Add YAMLLint rules

Fix linting errors that came up with the new rules

Main changes:
* Enforce YAML document start headers
* Enforce spacing with commas, colons and hyphens
* Enforce indentation
* Enforce use of quotes only then required
* Enforce use of single quotes over double quotes
* Enforce use of true/false over yes/no and derivatives
* [..] Other minor rules that were already followed

Signed-off-by: Colin Wilk <colin.wilk@tum.de>

10 files changed, 96 insertions, 42 deletions

diff --git a/.ansible-lint b/.ansible-lint
index 76a35bf..fbaa64a 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,3 +1,4 @@
+---
 exclude_paths: []
 
 use_default_rules: true
@@ -9,4 +10,4 @@ enable_list:
   - name[missing]
 
 skip_list:
-  - "yaml[line-length]"
+  - yaml[line-length]
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0264f0e..0204c17 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,3 +1,4 @@
+---
 default_stages: [commit, push]
 
 repos:
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..8551271
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,52 @@
+# https://yamllint.readthedocs.io/en/stable/rules.html
+---
+rules:
+  quoted-strings:
+    quote-type: single
+    required: only-when-needed
+
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+
+  comments:
+    require-starting-space: true
+    ignore-shebangs: true
+    min-spaces-from-content: 1
+
+  document-end:
+    present: false
+
+  document-start:
+    present: true
+
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 0
+
+  empty-values:
+    forbid-in-block-mappings: true
+    forbid-in-flow-mappings: true
+
+  float-values:
+    require-numeral-before-decimal: true
+
+  hyphens:
+    max-spaces-after: 1
+
+  indentation:
+    spaces: 2
+    indent-sequences: true
+    check-multi-line-strings: true
+
+  trailing-spaces: {}
+
+  truthy:
+    allowed-values: ['true', 'false']
+    check-keys: true
diff --git a/defaults/main.yml b/defaults/main.yml
index 95a8937..fa8190d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -69,7 +69,7 @@ borg_mode_append_only: false
 # Most of the time the default option is fine.
 # For more information about the borg placeholder see
 # https://borgbackup.readthedocs.io/en/stable/usage/help.html#borg-help-placeholders
-borg_backup_name_format: "{hostname}-{now:%Y-%m-%dT%H:%M:%S}"
+borg_backup_name_format: '{hostname}-{now:%Y-%m-%dT%H:%M:%S}'
 
 # Borg has a few compression modes to those from:
 # none, lz4, zstd[,L], zlib[,L], lzma[,L], auto,C[,L], obfuscate,SPEC,C[,L].
@@ -95,7 +95,7 @@ borg_excluded_dirs: []
 # The passphrase will be stored in plaintext inside the cron job.
 # For more information about the borg passphrase see
 # https://borgbackup.readthedocs.io/en/stable/quickstart.html#passphrase-notes
-borg_passphrase: ""
+borg_passphrase: ''
 
 # Since borg encrypts the backups on the borg-server you should save the
 # encryption keys somewhere to another machine to be able to recover the backup
diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml
index 97ddd7f..b243fe0 100644
--- a/meta/argument_specs.yml
+++ b/meta/argument_specs.yml
@@ -20,7 +20,7 @@ argument_specs:
       borg_server_host_url:
         type: str
         required: false
-        default: "{{ borg_server_host }}"
+        default: '{{ borg_server_host }}'
 
       borg_server_user_home:
         type: str
@@ -30,12 +30,12 @@ argument_specs:
       borg_repo_name:
         type: str
         required: false
-        default: "{{ inventory_hostname }}"
+        default: '{{ inventory_hostname }}'
 
       borg_backup_name_format:
         type: str
         required: false
-        default: "{hostname}-{now:%Y-%m-%dT%H:%M:%S}"
+        default: '{hostname}-{now:%Y-%m-%dT%H:%M:%S}'
 
       borg_mode_append_only:
         type: bool
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index 9c23b5f..17b5f0e 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -19,15 +19,15 @@
 
