Merge pull request #630 from cschug/fix_yamllint

style: fix remaining yamllint rule violations

.github/FUNDING.yml

@@ -1,3 +1,4 @@
+---
 # These are supported funding model platforms
 
 patreon: christianlempa

actions/github/kubectl/kubernetes-deploy.yml

@@ -1,6 +1,7 @@
+---
 name: Kubernetes Deploy
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - main

actions/github/scp-action/copy-config-files.yml

@@ -1,6 +1,7 @@
+---
 name: copy config files to remote machine
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - main

actions/github/ssh-action/restart-docker.yml

@@ -1,6 +1,7 @@
+---
 name: Update Docker Compose File
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - main

ansible/ubuntu/maint-diskspace.yaml

@@ -13,13 +13,13 @@
       check_mode: false
       register: disk_usage
 
-    # - name: Send discord message when disk space is over 80%
-    #   uri:
-    #     url: "your-webhook"
-    #     method: POST
-    #     body_format: json
-    #     body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
-    #     headers:
-    #       Content-Type: application/json
-    #     status_code: 204
-    #   when: disk_usage.stdout[:-1]|int > 80
+#   - name: Send discord message when disk space is over 80%
+#     uri:
+#       url: "your-webhook"
+#       method: POST
+#       body_format: json
+#       body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
+#       headers:
+#         Content-Type: application/json
+#       status_code: 204
+#     when: disk_usage.stdout[:-1]|int > 80

docker-compose/gitea/compose.yaml

@@ -36,11 +36,11 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     ports:
-    # --> (Optional) Remove when using traefik...
+      # --> (Optional) Remove when using traefik...
       - "3000:3000"
-    # <--
+      # <--
       - "2221:22"  # <-- (Optional) Replace with your desired SSH port
-    # --> (Optional) When using internal database...
+      # --> (Optional) When using internal database...
     # depends_on:
     #   - db
     # <--
@@ -56,28 +56,28 @@ services:
     # <--
     restart: unless-stopped
 
-  # --> When using internal database
-  # db:
-  #   image: postgres:14
-  #   container_name: gitea-db
-  #   environment:
-  #     - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER not set}
-  #     - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set}
-  #     - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB not set}
-  #   networks:
-  #     - backend
-  #   volumes:
-  #     - gitea-db:/var/lib/postgresql/data
-  #   restart: unless-stopped
-  # <--
+# --> When using internal database
+# db:
+#   image: postgres:14
+#   container_name: gitea-db
+#   environment:
+#     - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER not set}
+#     - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set}
+#     - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB not set}
+#   networks:
+#     - backend
+#   volumes:
+#     - gitea-db:/var/lib/postgresql/data
+#   restart: unless-stopped
+# <--
 
 volumes:
   gitea-data:
     driver: local
-  # --> When using internal database
-  # gitea-db:
-  #   driver: local
-  # <--
+# --> When using internal database
+# gitea-db:
+#   driver: local
+# <--
 
 # --> (Optional) When using traefik...
 # networks:

docker-compose/gitlab/compose.yaml

@@ -14,10 +14,10 @@ services:
       - ./logs:/var/log/gitlab
       - gitlab-data:/var/opt/gitlab
     ports:
-    # --> (Optional) Remove when using traefik...
+      # --> (Optional) Remove when using traefik...
       - "80:80"
       - "443:443"
-    # <--
+      # <--
       - '2424:22'
     # --> (Optional) When using traefik...
     # labels:

docker-compose/homepage/compose.yaml

@@ -17,17 +17,17 @@ services:
       - ./images:/app/images  # for custom background images
       - ./icons:/app/icons  # for custom icons
     restart: unless-stopped
-  # (Optional) For secure docker socket integration
-  # dockerproxy:
-  #   image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0
-  #   container_name: homepage-demo-1-dockerproxy
-  #   environment:
-  #     - CONTAINERS=1 # Allow access to viewing containers
-  #     - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
-  #     - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
-  #     - POST=0 # Disallow any POST operations (effectively read-only)
-  #   ports:
-  #     - 127.0.0.1:2375:2375
-  #   volumes:
-  #     - /run/docker.sock:/run/docker.sock:ro # Mounted as read-only
-  #   restart: unless-stopped
+#   (Optional) For secure docker socket integration
+#   dockerproxy:
+#     image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0
+#     container_name: homepage-demo-1-dockerproxy
+#     environment:
+#       - CONTAINERS=1 # Allow access to viewing containers
+#       - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
+#       - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
+#       - POST=0 # Disallow any POST operations (effectively read-only)
+#     ports:
+#       - 127.0.0.1:2375:2375
+#     volumes:
+#       - /run/docker.sock:/run/docker.sock:ro # Mounted as read-only
+#     restart: unless-stopped

docker-compose/homer/assets/example.config.yml

@@ -8,7 +8,7 @@ logo: "logo.png"
 # icon: "fas fa-skull-crossbones" # Optional icon
 
 header: true
-footer: '<p>Created with <span class="has-text-danger">❤</span> with <a href="https://bulma.io/">bulma</a>, <a href="https://vuejs.org/">vuejs</a> & <a href="https://fontawesome.com/">font awesome</a> // Fork me on <a href="https://github.com/bastienwirtz/homer"><i class="fab fa-github-alt"></i></a></p>' # set false if you want to hide it.
+footer: false
 
