Update development dependencies

The ruff pre-commit hook has been updated to the ruff-check hook, as the
former is now just an alias for the latter. The GitHub pull request,
astral-sh/ruff-pre-commit#124, discusses these
changes.

The spacing underneath many lines within the code.md and
infrastructure.md Markdown files has changed due to Prettier's
pre-commit hook formatting them. Also, many link texts have changed to
satisfy markdownlint's new MD059 rule (link text should be descriptive).

The use_keywords_order_plays.yml playbook has changed to resolve
ansible-lint name[unique] violations.

Many role variables have been changed to resolve ansible-lint
var-naming[no-role-prefix] violations.

Passing the line number for tasks and plays (via 'data') as an argument
to the create_matcherror method has changed due to how this attribute is
to be accessed in relation to future versions of the ansible-core
package (>= 2.19). This conclusion has come from reading
ansible/ansible-lint#4554 and
ansible/ansible-lint#4564.

A version_changed attribute has been added to all rules to suppress a
warning now generated from ansible-lint that complains when this
attribute is missing. This behavior was introduced as of this commit:
ansible/ansible-lint#4431. The value for this
attribute models the one in the pyproject.toml file, in that it is not
intended to hold much significance. This is primarily because I see
little value in updating this attribute over time for internal rules.

The _get_leaf_items method's type hint has changed from the union type
'list[Any] | dict[Any, Any]' to 'list[Any] | Mapping[Any, Any]' because
the parent class type of ansiblelint.utils.Task has changed to be
Mapping[str, Any].

The AnsibleUnicodeItems type alias now uses the 'type' keyword instead
of TypeAlias, as this was recommended per ruff's non-pep695-type-alias
rule.

Author: renovate[bot]

.pre-commit-config.yaml

@@ -4,14 +4,14 @@ default_install_hook_types:
   - pre-push
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks.git
-    rev: v4.6.0
+    rev: v6.0.0
     hooks:
       - id: end-of-file-fixer
       - id: check-added-large-files
       - id: trailing-whitespace
 
   - repo: https://github.com/ansible-community/ansible-lint.git
-    rev: v24.9.0
+    rev: v25.9.2
     hooks:
       - id: ansible-lint
         language: python
@@ -20,10 +20,10 @@ repos:
         additional_dependencies:
           - ansible-core ==2.17.0
           - jmespath ==1.0.1
-          - pyspellchecker ==0.8.1
+          - pyspellchecker ==0.8.3
 
   - repo: https://github.com/adrienverge/yamllint.git
-    rev: v1.35.1
+    rev: v1.37.1
     hooks:
       - id: yamllint
         args:
@@ -35,7 +35,7 @@ repos:
           - ./roles
 
   - repo: https://github.com/DavidAnson/markdownlint-cli2.git
-    rev: v0.13.0
+    rev: v0.18.1
     hooks:
       - id: markdownlint-cli2
 
@@ -50,7 +50,7 @@ repos:
         types:
           - markdown
         additional_dependencies:
-          - prettier@3.3.2
+          - prettier@3.6.2
 
       - id: pytest
         name: pytest
@@ -61,9 +61,9 @@ repos:
           - python
         additional_dependencies:
           - ansible-core ==2.17.0
-          - ansible-lint ==24.9.0
-          - pyspellchecker ==0.8.1
-          - pytest ==8.3.4
+          - ansible-lint ==25.9.2
+          - pyspellchecker ==0.8.3
+          - pytest ==8.4.2
 
       - id: gendict.py
         name: gendict.py
@@ -73,32 +73,32 @@ repos:
           - pre-push
         additional_dependencies:
           - ansible-core ==2.17.0
-          - ansible-lint ==24.9.0
-          - pyspellchecker ==0.8.1
+          - ansible-lint ==25.9.2
+          - pyspellchecker ==0.8.3
 
   - repo: https://github.com/gitleaks/gitleaks.git
-    rev: v8.18.3
+    rev: v8.28.0
     hooks:
       - id: gitleaks
 
