refactor: updating v1.0.0 into v2.0.0

- the update to v2.0.0 has many moved rules, dropped rules and new added rules
- some main value changes and renames
  - auto mount is now 'cis_ubuntu2204_rule_2_1_1' but still global as 'cis_ubuntu2204_allow_autofs'
  - renamed `cis_ubuntu2204_rule_5_2_23` into `cis_ubuntu2204_rule_5_1_23`
  - renamed `cis_ubuntu2204_time_synchronization_ntp_server` to `cis_ubuntu2204_time_synchronization_time_server`
    - which is now also a list instead a single string
    - chrony will than setup with multi time servers, and systemd-timesyncd will use item 1 as main server and item 2 as fallback
  - removed `cis_ubuntu2204_time_synchronization_time_fallback_server`
    - fallback should be included into `cis_ubuntu2204_time_synchronization_time_server` as second item
- for v2.0.0 some more variable are added to let dynamic choose different values as preferred in CIS
- general commented lines from v1.0.0 are removed, because of no need or are implemented now in v2.0.0
- additional new parts are included, also when not specified in CIS, but may help while setup
  - you can find them in README under "variables not included in CIS as additional extend"
- ntp install is no longer provided, as dropped in CIS
  - default is like before 'chrony' or other option would be 'systemd-timesyncd'
- and some more additional fixes and improves
- check the updated list for what is implemented in README under "CIS - List of Recommendations"

.github/dependabot.yml

@@ -1,3 +1,4 @@
+---
 version: 2
 updates:
   # Maintain dependencies for GitHub Actions

.github/workflows/ci.yml

@@ -20,11 +20,7 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version:
-          [
-            { version: "3.10", param: "" },
-            { version: "3.11", param: "--break-system-packages" },
-          ]
+        python-version: [{ version: "3.11", param: "--break-system-packages" }]
         molecule-os: ["ubuntu2204", "ubuntu2304"]
 
     steps:

.gitignore

@@ -49,4 +49,3 @@ tests/*
 *.retry
 
 tasks/pre_extra.yml
-templates/sshd_config.j2

.pre-commit-config.yaml

@@ -14,15 +14,15 @@ repos:
     hooks:
       - id: codespell
         args:
-          - --ignore-words-list=ihs,ro,fo,iif
+          - --ignore-words-list=ihs,ro,fo,iif,chage
           - --skip="./.*,*.csv,*.json"
           - --quiet-level=2
         exclude_types:
           - csv
           - json
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.6.0
     hooks:
       # Safety
       - id: detect-private-key
@@ -46,21 +46,14 @@ repos:
         args: [--allow-multiple-documents]
       - id: mixed-line-ending
 
-  - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v4.0.0-alpha.8
-    hooks:
-      - id: prettier
-        additional_dependencies:
-          - [email protected]
-          - [email protected]
-        exclude_types:
-          - python
-
   # Scan for passwords
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.4.0
     hooks:
       - id: detect-secrets
+        args:
+          - --exclude-files=templates/pam/pwquality
+          - --exclude-files=templates/pam/pwhistory.j2
 
   - repo: https://github.com/gitleaks/gitleaks
     rev: v8.18.2
@@ -74,7 +67,7 @@ repos:
 
   # ANSIBLE --------------------------------------------------------------------
   - repo: https://github.com/ansible-community/ansible-lint
-    rev: v24.2.0
+    rev: v24.2.2
     hooks:
       - id: ansible-lint
         name: Ansible-lint
@@ -90,4 +83,4 @@ repos:
           # If you want to use specific version of ansible-core or ansible, feel
           # free to override `additional_dependencies` in your own hook config
           # file.
-          - ansible-core>=2.13.3
+          - ansible-core>=2.16.5