 # Optional theme customization
 theme: default
@@ -40,8 +40,8 @@ colors:
 
 # Optional message
 message:
-  #url: https://b4bz.io
-  style: "is-dark" # See https://bulma.io/documentation/components/message/#colors for styling options.
+  # url: https://b4bz.io
+  style: "is-dark"  # See https://bulma.io/documentation/components/message/#colors for styling options.
   title: "Demo !"
   icon: "fa fa-grin"
   content: "This is a dummy homepage demo. <br /> Find more information on <a href='https://github.com/bastienwirtz/homer'>github.com/bastienwirtz/homer</a>"
@@ -52,7 +52,7 @@ links:
   - name: "Contribute"
     icon: "fab fa-github"
     url: "https://github.com/bastienwirtz/homer"
-    target: "_blank" # optional html a tag target attribute
+    target: "_blank"  # optional html a tag target attribute
   - name: "Wiki"
     icon: "fas fa-book"
     url: "https://www.wikipedia.org/"
@@ -74,7 +74,7 @@ services:
         subtitle: "Bookmark example"
         tag: "app"
         url: "https://www.reddit.com/r/selfhosted/"
-        target: "_blank" # optional html a tag target attribute
+        target: "_blank"  # optional html a tag target attribute
       - name: "Another one"
         logo: "assets/tools/sample2.png"
         subtitle: "Another application"

docker-compose/prometheus/config/prometheus.yaml

@@ -17,12 +17,12 @@ scrape_configs:
     static_configs:
       - targets: ['localhost:9090']
 
-  # Example job for node_exporter
-  # - job_name: 'node_exporter'
-  #   static_configs:
-  #     - targets: ['node_exporter:9100']
+# Example job for node_exporter
+# - job_name: 'node_exporter'
+#   static_configs:
+#     - targets: ['node_exporter:9100']
 
-  # Example job for cadvisor
-  # - job_name: 'cadvisor'
-  #   static_configs:
-  #     - targets: ['cadvisor:8080']
+# Example job for cadvisor
+# - job_name: 'cadvisor'
+#   static_configs:
+#     - targets: ['cadvisor:8080']

docker-compose/teleport/compose.yaml

@@ -18,17 +18,17 @@ services:
       - ./data:/var/lib/teleport
     # -- (Optional) Traefik example configuration
     # labels:
-      # - "traefik.enable=true"
-      # - "traefik.http.services.teleport.loadbalancer.server.port=3080"
-      # - "traefik.http.services.teleport.loadbalancer.server.scheme=https"
-      # - "traefik.http.routers.teleport-http.entrypoints=web"
-      # - "traefik.http.routers.teleport-http.rule=HostRegexp(`^(?i)(?:[[:alnum:]]+(?:-+[[:alnum:]]+)*\\.)?your-server-url(?::\\d+)?$`)"
-      # - "traefik.http.routers.teleport-https.entrypoints=websecure"
-      # - "traefik.http.routers.teleport-https.rule=HostRegexp(`^(?i)(?:[[:alnum:]]+(?:-+[[:alnum:]]+)*\\.)?your-server-url(?::\\d+)?$`)"
-      # - "traefik.http.routers.teleport-https.tls=true"
-      # - "traefik.http.routers.teleport-https.tls.certresolver=your-certresolver"
-      # - "traefik.http.routers.teleport-https.tls.domains[0].main=your-server-url"
-      # - "traefik.http.routers.teleport-https.tls.domains[0].sans=*.your-server-url"
+    #   - "traefik.enable=true"
+    #   - "traefik.http.services.teleport.loadbalancer.server.port=3080"
+    #   - "traefik.http.services.teleport.loadbalancer.server.scheme=https"
+    #   - "traefik.http.routers.teleport-http.entrypoints=web"
+    #   - "traefik.http.routers.teleport-http.rule=HostRegexp(`^(?i)(?:[[:alnum:]]+(?:-+[[:alnum:]]+)*\\.)?your-server-url(?::\\d+)?$`)"
+    #   - "traefik.http.routers.teleport-https.entrypoints=websecure"
+    #   - "traefik.http.routers.teleport-https.rule=HostRegexp(`^(?i)(?:[[:alnum:]]+(?:-+[[:alnum:]]+)*\\.)?your-server-url(?::\\d+)?$`)"
+    #   - "traefik.http.routers.teleport-https.tls=true"
+    #   - "traefik.http.routers.teleport-https.tls.certresolver=your-certresolver"
+    #   - "traefik.http.routers.teleport-https.tls.domains[0].main=your-server-url"
+    #   - "traefik.http.routers.teleport-https.tls.domains[0].sans=*.your-server-url"
     # networks:
     #   - your-traefik-network
     restart: unless-stopped

