sjat
4ee1b66e23
Master vault password is fetched from Vaultwarden via the rbw agent (scripts/vault-pass-client.sh, wired as vault_password_file) instead of a plaintext .vault_pass. Vault secrets use a nested vault.<service>.<key> map. Encrypted vault.yml files are excluded from lint. Includes the host rename in Makefile and STATUS.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
27 lines
553 B
Text
27 lines
553 B
Text
---
|
|
extends: default
|
|
|
|
rules:
|
|
line-length:
|
|
max: 120
|
|
level: warning
|
|
truthy:
|
|
allowed-values: ['true', 'false']
|
|
check-keys: true
|
|
comments:
|
|
min-spaces-from-content: 1
|
|
braces:
|
|
min-spaces-inside: 0
|
|
max-spaces-inside: 1
|
|
# Aligned with ansible-lint's requirements (it owns comment-indentation via its
|
|
# own yaml rule, and forbids octal ambiguity):
|
|
comments-indentation: false
|
|
octal-values:
|
|
forbid-implicit-octal: true
|
|
forbid-explicit-octal: true
|
|
|
|
ignore: |
|
|
.venv/
|
|
.collections/
|
|
.scaffold/
|
|
**/vault.yml
|