   - repo: https://github.com/pre-commit/mirrors-mypy.git
-    rev: v1.13.0
+    rev: v1.18.2
     hooks:
       - id: mypy
         language: python
         args:
           - --strict
         additional_dependencies:
           - ansible-core ==2.17.0
-          - ansible-lint ==24.9.0
-          - boto3-stubs[s3] ==1.38.13
-          - pyspellchecker ==0.8.1
-          - pytest ==8.3.4
+          - ansible-lint ==25.9.2
+          - boto3-stubs[s3] ==1.40.48
+          - pyspellchecker ==0.8.3
+          - pytest ==8.4.2
 
   - repo: https://github.com/pre-commit/mirrors-mypy.git
     # Do not update unless package versions are supported by the system Python version
     # used by the proxy_servers hosts (556b70d).
-    rev: v1.13.0
+    rev: v1.18.2
     hooks:
       - id: mypy
         name: mypy (mitmproxy)
@@ -116,9 +116,9 @@ repos:
           - types-requests ==2.32.0.20250328
 
   - repo: https://github.com/astral-sh/ruff-pre-commit.git
-    rev: v0.8.0
+    rev: v0.14.0
     hooks:
-      - id: ruff
+      - id: ruff-check
         args:
           - ./rules
 
@@ -129,7 +129,7 @@ repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit.git
     # Do not update unless package versions are supported by the system Python version
     # used by the proxy_servers hosts (556b70d).
-    rev: v0.8.0
+    rev: v0.14.0
     hooks:
       - id: ruff
         name: ruff (mitmproxy)
@@ -148,18 +148,18 @@ repos:
           - jinja
 
   - repo: https://github.com/tofuutils/pre-commit-opentofu.git
-    rev: v2.2.0
+    rev: v2.2.1
     hooks:
       - id: tofu_fmt
       - id: tofu_validate
 
   - repo: https://github.com/tombi-toml/tombi-pre-commit.git
-    rev: v0.3.55
+    rev: v0.6.25
     hooks:
       - id: tombi-lint
       - id: tombi-format
 
   - repo: https://github.com/koalaman/shellcheck-precommit.git
-    rev: v0.10.0
+    rev: v0.11.0
     hooks:
       - id: shellcheck

docs/code.md

@@ -8,7 +8,6 @@
 - The `site.yml` playbook serves as the main playbook that defines my homelab
   infrastructure. Below are a few additional playbooks that are worth
   mentioning.
-
   - The `on_prem.yml` playbook aggregates common configurations for my on
     premises hosts.
 
@@ -18,7 +17,6 @@
 
 - The `ansible` groups have been defined based mostly on their associated
   function. The rest are defined (loosely) based on geography.
-
   - This decision was originally based on
     <https://docs.ansible.com/ansible/2.8/user_guide/playbooks_best_practices.html#how-to-differentiate-staging-vs-production>
     but such documentation has superseded by
@@ -30,8 +28,7 @@
 - The Kubernetes (`k8s`) playbooks are structured to run a generic play first
   then a named configuration play second. The notes on these decisions can be
   found
-  [here](https://trello.com/c/QcvcMHUW/59-refactor-k8s-related-playbooks-ansible-units-in-assuming-there-only-exist-one-cluster).
-
+  [in its associated Trello card](https://trello.com/c/QcvcMHUW/59-refactor-k8s-related-playbooks-ansible-units-in-assuming-there-only-exist-one-cluster).
   - For example, the `Setup Kubernetes control planes (first control-planes)`
     play runs before the
     `Setup Kubernetes control planes (first control-planes) (poseidon)` play.
@@ -60,9 +57,9 @@
   QEMU/KVM along with the `vagrant-libvirt` plugin.
 
