Merge pull request #630 from cschug/fix_yamllint

style: fix remaining yamllint rule violations

.github/FUNDING.yml

@@ -1,3 +1,4 @@
+---
 # These are supported funding model platforms
 
 patreon: christianlempa

actions/github/kubectl/kubernetes-deploy.yml

@@ -1,6 +1,7 @@
+---
 name: Kubernetes Deploy
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - main

actions/github/scp-action/copy-config-files.yml

@@ -1,6 +1,7 @@
+---
 name: copy config files to remote machine
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - main

actions/github/ssh-action/restart-docker.yml

@@ -1,6 +1,7 @@
+---
 name: Update Docker Compose File
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - main

ansible/ubuntu/maint-diskspace.yaml

@@ -13,13 +13,13 @@
       check_mode: false
       register: disk_usage
 
-    # - name: Send discord message when disk space is over 80%
-    #   uri:
-    #     url: "your-webhook"
-    #     method: POST
-    #     body_format: json
-    #     body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
-    #     headers:
-    #       Content-Type: application/json
-    #     status_code: 204
-    #   when: disk_usage.stdout[:-1]|int > 80
+#   - name: Send discord message when disk space is over 80%
+#     uri:
+#       url: "your-webhook"
+#       method: POST
+#       body_format: json
+#       body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
+#       headers:
+#         Content-Type: application/json
+#       status_code: 204
+#     when: disk_usage.stdout[:-1]|int > 80

docker-compose/gitea/compose.yaml

@@ -56,28 +56,28 @@ services:
     # <--
     restart: unless-stopped
 
-  # --> When using internal database
-  # db:
-  #   image: postgres:14
-  #   container_name: gitea-db
-  #   environment:
-  #     - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER not set}
-  #     - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set}
-  #     - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB not set}
-  #   networks:
-  #     - backend
-  #   volumes:
-  #     - gitea-db:/var/lib/postgresql/data
-  #   restart: unless-stopped
-  # <--
+# --> When using internal database
+# db:
+#   image: postgres:14
+#   container_name: gitea-db
+#   environment:
+#     - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER not set}
+#     - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set}
+#     - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB not set}
+#   networks:
+#     - backend
+#   volumes:
+#     - gitea-db:/var/lib/postgresql/data
+#   restart: unless-stopped
+# <--
 
 volumes:
   gitea-data:
     driver: local
-  # --> When using internal database
-  # gitea-db:
-  #   driver: local
-  # <--
+# --> When using internal database
+# gitea-db:
+#   driver: local
+# <--
 
 # --> (Optional) When using traefik...
 # networks:

docker-compose/homepage/compose.yaml

@@ -17,17 +17,17 @@ services:
       - ./images:/app/images  # for custom background images
       - ./icons:/app/icons  # for custom icons
     restart: unless-stopped
-  # (Optional) For secure docker socket integration
-  # dockerproxy:
-  #   image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0
-  #   container_name: homepage-demo-1-dockerproxy
-  #   environment:
-  #     - CONTAINERS=1 # Allow access to viewing containers
-  #     - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
-  #     - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
-  #     - POST=0 # Disallow any POST operations (effectively read-only)
-  #   ports:
-  #     - 127.0.0.1:2375:2375
-  #   volumes:
-  #     - /run/docker.sock:/run/docker.sock:ro # Mounted as read-only
-  #   restart: unless-stopped
+#   (Optional) For secure docker socket integration
+#   dockerproxy:
+#     image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0
+#     container_name: homepage-demo-1-dockerproxy
+#     environment:
+#       - CONTAINERS=1 # Allow access to viewing containers
+#       - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
+#       - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
+#       - POST=0 # Disallow any POST operations (effectively read-only)
+#     ports:
+#       - 127.0.0.1:2375:2375
+#     volumes:
+#       - /run/docker.sock:/run/docker.sock:ro # Mounted as read-only
+#     restart: unless-stopped

docker-compose/homer/assets/example.config.yml

@@ -8,7 +8,7 @@ logo: "logo.png"
 # icon: "fas fa-skull-crossbones" # Optional icon
 
 header: true
-footer: '<p>Created with <span class="has-text-danger">❤</span> with <a href="https://bulma.io/">bulma</a>, <a href="https://vuejs.org/">vuejs</a> & <a href="https://fontawesome.com/">font awesome</a> // Fork me on <a href="https://github.com/bastienwirtz/homer"><i class="fab fa-github-alt"></i></a></p>' # set false if you want to hide it.
+footer: false
 
 # Optional theme customization
 theme: default
@@ -40,7 +40,7 @@ colors:
 
 # Optional message
 message:
-  #url: https://b4bz.io
+  # url: https://b4bz.io
   style: "is-dark"  # See https://bulma.io/documentation/components/message/#colors for styling options.
   title: "Demo !"
   icon: "fa fa-grin"

docker-compose/prometheus/config/prometheus.yaml

@@ -17,12 +17,12 @@ scrape_configs:
     static_configs:
       - targets: ['localhost:9090']
 
-  # Example job for node_exporter
-  # - job_name: 'node_exporter'
-  #   static_configs:
-  #     - targets: ['node_exporter:9100']
+# Example job for node_exporter
+# - job_name: 'node_exporter'
+#   static_configs:
+#     - targets: ['node_exporter:9100']
 
-  # Example job for cadvisor
-  # - job_name: 'cadvisor'
-  #   static_configs:
-  #     - targets: ['cadvisor:8080']
+# Example job for cadvisor
+# - job_name: 'cadvisor'
+#   static_configs:
+#     - targets: ['cadvisor:8080']

docker-compose/traefik/config/traefik.yaml

@@ -54,7 +54,9 @@ certificatesResolvers:
 providers:
   docker:
     exposedByDefault: false  # <-- (Optional) Change this to true if you want to expose all services
-    network: frontend # <-- Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks. E.g. Database container in a seperate network and a container in the frontend and database network.
+    # Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks.
+    # E.g. Database container in a separate network and a container in the frontend and database network.
+    network: frontend
   file:
     directory: /etc/traefik
     watch: true

docker-compose/wazuh/compose.yaml

@@ -130,19 +130,19 @@ services:
       - wazuh.indexer
     restart: unless-stopped
 
