Address salt-lint errors/warnings

- remove trailing whitespaces
- format octal modes correctly
- trim lines or add ignore rules where necessary

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

pillar/cluster/denc/web-proxy.sls

@@ -78,6 +78,7 @@ nginx:
         - X-Forwarded-Proto   $scheme
       - proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt
     tls:
+      # yamllint disable-line rule:line-length
       - ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 
     {#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #}

pillar/id/dericom02_rigel_lysergic_dev.sls

@@ -23,7 +23,7 @@ profile:
             NickServNick: viaduct
             NickServPassword: ${'secret_matterbridge:general:accounts:irc.libertacasa:NickServPassword'}
             ColorNicks: 'true'
-            Charset: utf8 
+            Charset: utf8
             MessageSplit: 'true'
             MessageQueue: 60
             UseRelayMsg: 'true'

pillar/id/deriweb01_rigel_lysergic_dev.sls

@@ -412,12 +412,12 @@ nginx:
             - location /:
                 - proxy_pass: http://media.takahe.rigel.lysergic.dev:8001
                 {{ takaheresolver }}
-          {#- despair.life is a second entry-point to social.liberta.casa instead of only a secondary domain in Takahe #} 
+          {#- despair.life is a second entry-point to social.liberta.casa instead of only a secondary domain in Takahe #}
           - server:
             {{ takahe_includes() }}
             - server_name: despair.life
             {{ takahe_gohome() }}
-            {#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #}
+            {#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} # yamllint disable-line rule:line-length
             {%- for talopath in ['auth', 'saml2'] %}
             - location /{{ talopath }}:
                 - rewrite: ^/(.*) https://social.liberta.casa/$1 redirect
@@ -436,7 +436,7 @@ nginx:
               - snippets/error
             - server_name: exhausted.life
             {{ takahe_gohome() }}
-            - location /.well-known/: 
+            - location /.well-known/:
                 - proxy_pass: {{ backend.takahe }}
                 - sub_filter_types: application/xml
                 - sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life

salt/profile/matterbridge/init.sls

@@ -46,7 +46,7 @@ matterbridge_{{ instance }}_mediadir:
     - user: matterbridge
     {#- to-do: implement some shared group #}
     - group: lighttpd
-    - mode: 750
+    - mode: '0750'
     - makedirs: True
 {%- endif %}
 

salt/profile/netcup_failover/init.sls

@@ -5,6 +5,6 @@ include:
   file.managed:
     - user: keepalived_script
     - group: wheel
-    - mode: 750
+    - mode: '0750'
     - template: jinja
     - source: salt://{{ slspath }}/files/failover.sh.j2

salt/profile/node_exporter/init.sls

@@ -19,7 +19,7 @@ node_exporter_sysconfig:
     - pattern: |
         ^ARGS=.*$
     - repl: |
-        ARGS="--web.listen-address=:9200 --collector.filesystem.fs-types-exclude='^(fuse.s3fs|fuse.cryfs|tmpfscgroup2?|debugfs|devpts|devtmpfs|fusectl|overlay|proc|procfs|pstore)\$' --no-collector.zfs --no-collector.thermal_zone --no-collector.powersupplyclass"
+        ARGS="--web.listen-address=:9200 --collector.filesystem.fs-types-exclude='^(fuse.s3fs|fuse.cryfs|tmpfscgroup2?|debugfs|devpts|devtmpfs|fusectl|overlay|proc|procfs|pstore)\$' --no-collector.zfs --no-collector.thermal_zone --no-collector.powersupplyclass" # yamllint disable-line rule:line-length
     - require:
       - pkg: node_exporter_packages
       - file: node_exporter_sysconfig_header

salt/profile/salt/master.sls

@@ -17,7 +17,7 @@ salt_master_extension_modules_dirs:
       {%- endfor %}
     - user: root
     - group: salt
-    - mode: 0755
+    - mode: '0755'
 
 salt_master_extension_modules_bins:
   file.managed:
@@ -30,7 +30,7 @@ salt_master_extension_modules_bins:
       {%- endfor %}
     - user: root
     - group: salt
-    - mode: 0640
+    - mode: '0640'
     - require:
       - file: salt_master_extension_modules_dirs
 
@@ -72,7 +72,7 @@ salt_master_extra_packages:
       - requirepass {{ master_pillar['cache.redis.password'] }}
     - user: root
     - group: redis
-    - mode: 0640
+    - mode: '0640'
     - require:
       - pkg: redis
 
@@ -80,7 +80,7 @@ salt_master_extra_packages:
   file.directory:
     - user: redis
     - group: redis
-    - mode: 0750
+    - mode: '0750'
     - require:
       - pkg: redis
 

salt/profile/salt/minion.sls

@@ -1,5 +1,7 @@
 {%- set netbox_pillar = salt['pillar.get']('netbox') -%}
-{%- if 'custom_fields' in netbox_pillar and netbox_pillar['custom_fields']['salt_roles'] is not none and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%}
+{%- if 'custom_fields' in netbox_pillar
+    and netbox_pillar['custom_fields']['salt_roles'] is not none
+    and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%}
 {%- set master = salt['pillar.get']('salt:master:syndic_master') -%}
 {%- elif 'config_context' in netbox_pillar -%}
 {%- set master = netbox_pillar['config_context']['salt_master'] -%}