 - The top level `vagrant_ansible_vars.json` was written to aggregate `ansible`
-  host variables and `ansible` groups. A scaled back version of this file can be
-  found [here](../examples/vagrant_ansible_vars.json). Below will be a brief
-  outline of some elements that are not self-explanatory.
+  host variables and `ansible` groups. A scaled back version of this
+  [file exists within the project](../examples/vagrant_ansible_vars.json). Below
+  will be a brief outline of some elements that are not self-explanatory.
   - `vagrant_config_refs` represent host variables whose value is defined by
     other host variables within the same host.
   - `vagrant_external_config_refs` represent host variables whose value is
@@ -87,8 +84,7 @@
   - `staging-dnsmasq-dhcp.conf.j2`
 - Consider the following hierarchy (in decreasing granularity) when creating new
   variables to use. This hierarchy is derived from
-  [here](https://trello.com/c/PYAlPypV/37-check-the-consistency-of-variable-values-being-passed-into-ansible-roles).
-
+  [an associated Trello card](https://trello.com/c/PYAlPypV/37-check-the-consistency-of-variable-values-being-passed-into-ansible-roles).
   1. Host variables in the inventory file.
   2. Group variables in the inventory file.
   3. Group variables file within the project.
@@ -97,8 +93,7 @@
 
 - Follow this precedence when naming playbooks (an exception to this would be
   those under `./examples/playbooks`). This precedence is derived from
-  [here](https://trello.com/c/zfi9zgsR/83-integrate-installing-haproxy-and-keepalived-from-poseidonk8scontrollers-into-loadbalancersyml).
-
+  [an associated Trello card](https://trello.com/c/zfi9zgsR/83-integrate-installing-haproxy-and-keepalived-from-poseidonk8scontrollers-into-loadbalancersyml).
   1. A playbook directly maps to a host's higher purpose via machine hostname
      (e.g. `k8s_controllers.yml` -> `poseidon-k8s-controller1`).
   2. A playbook indirectly maps to a host's higher purpose via `ansible` groups
@@ -110,15 +105,14 @@
 
 - Update software versions in `poseidon_k8s_software_versions.yml` when
   Kubernetes infrastructure patching occurs, as mentioned
-  [here](./infrastructure.md).
+  [the Infrastructure Design Documentation](./infrastructure.md).
 
 - Update dependencies accordingly using Renovate.
 
 - Update `VAGRANT_UPSTREAM_VERSION` periodically to newer versions of `vagrant`
   as they come out.
 
 - Update language runtime versions periodically.
-
   - Ruby is updated indirectly by upgrading the `vagrant` package from
     HashiCorp's package repositories.
 
@@ -131,9 +125,7 @@
 - [Use the following procedure when updating public GPG key checksums.](https://trello.com/c/8IaHDWO7/151-create-a-process-to-verify-public-gpg-keys-upon-updating-related-ansible-tasks-checksum)
 
 - Create new TLS certificates as those expire.
-
   - [Follow these instructions to create a certificate for the root CA.](https://kubernetes.io/docs/tasks/administer-cluster/certificates/#openssl)
-
     - The Common Name (CN) should be set to 'Conner Crosby (homelab-cm)'.
 
     - The following can also be used to generate the signing key and certificate
@@ -144,9 +136,7 @@
 
   - Follow these instructions for the client TLS certificates related to IRC
     server identification.
-
     - For Libra.Chat:
-
       1. [Replace a IRC server's TLS certificate by creating a new one.](https://libera.chat/guides/certfp#creating-a-self-signed-certificate)
          The following can also be used
          `openssl req -x509 -new -nodes -sha256 -newkey "ed25519" -days 1096 -out "./playbooks/files/certs/liberachat.pem" -keyout "./playbooks/files/certs/liberachat.pem"`.
@@ -163,7 +153,6 @@
       7. Upload the new certificate to Bitwarden.
 
