diff --git a/playbooks/luna.yml b/playbooks/luna.yml
index 7c1602f83c2e5edf0b4e5f0b86c620a2ef68e823..8a9f4b74010f52a71bec11da5d4e04e680a9b301 100644
--- a/playbooks/luna.yml
+++ b/playbooks/luna.yml
@@ -5,7 +5,7 @@
remote_user: root
tasks:
- name: open firewall holes for services
- firewalld: service={{item}} permanent=true state=enabled immediate=yes
+ firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- zabbix-agent
- http
@@ -18,7 +18,7 @@
- firewall
- name: open firewall holes for ports
- firewalld: port={{item}} permanent=true state=enabled immediate=yes
+ firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 6969/tcp
- 4949/tcp
diff --git a/playbooks/rsync.net.yml b/playbooks/rsync.net.yml
index ef8e05519efaf33e623c36e5fc925213304f62c8..b0946c0724a9640b587902e281258626e1beee7e 100644
--- a/playbooks/rsync.net.yml
+++ b/playbooks/rsync.net.yml
@@ -4,4 +4,4 @@
hosts: ch-s012.rsync.net
gather_facts: False
roles:
- - { role: rsync_net, backup_dir: "backup", backup_clients: "{{groups['borg_clients']}}", tags: ["borg"] }
+ - { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }
diff --git a/playbooks/tasks/fetch-borg-keys.yml b/playbooks/tasks/fetch-borg-keys.yml
index 8064bb19c063a439dc3862193b5bf3574b290272..7b870140cf3e3550ab10577116a40c6a237f9524 100644
--- a/playbooks/tasks/fetch-borg-keys.yml
+++ b/playbooks/tasks/fetch-borg-keys.yml
@@ -17,15 +17,15 @@
register: borg_offsite_key
- name: save borg key
- shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
+ shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
args:
- stdin: "{{borg_key.stdout}}"
- chdir: "{{playbook_dir}}/../.."
+ stdin: "{{ borg_key.stdout }}"
+ chdir: "{{ playbook_dir }}/../.."
delegate_to: localhost
- name: save borg offsite key
- shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../../borg-keys/{{inventory_hostname}}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
+ shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
args:
- stdin: "{{borg_offsite_key.stdout}}"
- chdir: "{{playbook_dir}}/../.."
+ stdin: "{{ borg_offsite_key.stdout }}"
+ chdir: "{{ playbook_dir }}/../.."
delegate_to: localhost
diff --git a/playbooks/tasks/pacman-website.yml b/playbooks/tasks/pacman-website.yml
index 3309e382fc336e6d97c0a6e244017eed98bf8ef3..24f59021e6777005ec675931b8c74b7ea138e646 100644
--- a/playbooks/tasks/pacman-website.yml
+++ b/playbooks/tasks/pacman-website.yml
@@ -11,21 +11,21 @@
register: tempdir
- name: fetch pacman tarball
- get_url: url=https://sources.archlinux.org/other/pacman/pacman-{{pacman_version}}.tar.gz dest={{tempdir.path}}/pacman.tar.gz
+ get_url: url=https://sources.archlinux.org/other/pacman/pacman-{{ pacman_version }}.tar.gz dest={{ tempdir.path }}/pacman.tar.gz
- name: create extraction dir
- file: path={{tempdir.path}}/pacman state=directory
+ file: path={{ tempdir.path }}/pacman state=directory
- name: unpack tarball
- unarchive: src={{tempdir.path}}/pacman.tar.gz dest={{tempdir.path}}/pacman/
+ unarchive: src={{ tempdir.path }}/pacman.tar.gz dest={{ tempdir.path }}/pacman/
- name: configure
- shell: ./configure chdir={{tempdir.path}}/pacman/pacman-{{pacman_version}}
+ shell: ./configure chdir={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}
- name: make
- make: chdir={{tempdir.path}}/pacman/pacman-{{pacman_version}}/doc target=website
+ make: chdir={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc target=website
- name: upload website
- unarchive: src={{tempdir.path}}/pacman/pacman-{{pacman_version}}/doc/website.tar.gz dest={{archweb_dir}}/archlinux.org/pacman mode=0644
+ unarchive: src={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc/website.tar.gz dest={{ archweb_dir }}/archlinux.org/pacman mode=0644
delegate_to: apollo.archlinux.org
diff --git a/playbooks/vostok.yml b/playbooks/vostok.yml
index 2ea36aabc085454386d0b509f8dddb7eafe6c516..db01d3193bf13b7bb4e8f1cb9cee391ec38fd9ef 100644
--- a/playbooks/vostok.yml
+++ b/playbooks/vostok.yml
@@ -9,4 +9,4 @@
- { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] }
- - { role: borg-server, backup_dir: "/backup", backup_clients: "{{groups['borg_clients']}}", tags: ["borg"] }
+ - { role: borg-server, backup_dir: "/backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }
