fix E206 'Variables should have spaces before and after: {{ var_name }}'

playbooks/luna.yml

@@ -5,7 +5,7 @@
   remote_user: root
   tasks:
     - name: open firewall holes for services
-      firewalld: service={{item}} permanent=true state=enabled immediate=yes
+      firewalld: service={{ item }} permanent=true state=enabled immediate=yes
       with_items:
         - zabbix-agent
         - http
@@ -18,7 +18,7 @@
         - firewall
 
     - name: open firewall holes for ports
-      firewalld: port={{item}} permanent=true state=enabled immediate=yes
+      firewalld: port={{ item }} permanent=true state=enabled immediate=yes
       with_items:
         - 6969/tcp
         - 4949/tcp

playbooks/rsync.net.yml

@@ -4,4 +4,4 @@
   hosts: ch-s012.rsync.net
   gather_facts: False
   roles:
-    - { role: rsync_net, backup_dir: "backup", backup_clients: "{{groups['borg_clients']}}", tags: ["borg"] }
+    - { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }

playbooks/tasks/fetch-borg-keys.yml

@@ -17,15 +17,15 @@
         register: borg_offsite_key
 
       - name: save borg key
-        shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
+        shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
         args:
-            stdin: "{{borg_key.stdout}}"
-            chdir: "{{playbook_dir}}/../.."
+            stdin: "{{ borg_key.stdout }}"
+            chdir: "{{ playbook_dir }}/../.."
         delegate_to: localhost
 
       - name: save borg offsite key
-        shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
+        shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
         args:
-            stdin: "{{borg_offsite_key.stdout}}"
-            chdir: "{{playbook_dir}}/../.."
+            stdin: "{{ borg_offsite_key.stdout }}"
+            chdir: "{{ playbook_dir }}/../.."
         delegate_to: localhost

playbooks/tasks/pacman-website.yml

@@ -11,21 +11,21 @@
         register: tempdir
 
       - name: fetch pacman tarball
-        get_url: url=https://sources.archlinux.org/other/pacman/pacman-{{pacman_version}}.tar.gz dest={{tempdir.path}}/pacman.tar.gz
+        get_url: url=https://sources.archlinux.org/other/pacman/pacman-{{ pacman_version }}.tar.gz dest={{ tempdir.path }}/pacman.tar.gz
 
       - name: create extraction dir
-        file: path={{tempdir.path}}/pacman state=directory
+        file: path={{ tempdir.path }}/pacman state=directory
 
       - name: unpack tarball
-        unarchive: src={{tempdir.path}}/pacman.tar.gz dest={{tempdir.path}}/pacman/
+        unarchive: src={{ tempdir.path }}/pacman.tar.gz dest={{ tempdir.path }}/pacman/
 
       - name: configure
-        shell: ./configure chdir={{tempdir.path}}/pacman/pacman-{{pacman_version}}
+        shell: ./configure chdir={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}
 
       - name: make
-        make: chdir={{tempdir.path}}/pacman/pacman-{{pacman_version}}/doc target=website
+        make: chdir={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc target=website
 
       - name: upload website
-        unarchive: src={{tempdir.path}}/pacman/pacman-{{pacman_version}}/doc/website.tar.gz dest={{archweb_dir}}/archlinux.org/pacman mode=0644
+        unarchive: src={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc/website.tar.gz dest={{ archweb_dir }}/archlinux.org/pacman mode=0644
         delegate_to: apollo.archlinux.org
 

playbooks/vostok.yml

@@ -9,4 +9,4 @@
     - { role: sshd, tags: ['sshd'] }
     - { role: unbound }
     - { role: root_ssh, tags: ['root_ssh'] }
-    - { role: borg-server, backup_dir: "/backup", backup_clients: "{{groups['borg_clients']}}", tags: ["borg"] }
+    - { role: borg-server, backup_dir: "/backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }

roles/arch32_mirror/tasks/main.yml

 ---
 
 - name: create ssl cert
-  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
+  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
   when: 'arch32_mirror_domain is defined'
 
 - name: install rsync

roles/archbuild/tasks/main.yml

@@ -59,7 +59,7 @@
     - mkpkg@.service
 
 - name: start and enable archbuild mounts
-  service: name={{ item }} enabled={{"yes" if archbuild_fs == 'tmpfs' else "no"}} state={{"started" if archbuild_fs == 'tmpfs' else "stopped"}}
+  service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }}
   with_items:
     - var-lib-archbuild.mount
 

roles/archusers/tasks/main.yml

@@ -17,16 +17,16 @@
   with_dict: "{{ arch_users }}"
 