-  # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required
-  # postfix:
-  #   image: docker.io/mwader/postfix-relay:1.1.39
-  #   environment:
-  #     - POSTFIX_myhostname=postfix
-  #   volumes:
-  #     - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro
-  #     - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw  # <-- (Optional) Remove when using inline credentials
-  #     - postfix_data:/etc/postfix
-  #   networks:
-  #     - backend
-  #   restart: unless-stopped
-  # <--
+# --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required
+# postfix:
+#   image: docker.io/mwader/postfix-relay:1.1.39
+#   environment:
+#     - POSTFIX_myhostname=postfix
+#   volumes:
+#     - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro
+#     - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw  # <-- (Optional) Remove when using inline credentials
+#     - postfix_data:/etc/postfix
+#   networks:
+#     - backend
+#   restart: unless-stopped
+# <--
 
 volumes:
   wazuh_api_configuration:

docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,12 +1,17 @@
+---
 server.host: 0.0.0.0
 server.port: 5601
 opensearch.hosts: https://wazuh.indexer:9200
 opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch.requestHeadersWhitelist:
+  - "securitytenant"
+  - "Authorization"
 opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+opensearch_security.readonly_mode.roles:
+  - "kibana_read_only"
 server.ssl.enabled: true
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+opensearch.ssl.certificateAuthorities:
+  - "/usr/share/wazuh-dashboard/certs/root-ca.pem"
 uiSettings.overrides.defaultRoute: /app/wz-home

docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml

@@ -1,3 +1,4 @@
+---
 hosts:
   - 1513629884013:
       url: "https://wazuh.manager"

docker-compose/wazuh/config/wazuh_indexer/internal_users.yml

@@ -14,7 +14,7 @@ admin:
   hash: "$2y$12$y85PV5Ob2lqeR30Rcm/F9..8JMgLT5ALZGMtzTo7c.p1vPpR394ki"
   reserved: true
   backend_roles:
-  - "admin"
+    - admin
   description: "Demo admin user"
 
 kibanaserver:
@@ -26,8 +26,8 @@ kibanaro:
   hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
   reserved: false
   backend_roles:
-  - "kibanauser"
-  - "readall"
+    - kibanauser
+    - readall
   attributes:
     attribute1: "value1"
     attribute2: "value2"
@@ -38,19 +38,19 @@ logstash:
   hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
   reserved: false
   backend_roles:
-  - "logstash"
+    - logstash
   description: "Demo logstash user"
 
 readall:
   hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
   reserved: false
   backend_roles:
-  - "readall"
+    - readall
   description: "Demo readall user"
 
 snapshotrestore:
   hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
   reserved: false
   backend_roles:
-  - "snapshotrestore"
+    - snapshotrestore
   description: "Demo snapshotrestore user"

docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml

@@ -1,3 +1,4 @@
+---
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
 path.data: /var/lib/wazuh-indexer
@@ -16,15 +17,27 @@ plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+  - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
-- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+  - "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
+  - "all_access"
+  - "security_rest_api_access"
 plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.system_indices.indices:
+  - ".opendistro-alerting-config"
+  - ".opendistro-alerting-alert*"
+  - ".opendistro-anomaly-results*"
+  - ".opendistro-anomaly-detector*"
+  - ".opendistro-anomaly-checkpoints"
+  - ".opendistro-anomaly-detection-state"
+  - ".opendistro-reports-*"
+  - ".opendistro-notifications-*"
+  - ".opendistro-notebooks"
+  - ".opensearch-observability"
+  - ".opendistro-asynchronous-search-response*"
+  - ".replication-metadata-store"
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false

kestra/ansible/ansible-playbook-git.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra ansible-playbook Template
 # ---
 #

kestra/ansible/ansible-playbook-inline.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra ansible-playbook Template
 # ---
 #

kestra/docker/docker-build-git.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra Docker Git Build Template
 # ---
 #

kestra/docker/docker-build-inline.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra Docker File Build Template
 # ---
 #

kestra/python/python_command.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra Python Command Template
 # ---
 #
@@ -16,4 +17,3 @@ tasks:
       - python /app/scripts/your-python-script.py
     taskRunner:
       type: io.kestra.plugin.core.runner.Process
-      

kestra/python/python_script.yaml

@@ -1,3 +1,4 @@
+---
 # Kestra Python Command Template
 # ---
 #

kubernetes/traefik/examples/ingressroute.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -13,7 +14,7 @@ spec:
       services:
         - name: your-service  # <-- Replace with your service name
           port: 80
-  # --> (Optional) Add certificate secret
-  # tls:
-  #   secretName: your-certificate-secret
-  # <--
+# --> (Optional) Add certificate secret
+# tls:
+#     secretName: your-certificate-secret
+# <--

kubernetes/traefik/examples/ingressroutetcp.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
@@ -13,7 +14,7 @@ spec:
       services:
         - name: your-service  # <-- Replace with your service name
           port: 80
-  # --> (Optional) Enable TLS Passthrough
-  # tls:
-  #   passthrough: true
-  # <--
+# --> (Optional) Enable TLS Passthrough
+# tls:
+#   passthrough: true
+# <--

kubernetes/traefik/helm-values.yaml

@@ -1,3 +1,4 @@
+---
 image:
   repository: traefik
   tag: v3.2.3