key
-  register: WG_PRIVATE_KEY
-  when: file_status.results[0].stat.exists == False
+  when: not file_status.results[0].stat.exists
 
-- name: Generate the VPN public keys (admin)
+- name: Generate the VPN public key (admin)
   ansible.builtin.shell:
-    cmd: wg pubkey
-    args:
-      stdin: "{{ WG_PRIVATE_KEY.stdout }}"
+    cmd: cat /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key
     creates: /etc/wireguard/public.key
-  when: file_status.results[0].stat.exists == False
+  when: not file_status.results[1].stat.exists
 
-- name: Register the VPN public keys (admin)
+- name: Register the VPN public key (admin)
   ansible.builtin.set_fact:
     WG_PUB_KEY: "{{ lookup('file', '/etc/wireguard/public.key') }}"
-  when: file_status.results[0].stat.exists == False
+  when: not file_status.results[1].stat.exists
 
 - name: Configure wireguard files
   ansible.builtin.template:
     src: wg0.conf.j2
     dest: /etc/wireguard/wg0.conf
     mode: "0755"
-  when: file_status.results[0].stat.exists == False
+  when: not file_status.results[0].stat.exists
   notify:
     - Restart wireguard
 
@@ -62,6 +55,6 @@
     name: wg-quick@wg0
     enabled: True
     masked: False
-  when: file_status.results[0].stat.exists == False
+  when: not file_status.results[0].stat.exists
   notify:
     - Start wireguard

roles/setup_networking_routeros/tasks/main.yaml

@@ -43,12 +43,12 @@
   community.routeros.command:
     commands: "{{ item.port_forward | generate_rule('nat', ansible_host) }}"
   loop: "{{ port_forwards_exist_check.results }}"
-  when: item.ansible_facts.port_forward_exists == False
+  when: not item.ansible_facts.port_forward_exists
   delegate_to: "{{ routeros_delegate_host }}"
 
 - name: Configure firewall filter rules on RouterOS for each LXC node
   community.routeros.command:
     commands: "{{ item.port_forward | generate_rule('filter') }}"
   loop: "{{ filter_exist_check.results }}"
-  when: item.ansible_facts.filter_exists == False
+  when: not item.ansible_facts.filter_exists
   delegate_to: "{{ routeros_delegate_host }}"