diff --git a/roles/arch32_mirror/tasks/main.yml b/roles/arch32_mirror/tasks/main.yml
index 5697661eba19da687d4de5e327f6b06f2ccad3b9..c420a87f836274179a2844c164dd202f8eb46ae6 100644
--- a/roles/arch32_mirror/tasks/main.yml
+++ b/roles/arch32_mirror/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: create ssl cert
- command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
+ command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
when: 'arch32_mirror_domain is defined'
- name: install rsync
diff --git a/roles/archbuild/tasks/main.yml b/roles/archbuild/tasks/main.yml
index 83d57099938cbd0a91e78d847e9c1c35b86dcc24..d4837e02b4a5105b4c60e1c4643b1cab652787de 100644
--- a/roles/archbuild/tasks/main.yml
+++ b/roles/archbuild/tasks/main.yml
@@ -59,7 +59,7 @@
- mkpkg@.service
- name: start and enable archbuild mounts
- service: name={{ item }} enabled={{"yes" if archbuild_fs == 'tmpfs' else "no"}} state={{"started" if archbuild_fs == 'tmpfs' else "stopped"}}
+ service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }}
with_items:
- var-lib-archbuild.mount
diff --git a/roles/archusers/tasks/main.yml b/roles/archusers/tasks/main.yml
index e0f4c7a544bc0dc5792ab4cb4d568b46e91f1c0b..c15335b6c6ea8c7281dc3f39a588b344838d2523 100644
--- a/roles/archusers/tasks/main.yml
+++ b/roles/archusers/tasks/main.yml
@@ -17,16 +17,16 @@
with_dict: "{{ arch_users }}"
- name: create .ssh directory
- file: path=/home/{{item.key}}/.ssh state=directory owner={{item.key}} group=users mode=0700
+ file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
with_dict: "{{ arch_users }}"
- name: configure ssh keys
- template: src=authorized_keys.j2 dest=/home/{{item.key}}/.ssh/authorized_keys owner={{item.key}} group=users mode=0600
+ template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
when: item.value.ssh_key is defined
with_dict: "{{ arch_users }}"
- name: remove ssh keys if undefined
- file: path=/home/{{item.key}}/.ssh/authorized_keys state=absent
+ file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
when: item.value.ssh_key is not defined
with_dict: "{{ arch_users }}"
diff --git a/roles/archwiki/handlers/main.yml b/roles/archwiki/handlers/main.yml
index 149ae2ab58a88bf9dcca729e8d2083dc6bd4581f..f171ee7d44d2ba578dd65f09430868774835445a 100644
--- a/roles/archwiki/handlers/main.yml
+++ b/roles/archwiki/handlers/main.yml
@@ -7,6 +7,6 @@
service: name=php-fpm@{{ archwiki_user }} state=restarted
- name: run wiki updatescript
- command: php {{archwiki_dir}}/public/maintenance/update.php --quick
+ command: php {{ archwiki_dir }}/public/maintenance/update.php --quick
become: true
- become_user: "{{archwiki_user}}"
+ become_user: "{{ archwiki_user }}"
diff --git a/roles/archwiki/tasks/main.yml b/roles/archwiki/tasks/main.yml
index b7b4bf9db44660755ee83f79559cb9fe582c457a..b0beeb43f5cbcd4e1ca96a012be329011b862745 100644
--- a/roles/archwiki/tasks/main.yml
+++ b/roles/archwiki/tasks/main.yml
@@ -88,8 +88,6 @@
- name: install systemd services/timers
template: src="{{item}}.j2" dest="/etc/systemd/system/{{item}}" owner=root group=root mode=0644
- notify:
- - daemon reload
loop:
- archwiki-runjobs.service
- archwiki-runjobs-wait.service
@@ -115,7 +113,7 @@
service: name=archwiki-memcached.service enabled=yes state=started
- name: ensure question answer file exists and set permissions
- file: state=file path="{{archwiki_question_answer_file}}" owner=root group=root mode=0644
+ file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
- name: create pacman.d hooks dir
file: state=directory owner=root group=root path=/etc/pacman.d/hooks
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index cff18ad5be375b7e841bf13d8a78d6c3bc88fe57..fe74a707b3e57accdfc287ead409f07c8ce95d6b 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -21,7 +21,7 @@
service: name=certbot-renewal.timer enabled=yes state=started
- name: open firewall holes for certbot standalone authenticator
- firewalld: service={{item}} permanent=true state=enabled immediate=yes
+ firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
when: configure_firewall
diff --git a/roles/conf.archlinux.org/tasks/main.yml b/roles/conf.archlinux.org/tasks/main.yml
index 6652c1fa51bdb95301d4b4c5ed4f129472d9d1f6..8b663e6728b42cb9b61300e2930f789e3e452e50 100644
