13 changed files with 16 additions and 136 deletions
--- a/.gitea/workflows/lint.yml
+++ b/.gitea/workflows/lint.yml
@ -1,18 +0,0 @@
-name: "Lint"
-on: push
-
-jobs:
-  lint:
-    name: "Lint"
-    runs-on: python-bookworm
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - name: Activate venv & install dependencies
-        run: |
-          python3 -m venv venv
-          . venv/bin/activate
-          echo PATH=$PATH >> $GITHUB_ENV
-          pip install ansible ansible-lint
-      - name: Lint
-        run: ansible-lint --show-relpath .
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,8 @@
+stages:
+  - "linting"
+
+ansible-lint:
+  stage: linting
+  image: registry.gitlab.com/pipeline-components/ansible-lint:latest
+  script:
+    - ansible-lint --show-relpath .
--- a/basic.yaml
+++ b/basic.yaml
@ -1,5 +1,5 @@
 ---
- name: "Update/upgrade debian and install misc tools."
+- name: "Update/upgrade debian and install docker and misc tools."
  hosts: basic
  roles:
      - system
--- a/roles/dnsmasq/tasks/main.yaml
+++ b/roles/dnsmasq/tasks/main.yaml
@ -1,16 +1,4 @@
 ---
- name: Ensure systemd-resolved doesn't interfere
-  ansible.builtin.lineinfile:
-    path: /etc/systemd/resolved.conf
-    regexp: '^DNSStubListener='
-    insertafter: '^[Resolve]'
-    line: DNSStubListener=no
-
- name: Restart systemd-resolved service
-  ansible.builtin.service:
-    name: systemd-resolved
-    state: restarted
-
 - name: Install dnsmasq
  ansible.builtin.apt:
    name: dnsmasq
--- a/roles/ip_forward/tasks/main.yaml
+++ b/roles/ip_forward/tasks/main.yaml
@ -1,8 +0,0 @@
---
- name: Enable IPv4 forwarding
-  ansible.posix.sysctl:
-    name: net.ipv4.ip_forward
-    value: '1'
-    sysctl_set: true
-    state: present
-    reload: true
--- a/roles/network_tools/main.yaml
+++ b/roles/network_tools/main.yaml
@ -1,12 +0,0 @@
---
- name: Install tcpdump
-  ansible.builtin.apt:
-    name: tcpdump
-    state: latest
-    update_cache: true
-
- name: Install jnettop
-  ansible.builtin.apt:
-    name: jnettop
-    state: latest
-    update_cache: true
--- a/roles/nftables/tasks/main.yaml
+++ b/roles/nftables/tasks/main.yaml
@ -1,22 +0,0 @@
---
- name: Install nftables
-  ansible.builtin.apt:
-    name: nftables
-    state: latest
-    update_cache: true
-
- name: Install ulogd (for nftables logging)
-  ansible.builtin.apt:
-    name: ulogd2
-    state: latest
-    update_cache: true
-
- name: Enable nftables service
-  ansible.builtin.service:
-    name: nftables
-    enabled: true
-
- name: Start nftables service
-  ansible.builtin.service:
-    name: nftables
-    state: started
--- a/roles/softwares/tasks/main.yaml
+++ b/roles/softwares/tasks/main.yaml
@ -16,3 +16,9 @@
    name: net-tools
    state: latest
    update_cache: true
+
+- name: Install jnettop
+  ansible.builtin.apt:
+    name: jnettop
+    state: latest
+    update_cache: true
--- a/roles/telegraf/tasks/main.yaml
+++ b/roles/telegraf/tasks/main.yaml
@ -1,49 +0,0 @@
---
- name: Install required system packages
-  ansible.builtin.apt:
-    pkg:
-      - apt-transport-https
-      - ca-certificates
-      - gnupg
-      - curl
-    state: latest
-    update_cache: true
-
- name: Add Influxdata GPG apt key
-  ansible.builtin.apt_key:
-    url: "https://repos.influxdata.com/influxdata-archive.key"
-    state: present
-
- name: Add Influxdata repository
-  ansible.builtin.apt_repository:
-    repo: deb https://repos.influxdata.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
-    state: present
-    filename: "telegraf"
-
- name: Install telegraf package
-  ansible.builtin.apt:
-    pkg:
-      - telegraf
-    state: latest
-    update_cache: true
-
- name: Gather the package facts
-  ansible.builtin.package_facts:
-    manager: auto
-
- name: Add telegraf to docker group
-  ansible.builtin.user:
-    name: telegraf
-    groups: docker
-    append: true
-  when: "'docker-ce' in ansible_facts.packages"
-
- name: Enable telegraf service
-  ansible.builtin.service:
-    name: telegraf
-    enabled: true
-
- name: Stop telegraf service (configure it before starting)
-  ansible.builtin.service:
-    name: telegraf
-    state: stopped
--- a/router.yaml
+++ b/router.yaml
@ -1,12 +1,10 @@
 ---
- name: "Update/upgrade debian and install router softwares and misc tools."
+- name: "Update/upgrade debian and install docker and misc tools."
  hosts: router
  roles:
      - system
      - softwares
-      - network_tools
      - bpytop
-      - ip_forward
      - dnsmasq
      - nftables
      - clean
--- a/telegraf.yaml
+++ b/telegraf.yaml
@ -1,5 +0,0 @@
---
- name: "Install telegraf on debian."
-  hosts: telegraf
-  roles:
-      - telegraf
--- a/update.yaml
+++ b/update.yaml
@ -1,5 +0,0 @@
---
- name: "Update and upgrade Debian."
-  hosts: update
-  roles:
-      - system
--- a/wireguard.yaml
+++ b/wireguard.yaml
@ -6,5 +6,4 @@
      - softwares
      - bpytop
      - wireguard
-      - ip_forward
      - clean