 - name: create .ssh directory
-  file: path=/home/{{item.key}}/.ssh state=directory owner={{item.key}} group=users mode=0700
+  file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
   with_dict: "{{ arch_users }}"
 
 - name: configure ssh keys
-  template: src=authorized_keys.j2 dest=/home/{{item.key}}/.ssh/authorized_keys owner={{item.key}} group=users mode=0600
+  template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
   when: item.value.ssh_key is defined
   with_dict: "{{ arch_users }}"
 
 - name: remove ssh keys if undefined
-  file: path=/home/{{item.key}}/.ssh/authorized_keys state=absent
+  file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
   when: item.value.ssh_key is not defined
   with_dict: "{{ arch_users }}"
 

roles/archwiki/handlers/main.yml

@@ -7,6 +7,6 @@
   service: name=php-fpm@{{ archwiki_user }} state=restarted
 
 - name: run wiki updatescript
-  command: php {{archwiki_dir}}/public/maintenance/update.php --quick
+  command: php {{ archwiki_dir }}/public/maintenance/update.php --quick
   become: true
-  become_user: "{{archwiki_user}}"
+  become_user: "{{ archwiki_user }}"

roles/archwiki/tasks/main.yml

@@ -88,8 +88,6 @@
 
 - name: install systemd services/timers
   template: src="{{item}}.j2" dest="/etc/systemd/system/{{item}}" owner=root group=root mode=0644
-  notify:
-    - daemon reload
   loop:
     - archwiki-runjobs.service
     - archwiki-runjobs-wait.service
@@ -115,7 +113,7 @@
   service: name=archwiki-memcached.service enabled=yes state=started
 
 - name: ensure question answer file exists and set permissions
-  file: state=file path="{{archwiki_question_answer_file}}" owner=root group=root mode=0644
+  file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
 
 - name: create pacman.d hooks dir
   file: state=directory owner=root group=root path=/etc/pacman.d/hooks

roles/certbot/tasks/main.yml

@@ -21,7 +21,7 @@
   service: name=certbot-renewal.timer enabled=yes state=started
 
 - name: open firewall holes for certbot standalone authenticator
-  firewalld: service={{item}} permanent=true state=enabled immediate=yes
+  firewalld: service={{ item }} permanent=true state=enabled immediate=yes
   with_items:
     - http
   when: configure_firewall

roles/conf.archlinux.org/tasks/main.yml

@@ -23,14 +23,14 @@
   command: hugo
   become_user: "{{conference_user}}"
   args:
-    chdir: "{{conference_dir}}"
+    chdir: "{{ conference_dir }}"
   when: release.changed
 
 - name: create ssl cert
-  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ conference_domain }}' creates='/etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem'
+  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ conference_domain }}' creates='/etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem'
 
 - name: create ssl cert
-  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ static_conference_domain }}' creates='/etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem'
+  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ static_conference_domain }}' creates='/etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem'
 
 - name: make nginx log dir
   file: path=/var/log/nginx/{{ conference_domain }} state=directory owner=root group=root mode=0755

roles/dbscripts/tasks/main.yml

@@ -19,7 +19,7 @@
   copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
 
 - name: create ssl cert
-  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ repos_domain }}' creates='/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem'
+  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ repos_domain }}' creates='/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem'
 
 - name: make nginx log dir
   file: path=/var/log/nginx/{{ repos_domain }} state=directory owner=root group=root mode=0755
@@ -41,7 +41,7 @@
     name: "{{ item.key }}"
     group: users
     groups: "{{ item.value.groups | join(',') }}"
-    comment: "{{ item.value.name}}"
+    comment: "{{ item.value.name }}"
     state: present
   with_dict: "{{ arch_users }}"
 