docker-compose/traefik/config/traefik.yaml

@@ -54,7 +54,9 @@ certificatesResolvers:
 providers:
   docker:
     exposedByDefault: false  # <-- (Optional) Change this to true if you want to expose all services
-    network: frontend # <-- Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks. E.g. Database container in a seperate network and a container in the frontend and database network.
+    # Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks.
+    # E.g. Database container in a separate network and a container in the frontend and database network.
+    network: frontend
   file:
     directory: /etc/traefik
     watch: true

docker-compose/wazuh/compose.yaml

@@ -130,19 +130,19 @@ services:
       - wazuh.indexer
     restart: unless-stopped
 
-  # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required
-  # postfix:
-  #   image: docker.io/mwader/postfix-relay:1.1.39
-  #   environment:
-  #     - POSTFIX_myhostname=postfix
-  #   volumes:
-  #     - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro
-  #     - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw  # <-- (Optional) Remove when using inline credentials
-  #     - postfix_data:/etc/postfix
-  #   networks:
-  #     - backend
-  #   restart: unless-stopped
-  # <--
+# --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required
+# postfix:
+#   image: docker.io/mwader/postfix-relay:1.1.39
+#   environment:
+#     - POSTFIX_myhostname=postfix
+#   volumes:
+#     - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro
+#     - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw  # <-- (Optional) Remove when using inline credentials
+#     - postfix_data:/etc/postfix
+#   networks:
+#     - backend
+#   restart: unless-stopped
+# <--
 
 volumes:
   wazuh_api_configuration:

docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,12 +1,17 @@
+---
 server.host: 0.0.0.0
 server.port: 5601
 opensearch.hosts: https://wazuh.indexer:9200
 opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch.requestHeadersWhitelist:
+  - "securitytenant"
+  - "Authorization"
 opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+opensearch_security.readonly_mode.roles:
+  - "kibana_read_only"
 server.ssl.enabled: true
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+opensearch.ssl.certificateAuthorities:
+  - "/usr/share/wazuh-dashboard/certs/root-ca.pem"
 uiSettings.overrides.defaultRoute: /app/wz-home

docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml

@@ -1,3 +1,4 @@
+---
 hosts:
   - 1513629884013:
       url: "https://wazuh.manager"

docker-compose/wazuh/config/wazuh_indexer/internal_users.yml

@@ -14,7 +14,7 @@ admin:
   hash: "$2y$12$y85PV5Ob2lqeR30Rcm/F9..8JMgLT5ALZGMtzTo7c.p1vPpR394ki"
   reserved: true
   backend_roles:
-  - "admin"
+    - admin
   description: "Demo admin user"
 
 kibanaserver:
@@ -26,8 +26,8 @@ kibanaro:
   hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
   reserved: false
   backend_roles:
-  - "kibanauser"
-  - "readall"
+    - kibanauser
+    - readall
   attributes:
     attribute1: "value1"
     attribute2: "value2"
@@ -38,19 +38,19 @@ logstash:
   hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
   reserved: false
   backend_roles:
-  - "logstash"
+    - logstash
   description: "Demo logstash user"
 
 readall:
   hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
   reserved: false
   backend_roles:
-  - "readall"
+    - readall
   description: "Demo readall user"
 
 snapshotrestore:
   hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
   reserved: false
   backend_roles:
-  - "snapshotrestore"
+    - snapshotrestore
   description: "Demo snapshotrestore user"

docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml

@@ -1,3 +1,4 @@
+---
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
 path.data: /var/lib/wazuh-indexer
@@ -16,15 +17,27 @@ plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+  - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
-- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+  - "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
+  - "all_access"
+  - "security_rest_api_access"
 plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.system_indices.indices:
+  - ".opendistro-alerting-config"
+  - ".opendistro-alerting-alert*"
+  - ".opendistro-anomaly-results*"
+  - ".opendistro-anomaly-detector*"
+  - ".opendistro-anomaly-checkpoints"
+  - ".opendistro-anomaly-detection-state"
+  - ".opendistro-reports-*"
+  - ".opendistro-notifications-*"
+  - ".opendistro-notebooks"
+  - ".opensearch-observability"
+  - ".opendistro-asynchronous-search-response*"
+  - ".replication-metadata-store"
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false