         - name: Set ssh_key
           ansible.builtin.set_fact:
-            borg_server_host_ssh_key: "{{ borg_server_ssh_keyscan.stdout
-              | split(' ')
-              | reject('search', borg_server_host)
-              | join(' ') }}"
+            borg_server_host_ssh_key: '{{ borg_server_ssh_keyscan.stdout
+                                       | split(" ")
+                                       | reject("search", borg_server_host)
+                                       | join(" ") }}'
 
   vars:
     borg_server_host: borg-server
     borg_server_user_home: /opt/borg
-    borg_decryption_keys_yaml_path: "{{ playbook_dir }}/decryption_keys.yml"
+    borg_decryption_keys_yaml_path: '{{ playbook_dir }}/decryption_keys.yml'
     borg_included_dirs:
       - /etc
       - /home
@@ -36,8 +36,8 @@
       - /var
       - /reee reeee
     borg_cron_time:
-      minute: "*"
-      hour: "*"
+      minute: '*'
+      hour: '*'
 
   roles:
     - role: kliwniloc.borgbackup
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index f37c640..3c0dfef 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -14,19 +14,19 @@ platforms:
     dockerfile: Dockerfile.j2
     pre_build_image: false
     docker_networks:
-      - name: 'molecule-container-net'
+      - name: molecule-container-net
         driver_options:
           # Setting the mtu size due to issues with docker and VPN
           com.docker.network.driver.mtu: 1420
     networks:
-      - name: 'molecule-container-net'
+      - name: molecule-container-net
 
   - name: borg-server
     image: ${MOLECULE_DISTRO_SERVER:-debian:10}
     dockerfile: Dockerfile.j2
     pre_build_image: false
     networks:
-      - name: 'molecule-container-net'
+      - name: molecule-container-net
 
 
 provisioner:
diff --git a/tasks/client_setup.yml b/tasks/client_setup.yml
index fee0b6b..1f5de72 100644
--- a/tasks/client_setup.yml
+++ b/tasks/client_setup.yml
@@ -10,8 +10,8 @@
 
 - name: Add borg server to known_hosts
   ansible.builtin.known_hosts:
-    name: "{{ borg_server_host_url }}"
-    key: "{{ borg_server_host_url }} {{ borg_server_host_ssh_key }}"
+    name: '{{ borg_server_host_url }}'
+    key: '{{ borg_server_host_url }} {{ borg_server_host_ssh_key }}'
     path: /root/.ssh/known_hosts
     state: present
   become: true
@@ -22,29 +22,29 @@
     owner: root
     group: root
     mode: '0600'
-    comment: "root@{{ inventory_hostname }}"
+    comment: root@{{ inventory_hostname }}
   become: true
   register: ssh_key
 
 - name: Deploy Keys to Borg server
   ansible.builtin.lineinfile:
-    path: "{{ borg_server_user_home }}/.ssh/authorized_keys"
+    path: '{{ borg_server_user_home }}/.ssh/authorized_keys'
     line: >
       restrict,command="borg serve
       {{ "--append-only" if borg_mode_append_only }}
       --restrict-to-repository {{ borg_repo_name }}"
       {{ ssh_key.public_key }} root@{{ inventory_hostname }}
-    search_string: "{{ ssh_key.public_key }}"
+    search_string: '{{ ssh_key.public_key }}'
     state: present
   become: true
-  delegate_to: "{{ borg_server_host }}"
+  delegate_to: '{{ borg_server_host }}'
 
 - name: Initialise Borg repository
   ansible.builtin.command: >
     borg init --encryption=repokey
     borg@{{ borg_server_host_url }}:{{ borg_server_user_home }}/{{ borg_repo_name }}
   environment:
-    BORG_PASSPHRASE: "{{ borg_passphrase }}"
+    BORG_PASSPHRASE: '{{ borg_passphrase }}'
   become: true
   register: init_borg_output
   changed_when: init_borg_output.rc != 2
@@ -54,7 +54,7 @@
 
 - name: Make sure key file exists
   ansible.builtin.file:
-    path: "{{ borg_decryption_keys_yaml_path }}"
+    path: '{{ borg_decryption_keys_yaml_path }}'
     state: touch
     mode: '0600'
     access_time: preserve
@@ -64,7 +64,7 @@
 
 - name: Read Vars file
   ansible.builtin.include_vars:
-    file: "{{ borg_decryption_keys_yaml_path }}"
+    file: '{{ borg_decryption_keys_yaml_path }}'
   register: local
 
