From c86cc0ff2d54d5906bc6fede0114a895d16d01e2 Mon Sep 17 00:00:00 2001
From: Louis Abel <tucklesepk@gmail.com>
Date: Fri, 21 Apr 2023 18:28:46 -0700
Subject: [PATCH] fix FQCN and other linting

---
 files/home/ansible/.inputrc      |  2 ++
 files/root/9-tmux.conf           | 26 ++++++++++++++++++++++++++
 handlers/main.yml                |  6 +++---
 init-rocky-system-config.yml     | 19 ++++++++++---------
 tasks/authentication.yml         | 12 ++++++------
 tasks/grub.yml                   |  2 +-
 tasks/harden.yml                 |  4 ++--
 tasks/skel.yml                   | 20 ++++++++++++++++++++
 tasks/ssh_config.yml             |  6 +++---
 tasks/variable_loader_common.yml | 10 ++++++----
 10 files changed, 79 insertions(+), 28 deletions(-)
 create mode 100644 files/home/ansible/.inputrc
 create mode 100644 files/root/9-tmux.conf
 create mode 100644 tasks/skel.yml

diff --git a/files/home/ansible/.inputrc b/files/home/ansible/.inputrc
new file mode 100644
index 0000000..cf09227
--- /dev/null
+++ b/files/home/ansible/.inputrc
@@ -0,0 +1,2 @@
+set editing-mode vi
+set show-mode-in-prompt on
diff --git a/files/root/9-tmux.conf b/files/root/9-tmux.conf
new file mode 100644
index 0000000..c9599cc
--- /dev/null
+++ b/files/root/9-tmux.conf
@@ -0,0 +1,26 @@
+set -g set-titles on
+set -g set-titles-string "#I) #W"
+# default statusbar colors
+set -g status-style fg=white,bg=colour160
+# default window title colors
+set-window-option -g window-status-style bg=colour160,fg=white,default
+# active window title colors
+set-window-option -g window-status-current-style bg=default,fg=white,bright
+# pane border
+set -g pane-border-style fg=colour160
+set -g pane-active-border-style fg=white,bg=default
+setw -g aggressive-resize on
+# command/message line colors
+set -g message-style fg=white,bg=colour160,bright
+
+#original set -g status-left "#[fg=white,bg=colour160,bright]#H #[default,fg=white,bg=colour160]|#[default]"
+set -g status-left "#[fg=white,bg=colour160,bright]root@#h #[default,fg=white,bg=colour160]#[default]"
+set -g status-left-length 12
+set -g status-right "#[default,fg=white,bg=colour160]|#[fg=white,bg=colour160,bright]%a %m.%d %H:%M#[default]|#(cat /etc/redhat-release)#[default]"
+set -g status-right-length 90
+set -g status-keys vi
+set -g default-terminal "tmux-256color"
+setw -g mode-keys vi
+set -g allow-rename off
+
+set-option -g update-environment 'DBUS_SESSION_BUS_ADDRESS'
diff --git a/handlers/main.yml b/handlers/main.yml
index 40c45df..7a099c2 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -26,7 +26,7 @@
     state: reloaded
 
 - name: regenerate_auditd_rules
-  command: /sbin/augenrules
+  ansible.builtin.command: /sbin/augenrules
 
 - name: reload_chrony
   ansible.builtin.systemd:
@@ -35,7 +35,7 @@
   listen: "chrony service restart"
 
 - name: restart_gitlab
-  command: gitlab-ctl reconfigure
+  ansible.builtin.command: gitlab-ctl reconfigure
   register: gitlab_restart
   failed_when: gitlab_restart_handler_failed_when | bool
 
@@ -45,7 +45,7 @@
     state: restarted
 
 - name: rehash_postfix_sasl
-  command: "postmap /etc/postfix/sasl_passwd"
+  ansible.builtin.command: "postmap /etc/postfix/sasl_passwd"
 
 - name: restart_postfix
   ansible.builtin.service:
diff --git a/init-rocky-system-config.yml b/init-rocky-system-config.yml
index e537b7b..04767c1 100644
--- a/init-rocky-system-config.yml
+++ b/init-rocky-system-config.yml
@@ -9,11 +9,12 @@
 
   # This is to try to avoid the handler issue in pre/post tasks
   handlers:
-    - import_tasks: handlers/main.yml
+    - name: Import handleers
+      ansible.builtin.import_tasks: handlers/main.yml
 
   pre_tasks:
     - name: Check if ansible cannot be run here
-      stat:
+      ansible.builtin.stat:
         path: /etc/no-ansible
       register: no_ansible
 
@@ -26,25 +27,25 @@
 
   tasks:
     - name: Loading Variables from OS Common
-      import_tasks: tasks/variable_loader_common.yml
+      ansible.builtin.import_tasks: tasks/variable_loader_common.yml
 
     - name: Configure SSH
-      import_tasks: tasks/ssh_config.yml
+      ansible.builtin.import_tasks: tasks/ssh_config.yml
 
     - name: Configure harden settings
-      import_tasks: tasks/harden.yml
+      ansible.builtin.import_tasks: tasks/harden.yml
 
     - name: Configure PAM
-      import_tasks: tasks/authentication.yml
+      ansible.builtin.import_tasks: tasks/authentication.yml
 
     - name: Configure auditd
-      import_tasks: tasks/auditd.yml
+      ansible.builtin.import_tasks: tasks/auditd.yml
 
     - name: Configure grub
-      import_tasks: tasks/grub.yml
+      ansible.builtin.import_tasks: tasks/grub.yml
 