kestra/ansible/ansible-playbook-git.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra ansible-playbook Template
 # ---
 #

kestra/ansible/ansible-playbook-inline.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra ansible-playbook Template
 # ---
 #

kestra/docker/docker-build-git.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra Docker Git Build Template
 # ---
 #

kestra/docker/docker-build-inline.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra Docker File Build Template
 # ---
 #

kestra/python/python_command.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra Python Command Template
 # ---
 #
@@ -16,4 +17,3 @@ tasks:
       - python /app/scripts/your-python-script.py
     taskRunner:
       type: io.kestra.plugin.core.runner.Process
-      

kestra/python/python_script.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra Python Command Template
 # ---
 #

kestra/variables.yaml

@@ -6,7 +6,7 @@
 #
 
 id: variables  # <- Replace with your task id...
-namespace:  your-namespace  # <- Replace with your namespace...
+namespace: your-namespace  # <- Replace with your namespace...
 
 variables:
   variable-name: "variable-value"  # <- Replace with your variable name and value...

kestra/webhook.yaml

@@ -6,7 +6,7 @@
 #
 # usage:
 #   curl http://your-kestra-instance/api/v1/executions/webhook/your-namespace/your-task-id/your-secret-key
-# 
+#
 
 id: webhook  # <- Replace with your task id...
 namespace: your-namespace  # <- Replace with your namespace...

kubernetes/cert-manager/clusterissuer.yaml

@@ -14,4 +14,4 @@ spec:
           cloudflare:
             apiTokenSecretRef:
               name: cloudflare-api-token-secret
-              key: api-token        
+              key: api-token

kubernetes/cert-manager/helm-values.yaml

@@ -11,7 +11,7 @@ cainjector:
     repository: quay.io/jetstack/cert-manager-cainjector
     tag: v1.16.2
 
-crds: 
+crds:
   enabled: true
 
 extraArgs:

kubernetes/longhorn/ingressroute.yaml

@@ -14,4 +14,4 @@ spec:
         - name: longhorn-frontend
           port: 80
   tls:
-      secretName: longhorn-certificate-secret
+    secretName: longhorn-certificate-secret

kubernetes/traefik/examples/ingressroute.yaml

@@ -1,19 +1,20 @@
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: your-ingressroute # <-- Replace with your IngressRoute name
+  name: your-ingressroute  # <-- Replace with your IngressRoute name
   namespace: your-namespace  # <-- Replace with your namespace
 spec:
   entryPoints:
-  - web
-  - websecure
+    - web
+    - websecure
   routes:
-  - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
-    kind: Rule
-    services:
-    - name: your-service  # <-- Replace with your service name
-      port: 80
-  # --> (Optional) Add certificate secret
-  # tls:
-  #   secretName: your-certificate-secret
-  # <--
+    - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
+      kind: Rule
+      services:
+        - name: your-service  # <-- Replace with your service name
+          port: 80
+# --> (Optional) Add certificate secret
+# tls:
+#     secretName: your-certificate-secret
+# <--

kubernetes/traefik/examples/ingressroutetcp.yaml

@@ -1,19 +1,20 @@
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
-  name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name
-  namespace: your-namespace  # <-- Replace with your namespace
+  name: your-ingressroutetcp  # <-- Replace with your IngressRouteTCP name
+  namespace: your-namespace   # <-- Replace with your namespace
 spec:
   entryPoints:
-  - web
-  - websecure
+    - web
+    - websecure
   routes:
-  - match: HostSNI(`your-sni`)  # <-- Replace with your SNI
-    priority: 10  # <-- (Optional) change rule priority
-    services:
-    - name: your-service  # <-- Replace with your service name
-      port: 80
-  # --> (Optional) Enable TLS Passthrough
-  # tls:
-  #   passthrough: true
-  # <--
+    - match: HostSNI(`your-sni`)  # <-- Replace with your SNI
+      priority: 10  # <-- (Optional) change rule priority
+      services:
+        - name: your-service  # <-- Replace with your service name
+          port: 80
+# --> (Optional) Enable TLS Passthrough
+# tls:
+#   passthrough: true
+# <--

kubernetes/traefik/helm-values.yaml

@@ -1,3 +1,4 @@
+---
 image:
   repository: traefik
   tag: v3.2.3
@@ -6,7 +7,7 @@ image:
 # --> Change redirect HTTP to HTTPs by default here...
 ports:
   web:
-    redirectTo: 
+    redirectTo:
       port: websecure
 # <--