     - For OFTC:
-
       1. [Replace a IRC server's TLS certificate by creating a new one.](https://libera.chat/guides/certfp#creating-a-self-signed-certificate)
          The following can also be used
          `openssl req -x509 -new -nodes -sha256 -newkey "ed25519" -days 1096 -out "./playbooks/files/certs/oftc.pem" -keyout "./playbooks/files/certs/oftc.pem"`.

docs/dictionary.txt

@@ -10,9 +10,9 @@ apt_pkg
 aptsources
 arptables
 authorized_keys
+baz
 bgp
 br_netfilter
-ca
 calicoctl
 cfg
 cni
@@ -23,7 +23,6 @@ cri
 cronjobs
 csrs
 ddns
-debian
 dhcp
 dns
 dnsmasq
@@ -89,7 +88,6 @@ nginx
 nodeport
 pam_access
 permitrootlogin
-poseidon
 poseidon_ingress_nginx_node_http_port
 py
 python3
@@ -107,7 +105,6 @@ tigera
 tmux
 udev
 uri
-us's
 usa
 userland
 utf

docs/infrastructure.md

@@ -3,8 +3,7 @@
 ## Architecture
 
 - The following are the subnets for my homelab. Notes on this can be found
-  [here](https://trello.com/c/nUrXxJIE/119-decide-on-network-subnet-prefixes-for-staging-and-production-environments).
-
+  [in its associated Trello card](https://trello.com/c/nUrXxJIE/119-decide-on-network-subnet-prefixes-for-staging-and-production-environments).
   - `192.168.0.x/24` -> production homelab network
   - `192.168.1.x/24` -> production Kubernetes cluster (Poseidon) network
   - `192.168.1.x/24` -> staging homelab network
@@ -14,40 +13,39 @@
 
 - The Linux distributions of choice should be community lead distributions. The
   preference on this comes from
-  [here](https://trello.com/c/mQ95baA5/164-migrate-kubernetes-cluster-poseidon-nodes-back-to-using-debian-12-instead-of-ubuntu-2204).
+  [in its associated Trello card](https://trello.com/c/mQ95baA5/164-migrate-kubernetes-cluster-poseidon-nodes-back-to-using-debian-12-instead-of-ubuntu-2204).
 
 - The decision to use the `systemd-networkd` role came at the beginning when
   needing to set static network configurations for hosts and wanting to utilize
   `systemd` services more heavily. Notes concerning this can be found
-  [here](https://trello.com/c/NJPE8TxD/167-fix-virtual-nics-to-use-dhcp-in-the-packer-machine-images-when-first-booted-by-vms?search_id=784cfe32-2da0-431e-b3fe-54fab20c1c7b).
+  [in its associated Trello card](https://trello.com/c/NJPE8TxD/167-fix-virtual-nics-to-use-dhcp-in-the-packer-machine-images-when-first-booted-by-vms?search_id=784cfe32-2da0-431e-b3fe-54fab20c1c7b).
 
 - The primary homelab network's DHCP and DNS needs should be satisfied by
   `dnsmasq`. Notes on this can be found
-  [here](https://trello.com/c/7WkUytTf/31-integrate-dnsmasq-for-dhcp-and-dns-into-my-project).
+  [in its associated Trello card](https://trello.com/c/7WkUytTf/31-integrate-dnsmasq-for-dhcp-and-dns-into-my-project).
 
 - The primary homelab network's load balancing needs should be satisfied by
   `haproxy`. Notes on this can be found
-  [here](https://trello.com/c/1irPAunK/41-integrate-haproxy-into-my-kubernetes-cluster-homelab-subnet).
+  [in its associated Trello card](https://trello.com/c/1irPAunK/41-integrate-haproxy-into-my-kubernetes-cluster-homelab-subnet).
 
 - The primary homelab network's HTTPS MITM proxy needs should be satisfied by
   `mitmproxy`. Notes on this can be found
-  [here](https://trello.com/c/VDJYXYzf/251-integrate-a-self-hosted-kiwix-into-the-project).
+  [in its associated Trello card](https://trello.com/c/VDJYXYzf/251-integrate-a-self-hosted-kiwix-into-the-project).
 
 - There will be a single QEMU/KVM host that will host my virtual machines. Notes
   on this can be found
-  [here](https://trello.com/c/uUa3Totk/127-create-the-kvm-playbook-to-provision-a-machine-to-run-kvm-and-libvirt).
+  [in its associated Trello card](https://trello.com/c/uUa3Totk/127-create-the-kvm-playbook-to-provision-a-machine-to-run-kvm-and-libvirt).
 