     - name: Configure common scripts
-      import_tasks: tasks/scripts.yml
+      ansible.builtin.import_tasks: tasks/scripts.yml
 
   post_tasks:
     - name: Touching run file that ansible has ran here
diff --git a/tasks/authentication.yml b/tasks/authentication.yml
index 739afb5..9a3b4c5 100644
--- a/tasks/authentication.yml
+++ b/tasks/authentication.yml
@@ -2,6 +2,9 @@
 # Configures PAM and SSSD post-ipa client installation. It is recommended that
 # that we use a custom authselect profile and build it out from there.
 - name: Enterprise Linux 8+ PAM Configuration
+  when:
+    - ansible_facts['os_family'] == 'RedHat'
+    - ansible_facts['distribution_major_version']|int >= 8
   block:
     - name: Ensure Custom Profile is removed
       ansible.builtin.file:
@@ -9,7 +12,7 @@
         state: absent
 
     - name: Create custom authselect profile based on sssd
-      command: >
+      ansible.builtin.command: >
         /usr/bin/authselect create-profile sssd-rocky
         --base-on sssd
         --symlink-dconf
@@ -31,7 +34,7 @@
         - /etc/authselect/custom/sssd-rocky/password-auth
 
     - name: Select New Profile
-      command: >
+      ansible.builtin.command: >
         /usr/bin/authselect select custom/sssd-rocky
         without-nullok
         with-faillock
@@ -41,7 +44,7 @@
       changed_when: false
 
     - name: Apply new settings
-      command: /usr/bin/authselect apply-changes
+      ansible.builtin.command: /usr/bin/authselect apply-changes
       changed_when: false
 
     - name: Enable oddjobd
@@ -49,7 +52,4 @@
         name: oddjobd
         state: started
         enabled: true
-  when:
-    - ansible_facts['os_family'] == 'RedHat'
-    - ansible_facts['distribution_major_version']|int >= 8
 ...
diff --git a/tasks/grub.yml b/tasks/grub.yml
index b06e7f1..9b6b52a 100644
--- a/tasks/grub.yml
+++ b/tasks/grub.yml
@@ -1,5 +1,5 @@
 ---
 - name: Add kernel boot options to all kernels and default config
-  command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"
+  ansible.builtin.command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"
   changed_when: "1 != 1"
 ...
diff --git a/tasks/harden.yml b/tasks/harden.yml
index 63a7b64..f9a2766 100644
--- a/tasks/harden.yml
+++ b/tasks/harden.yml
@@ -8,7 +8,7 @@
       when: sysctl_overwrite | default()
 
     - name: Kernel parameters
-      sysctl:
+      ansible.posix.sysctl:
         name: "{{ item.key }}"
         value: "{{ item.value }}"
         state: present
@@ -21,7 +21,7 @@
         - kernel
 
     - name: Security limits
-      pam_limits:
+      community.general.pam_limits:
         dest: "/etc/security/limits.d/cis.conf"
         domain: "{{ item.domain }}"
         limit_type: "{{ item.limit_type }}"
diff --git a/tasks/skel.yml b/tasks/skel.yml
new file mode 100644
index 0000000..fb3129e
--- /dev/null
+++ b/tasks/skel.yml
@@ -0,0 +1,20 @@
+---
+# Common skel items Rocky uses
+- name: SKEL - root profile
+  ansible.builtin.copy:
+    src: "root/{{ item }}"
+    dest: "/root/.tmux.conf"
+    owner: root
+    group: root
+  with_items:
+    - "{{ ansible_distribution_major_version }}-tmux.conf"
+
+- name: SKEL - ansible profile
+  ansible.builtin.copy:
+    src: "home/ansible/{{ item }}"
+    dest: "/home/ansible/{{ item }}"
+    owner: ansible
+    group: ansible
+  with_items:
+    - ".inputrc"
+...
diff --git a/tasks/ssh_config.yml b/tasks/ssh_config.yml
index 9a69a8a..092fe11 100644
--- a/tasks/ssh_config.yml
+++ b/tasks/ssh_config.yml
@@ -62,19 +62,19 @@
         #  notify: restart_sshd
 
         - name: Custom Modular Configuration
-          template:
+          ansible.builtin.template:
             src: "etc/ssh/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-60-infra.conf.j2"
             dest: "/etc/ssh/sshd_config.d/60-infra.conf"
             owner: root
             group: root
             mode: '0600'
             validate: /usr/sbin/sshd -t -f %s
-            backup: yes
+            backup: true
           notify: restart_sshd
 
   rescue:
     - name: Print errors for configuration and validation
-      debug:
+      ansible.builtin.debug:
         msg: "Error in SSH daemon configuration or template"
 
 - name: SSH banner
diff --git a/tasks/variable_loader_common.yml b/tasks/variable_loader_common.yml
index ab182af..a6d4fe8 100644
--- a/tasks/variable_loader_common.yml
+++ b/tasks/variable_loader_common.yml
@@ -2,21 +2,23 @@
 - name: Standard System Configuration Variables
   block:
     - name: Loading Variables from OS Common
-      include_vars: "{{ item }}"
+      ansible.builtin.include_vars: "{{ item }}"
       with_items:
         - "{{ ansible_distribution }}.yml"
 
     - name: Create overrides if we're an IPA Replica
-      include_vars: "{{ item }}"
+      ansible.builtin.include_vars: "{{ item }}"
       with_first_found:
         - "ipaserver.yml"
       when: "'ipaserver' in group_names"
 
     - name: Check if system is EFI
-      stat:
+      ansible.builtin.stat:
         path: "/sys/firmware/efi"
       register: efi_installed
 
   always:
-    - debug: msg="Variables are now loaded"
+    - name: Notify of load
+      ansible.builtin.debug:
+        msg: "Variables are now loaded"
 ...