--- a/roles/conf.archlinux.org/tasks/main.yml
+++ b/roles/conf.archlinux.org/tasks/main.yml
@@ -23,14 +23,14 @@
command: hugo
become_user: "{{conference_user}}"
args:
- chdir: "{{conference_dir}}"
+ chdir: "{{ conference_dir }}"
when: release.changed
- name: create ssl cert
- command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ conference_domain }}' creates='/etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem'
+ command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ conference_domain }}' creates='/etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem'
- name: create ssl cert
- command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ static_conference_domain }}' creates='/etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem'
+ command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ static_conference_domain }}' creates='/etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem'
- name: make nginx log dir
file: path=/var/log/nginx/{{ conference_domain }} state=directory owner=root group=root mode=0755
diff --git a/roles/dbscripts/tasks/main.yml b/roles/dbscripts/tasks/main.yml
index 976623cc3e8b638dd9997dee689ec8135756b081..72125503c8b74275497c5c3989c7ffde1174d25f 100644
--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -19,7 +19,7 @@
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
- name: create ssl cert
- command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ repos_domain }}' creates='/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem'
+ command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ repos_domain }}' creates='/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem'
- name: make nginx log dir
file: path=/var/log/nginx/{{ repos_domain }} state=directory owner=root group=root mode=0755
@@ -41,7 +41,7 @@
name: "{{ item.key }}"
group: users
groups: "{{ item.value.groups | join(',') }}"
- comment: "{{ item.value.name}}"
+ comment: "{{ item.value.name }}"
state: present
with_dict: "{{ arch_users }}"
@@ -62,7 +62,7 @@
pathtmpl: '/home/{user}/staging/{dirname}'
permissions: 755
directories: ['', 'core', 'extra', 'testing', 'staging', 'community', 'community-staging', 'community-testing', 'multilib', 'multilib-staging', 'multilib-testing']
- users: "{{arch_users.keys() | list}}"
+ users: "{{ arch_users.keys() | list }}"
group: users
tags: ["archusers"]
diff --git a/roles/docker-image/tasks/main.yml b/roles/docker-image/tasks/main.yml
index 60b240ae54c35db331edefcc27d1ccca1c27520b..155432359450fffc08a8b45429f6b160b7520935 100644
--- a/roles/docker-image/tasks/main.yml
+++ b/roles/docker-image/tasks/main.yml
@@ -8,8 +8,8 @@
- name: clone archlinux-docker repository
become: yes
- become_user: "{{docker_image_user}}"
- git: repo="{{docker_image_git_remote}}" version="{{ docker_image_git_tag }}" dest="{{ docker_image_git_dir }}" force=yes
+ become_user: "{{ docker_image_user }}"
+ git: repo="{{ docker_image_git_remote }}" version="{{ docker_image_git_tag }}" dest="{{ docker_image_git_dir }}" force=yes
- name: install sudoers file
template: src=sudoers.d.j2 dest=/etc/sudoers.d/docker-image
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
index 9d9f220fecf5919f9f59de6dcb7653b165756526..57b9662ee70f47288bd232ae18012829fb19da21 100644
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -21,7 +21,7 @@
service: name=dovecot enabled=yes state=started
- name: open firewall holes
- firewalld: service={{item}} permanent=true state=enabled immediate=yes
+ firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- pop3
- pop3s
diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml
index 7bfdcfa95464f13ec18e92c73fa9cd0087d3da80..f7305944106babd7d4f576c655be39e431d1f9af 100644
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@@ -23,8 +23,8 @@
- name: install local config files
template:
- src: "{{item}}.j2"
- dest: "/etc/fail2ban/{{item}}"
+ src: "{{ item }}.j2"
+ dest: "/etc/fail2ban/{{ item }}"
owner: "root"
group: "root"
mode: 0644
diff --git a/roles/firewalld/tasks/main.yml b/roles/firewalld/tasks/main.yml
index 5bec7463bb25adcb3c7353f6d9bb1748a8da09bf..39de6c7418b33b80fe0d8206557826c5eef3dacd 100644
--- a/roles/firewalld/tasks/main.yml
+++ b/roles/firewalld/tasks/main.yml
@@ -13,8 +13,8 @@
- name: start and enable firewalld