 - name: Add repository encryption keys to ansible repo
@@ -81,12 +81,12 @@
 
     - name: If host new add encryption keys to vars
       ansible.builtin.set_fact:
-        decryption_keys: "{{ local.ansible_facts | combine({inventory_hostname: borg_keys.stdout}) }}"
+        decryption_keys: '{{ local.ansible_facts | combine({inventory_hostname: borg_keys.stdout}) }}'
 
 - name: Update encryption vars
   ansible.builtin.copy:
-    content: "{{ decryption_keys | to_nice_yaml(indent=2, width=2048) }}"
-    dest: "{{ borg_decryption_keys_yaml_path }}"
+    content: '{{ decryption_keys | to_nice_yaml(indent=2, width=2048) }}'
+    dest: '{{ borg_decryption_keys_yaml_path }}'
     mode: '0600'
   when: decryption_keys is defined
   delegate_to: localhost
@@ -95,8 +95,8 @@
 - name: Set up env for cron job
   ansible.builtin.cron:
     name: BORG_PASSPHRASE
-    job: "{{ borg_passphrase }}"
-    state: "{{ 'present' if (borg_included_dirs | length > 0) else 'absent' }}"
+    job: '{{ borg_passphrase }}'
+    state: '{{ "present" if (borg_included_dirs | length > 0) else "absent" }}'
     env: true
     user: root
   become: true
@@ -110,11 +110,11 @@
       {{ borg_included_dirs | map('quote') | join(' ') }}
       {% for e in (borg_excluded_dirs | map('quote')) %} --exclude {{ e }} {% endfor %}
     user: root
-    state: "{{ 'present' if (borg_included_dirs | length > 0) else 'absent' }}"
-    minute: "{{ borg_cron_time.minute | default(omit) }}"
-    hour: "{{ borg_cron_time.hour | default(omit) }}"
-    weekday: "{{ borg_cron_time.weekday | default(omit) }}"
-    day: "{{ borg_cron_time.day | default(omit) }}"
-    month: "{{ borg_cron_time.month | default(omit) }}"
-    special_time: "{{ borg_cron_time.special_time | default(omit) }}"
+    state: '{{ "present" if (borg_included_dirs | length > 0) else "absent" }}'
+    minute: '{{ borg_cron_time.minute | default(omit) }}'
+    hour: '{{ borg_cron_time.hour | default(omit) }}'
+    weekday: '{{ borg_cron_time.weekday | default(omit) }}'
+    day: '{{ borg_cron_time.day | default(omit) }}'
+    month: '{{ borg_cron_time.month | default(omit) }}'
+    special_time: '{{ borg_cron_time.special_time | default(omit) }}'
   become: true
diff --git a/tasks/installation.yml b/tasks/installation.yml
index af379e6..8ee0835 100644
--- a/tasks/installation.yml
+++ b/tasks/installation.yml
@@ -7,7 +7,7 @@
     update_cache: true
   become: true
   when: ansible_facts['os_family'] == "Debian"
-  delegate_to: "{{ borg_server_host }}"
+  delegate_to: '{{ borg_server_host }}'
 
 - name: Install Debian Client dependencies
   ansible.builtin.apt:
diff --git a/tasks/server_setup.yml b/tasks/server_setup.yml
index 6b16e29..b0a8251 100644
--- a/tasks/server_setup.yml
+++ b/tasks/server_setup.yml
@@ -4,14 +4,14 @@
     name: borg
     comment: Borgbackup user
     create_home: true
-    home: "{{ borg_server_user_home }}"
+    home: '{{ borg_server_user_home }}'
     generate_ssh_key: true
   become: true
-  delegate_to: "{{ borg_server_host }}"
+  delegate_to: '{{ borg_server_host }}'
 
 - name: Make sure authorized keys exists
   ansible.builtin.file:
-    path: "{{ borg_server_user_home }}/.ssh/authorized_keys"
+    path: '{{ borg_server_user_home }}/.ssh/authorized_keys'
     state: touch
     owner: borg
     group: borg
@@ -19,4 +19,4 @@
     access_time: preserve
     modification_time: preserve
   become: true
-  delegate_to: "{{ borg_server_host }}"
+  delegate_to: '{{ borg_server_host }}'