Ansible improvements

.devcontainer/ansible-galaxy-requirements.yml

@@ -1,4 +1,4 @@
 ---
 roles:
   - name: nickjj.docker
-  - name: weareinteractive.apt
+  - name: weareinteractive.apt

.devcontainer/devcontainer.json

@@ -3,9 +3,19 @@
   "image": "mcr.microsoft.com/devcontainers/python:3.13-bookworm",
   "features": {
     "ghcr.io/devcontainers-extra/features/ansible:2": {},
-    "ghcr.io/devcontainers/features/docker-in-docker:1": {},
-    "ghcr.io/devcontainers-contrib/features/neovim-homebrew:1": {}
+    "ghcr.io/devcontainers-contrib/features/neovim-homebrew:1": {},
+    "ghcr.io/prulloac/devcontainer-features/pre-commit:1": {},
+    "ghcr.io/jsburckhardt/devcontainer-features/gitleaks:1": {}
   },
-  "postCreateCommand": "ansible-galaxy install -r ./.devcontainer/ansible-galaxy-requirements.yml",
-  "postStartCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}"
+  "postCreateCommand": "ansible-galaxy install -r ./.devcontainer/ansible-galaxy-requirements.yml --roles-path ~/.ansible/roles",
+  "postStartCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
+  "customizations": {
+    "vscode": {
+      "extensions": ["esbenp.prettier-vscode"],
+      "settings": {
+        "editor.formatOnSave": true,
+        "editor.defaultFormatter": "esbenp.prettier-vscode"
+      }
+    }
+  }
 }

.github/workflows/secret-scanning.yml

@@ -0,0 +1,14 @@
+name: Secret Scan on Push, Pull request
+
+on: [push, pull_request]
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        # Only scan working tree
+        with:
+          args: "--no-git -v"

.gitignore

@@ -0,0 +1 @@
+**/*gitleaks*

.pre-commit-config.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.25.1
+    hooks:
+      - id: gitleaks

.prettierrc

@@ -0,0 +1,6 @@
+{
+  "tabWidth": 2,
+  "useTabs": false,
+  "semi": true,
+  "singleQuote": false
+}

ansible.cfg

@@ -0,0 +1,8 @@
+[defaults]
+inventory = ./inventory/hosts
+
+# Specify roles-folders - local and where `ansible-galaxy install` installed to
+roles_path = ./roles:/home/vscode/.ansible/roles
+
+# Always ask for vault-password
+ask_vault_pass = true

inventory/group_vars/all/vars.yaml

@@ -0,0 +1,3 @@
+CIFS_HETZNER_NEXTCLOUD_DATA_DEVICE: "{{ vault_CIFS_HETZNER_NEXTCLOUD_DATA_DEVICE }}"
+CIFS_HETZNER_NEXTCLOUD_DATA_USERNAME: "{{ vault_CIFS_HETZNER_NEXTCLOUD_DATA_USERNAME }}"
+CIFS_HETZNER_NEXTCLOUD_DATA_PASSWORD: "{{ vault_CIFS_HETZNER_NEXTCLOUD_DATA_PASSWORD }}"

inventory/group_vars/all/vault.yaml

@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+34636536363536653936396438313562353561633832376531636339333434366561616237336238
+3139343265323638626438386462333239343137343231660a633539623730333731346366333233
+61643566383862363836633533376364633833343733353165323464626361383266636433613661
+3861353230633536310a613965656265643364323864323231383830656333323934656334336236
+30333637626465333034376563346434323332666430613734363435393535666138633331616437
+35343564383130623233343462643630333030373937303164303136646565383631616336666434
+39393030383764666138643061336437336539323038303537396131316163383137643565626362
+39653366303230663139633433336131333462653135636134663538363538636463346130653666
+35356234666461343266323432666638326135306663633331353035383863386435316330613338
+61616163376161373335393536376233653634663231373736303463313662343762393431393236
+65663737626365633665613166623931303238653264656263303031383063323765633261633163
+64336165333363666135666562643736313832393938393937376535336236316236386466613235
+34333830373861666337396462393563636438636435323262376334393361303831633563333035
+3036326635613832343865396332373364326537313362363838

hosts → inventory/hosts

@@ -1,5 +1,3 @@
-# https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
-
 [forum]
 forum.makerspace-gt.de
 # discourse-mksp.4830.org