@@ -62,7 +62,7 @@
     pathtmpl: '/home/{user}/staging/{dirname}'
     permissions: 755
     directories: ['', 'core', 'extra', 'testing', 'staging', 'community', 'community-staging', 'community-testing',  'multilib', 'multilib-staging', 'multilib-testing']
-    users: "{{arch_users.keys() | list}}"
+    users: "{{ arch_users.keys() | list }}"
     group: users
   tags: ["archusers"]
 

roles/docker-image/tasks/main.yml

@@ -8,8 +8,8 @@
 
 - name: clone archlinux-docker repository
   become: yes
-  become_user: "{{docker_image_user}}"
-  git: repo="{{docker_image_git_remote}}" version="{{ docker_image_git_tag }}" dest="{{ docker_image_git_dir }}" force=yes
+  become_user: "{{ docker_image_user }}"
+  git: repo="{{ docker_image_git_remote }}" version="{{ docker_image_git_tag }}" dest="{{ docker_image_git_dir }}" force=yes
 
 - name: install sudoers file
   template: src=sudoers.d.j2 dest=/etc/sudoers.d/docker-image

roles/dovecot/tasks/main.yml

@@ -21,7 +21,7 @@
   service: name=dovecot enabled=yes state=started
 
 - name: open firewall holes
-  firewalld: service={{item}} permanent=true state=enabled immediate=yes
+  firewalld: service={{ item }} permanent=true state=enabled immediate=yes
   with_items:
     - pop3
     - pop3s

roles/fail2ban/tasks/main.yml

@@ -23,8 +23,8 @@
 
 - name: install local config files
   template:
-    src: "{{item}}.j2"
-    dest: "/etc/fail2ban/{{item}}"
+    src: "{{ item }}.j2"
+    dest: "/etc/fail2ban/{{ item }}"
     owner: "root"
     group: "root"
     mode: 0644

roles/firewalld/tasks/main.yml

@@ -13,8 +13,8 @@
 - name: start and enable firewalld
   service:
     name: firewalld
-    enabled: "{{configure_firewall}}"
-    state: "{{configure_firewall | ternary('started', 'stopped') }}"
+    enabled: "{{ configure_firewall }}"
+    state: "{{ configure_firewall | ternary('started', 'stopped') }}"
 
 - name: disable default dhcpv6-client rule
   firewalld:

roles/flyspray/tasks/main.yml

@@ -81,7 +81,5 @@
   tags:
     - fail2ban
 
-
-
 - name: start and enable systemd socket
   service: name=php-fpm@flyspray.socket state=started enabled=true

roles/kanboard/tasks/main.yml

@@ -7,7 +7,7 @@
   user: name=kanboard shell=/bin/false home="{{ kanboard_dir }}" createhome=no
 
 - name: clone kanboard git repo
-  git: repo=https://github.com/kanboard/kanboard.git dest="{{kanboard_dir}}" version={{kanboard_version}}
+  git: repo=https://github.com/kanboard/kanboard.git dest="{{ kanboard_dir }}" version={{ kanboard_version }}
 
 - name: install nginx config
   template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/kanboard.conf owner=root group=root mode=644
@@ -19,7 +19,7 @@
   file: path=/var/log/nginx/{{ kanboard_domain }} state=directory owner=root group=root mode=0755
 
 - name: make dirs for webuser
-  file: path="{{kanboard_dir}}/{{item}}" owner=kanboard mode=700 state=directory
+  file: path="{{ kanboard_dir }}/{{ item }}" owner=kanboard mode=700 state=directory
   with_items:
     - data
 
@@ -30,13 +30,13 @@
   become_method: su
 
 - name: create kanboard db
-  postgresql_db: db="{{kanboard_db}}"
+  postgresql_db: db="{{ kanboard_db }}"
   become: yes
   become_user: postgres
   become_method: su
 
 - name: install kanboard config
-  template: src=config.php.j2 dest="{{kanboard_dir}}/config.php" owner=root group=kanboard mode=640
+  template: src=config.php.j2 dest="{{ kanboard_dir }}/config.php" owner=root group=kanboard mode=640
 
 - name: configure php-fpm
   template:

roles/mariadb/tasks/main.yml

@@ -40,7 +40,7 @@
   no_log: true
 
 - name: configure zabbix-agent user
-  mysql_user: user={{zabbix_agent_mysql_user}} host=localhost password={{vault_mariadb_users.zabbix_agent}}
+  mysql_user: user={{ zabbix_agent_mysql_user }} host=localhost password={{ vault_mariadb_users.zabbix_agent }}
 
 # TODO: implement in ansible: grant process on *.* to 'zabbix_agent'@'localhost';