 - There will be a NFS server that will satisfy my shared storage needs. Notes on
   this can be found
-  [here](https://trello.com/c/EtZw0Kh4/252-integrate-a-nfs-server-into-the-project).
+  [in its associated Trello card](https://trello.com/c/EtZw0Kh4/252-integrate-a-nfs-server-into-the-project).
 
 - Securely accessing my primary homelab network wherever I might should be
   satisfied by `WireGuard`. Notes on this can be found
-  [here](https://trello.com/c/6OfwfuPT/260-integrate-a-vpn-server-into-the-project).
+  [in its associated Trello card](https://trello.com/c/6OfwfuPT/260-integrate-a-vpn-server-into-the-project).
 
 - The Kubernetes cluster (Poseidon) has reasons for each part of the
   configuration set.
-
   - [High Availability Configuration](https://trello.com/c/8JopdDFW/48-achieve-highly-available-for-my-kubernetes-cluster?search_id=05ef3726-02cf-4c28-a93c-6ad6c1e0136b)
   - [containerd](https://trello.com/c/0fXGhRc5/8-cluster-ctrserver1-and-ctrserver2s-docker-daemons)
   - [Calico CNI](https://trello.com/c/iRX5bxkG/49-integrate-calico-into-my-kubernetes-cluster)
@@ -57,7 +55,6 @@
   - [keepalived](https://trello.com/c/5hnN6ke6/78-reconsider-load-balancer-configuration-and-architecture-used-to-distribute-traffic-between-the-kubernetes-api-servers?search_id=f79767ea-223f-43fa-82c3-843a1ebf671c)
 
 - The intended Ansible controllers will be my development machines.
-
   - It is known that there are secrets that will be exposed in Ansible output,
     but this isn't a concern due to the Ansible controllers being my development
     machines. Any logs uploaded elsewhere are vetted carefully for secrets. Task
@@ -68,24 +65,19 @@
 - [Follow these notes to have a Kubernetes node join an already existing Kubernetes cluster (Poseidon).](https://trello.com/c/HO0aWCED/95-look-into-how-to-handle-a-worker-or-controller-rejoining-the-kubernetes-cluster-poseidon-after-the-cluster-has-been-created)
 
 - Follow these instructions for updating system packages across all hosts:
-
   1.  Run the `maintenance.yml` playbook.
 
 - Follow these instructions for checking load balancer backends:
-
   1.  Run the `maintenance.yml` playbook.
 
 - Follow these instructions for upgrading an instance of the Kubernetes cluster
   (Poseidon). This presumes the cluster is running at least on version `v1.28`.
-
   - If upgrading from version `1.28.x` to version `1.28.y` (where `y > x`):
-
     1. Update `./playbooks/vars/poseidon_k8s_software_versions.yml` accordingly.
     2. Update `./playbooks/tasks/setup_calico.yml` accordingly.
     3. Run the `maintenance.yml` playbook.
 
   - If upgrading from version `1.28.x` to version `1.29.x`:
-
     1. Update `./playbooks/vars/poseidon_k8s_software_versions.yml` accordingly.
     2. Update `./playbooks/tasks/setup_calico.yml` accordingly.
     3. Update the `maintenance.yml` playbook according the
@@ -95,7 +87,6 @@
 
   - If upgrading from version `1.x` to version `1.y` (where
     `y > x and (y-x) > 1`):
-
     1. Update `./playbooks/vars/poseidon_k8s_software_versions.yml` accordingly.
     2. Update `./playbooks/tasks/setup_calico.yml` accordingly.
     3. Update the `maintenance.yml` playbook according the

examples/playbooks/use_keywords_order_plays.yml

@@ -17,11 +17,11 @@
     - foo
 
   tasks:
-    - name: Foo
+    - name: Bar
       ansible.builtin.debug:
         msg: bar
 
   handlers:
-    - name: Foo
+    - name: Baz
       ansible.builtin.debug:
         msg: bar