service:
name: firewalld
- enabled: "{{configure_firewall}}"
- state: "{{configure_firewall | ternary('started', 'stopped') }}"
+ enabled: "{{ configure_firewall }}"
+ state: "{{ configure_firewall | ternary('started', 'stopped') }}"
- name: disable default dhcpv6-client rule
firewalld:
diff --git a/roles/flyspray/tasks/main.yml b/roles/flyspray/tasks/main.yml
index 79514a5fcc89967c2107c2510cae6560b06d2524..aaadecbad7b175886c2118288ecefc12cd6f34ed 100644
--- a/roles/flyspray/tasks/main.yml
+++ b/roles/flyspray/tasks/main.yml
@@ -81,7 +81,5 @@
tags:
- fail2ban
-
-
- name: start and enable systemd socket
service: name=php-fpm@flyspray.socket state=started enabled=true
diff --git a/roles/kanboard/tasks/main.yml b/roles/kanboard/tasks/main.yml
index 9b300674b8647aa65dbcbc71f73ba327aaa4bca8..a41f723583eca04372b5b76bb7584405e411e888 100644
--- a/roles/kanboard/tasks/main.yml
+++ b/roles/kanboard/tasks/main.yml
@@ -7,7 +7,7 @@
user: name=kanboard shell=/bin/false home="{{ kanboard_dir }}" createhome=no
- name: clone kanboard git repo
- git: repo=https://github.com/kanboard/kanboard.git dest="{{kanboard_dir}}" version={{kanboard_version}}
+ git: repo=https://github.com/kanboard/kanboard.git dest="{{ kanboard_dir }}" version={{ kanboard_version }}
- name: install nginx config
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/kanboard.conf owner=root group=root mode=644
@@ -19,7 +19,7 @@
file: path=/var/log/nginx/{{ kanboard_domain }} state=directory owner=root group=root mode=0755
- name: make dirs for webuser
- file: path="{{kanboard_dir}}/{{item}}" owner=kanboard mode=700 state=directory
+ file: path="{{ kanboard_dir }}/{{ item }}" owner=kanboard mode=700 state=directory
with_items:
- data
@@ -30,13 +30,13 @@
become_method: su
- name: create kanboard db
- postgresql_db: db="{{kanboard_db}}"
+ postgresql_db: db="{{ kanboard_db }}"
become: yes
become_user: postgres
become_method: su
- name: install kanboard config
- template: src=config.php.j2 dest="{{kanboard_dir}}/config.php" owner=root group=kanboard mode=640
+ template: src=config.php.j2 dest="{{ kanboard_dir }}/config.php" owner=root group=kanboard mode=640
- name: configure php-fpm
template:
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index 121bae973d57a765478dfb984c6c82cd49e3e759..820cbd5237caf17d07dc168349cdf25e5daffe73 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -40,7 +40,7 @@
no_log: true
- name: configure zabbix-agent user
- mysql_user: user={{zabbix_agent_mysql_user}} host=localhost password={{vault_mariadb_users.zabbix_agent}}
+ mysql_user: user={{ zabbix_agent_mysql_user }} host=localhost password={{ vault_mariadb_users.zabbix_agent }}
# TODO: implement in ansible: grant process on *.* to 'zabbix_agent'@'localhost';
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 507b5196035c28d99b12f474223f81ded6016c45..ca6f7460fbea076c32ad541565643109d95a130b 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: create ssl cert
- command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ matrix_domain }}' creates='/etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem'
+ command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ matrix_domain }}' creates='/etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem'
when: 'matrix_domain is defined'
- name: install packages
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 50a3801a2c740280eab7d6428bdd92088889cb0e..9e15b7107930bbb0189222d208c1abc81f3d0f40 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -56,7 +56,7 @@
service: name=nginx enabled=yes
- name: open firewall holes
- firewalld: service={{item}} permanent=true state=enabled immediate=yes
+ firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
- https
diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml
index 513aff0b679f27c84d19c10a4a4486b7b051c72a..4a0a15f7add875e0b3ed744dead29ca179402db9 100644
--- a/roles/opendkim/tasks/main.yml
+++ b/roles/opendkim/tasks/main.yml
@@ -17,15 +17,15 @@
- file: path="/etc/opendkim/private" state=directory owner=root group=root mode=0700
-- name: generate DKIM key for {{dkim_selector}}
- command: opendkim-genkey -r -s {{dkim_selector}} -d archlinux.org --bits=4096
+- name: generate DKIM key for {{ dkim_selector }}
+ command: opendkim-genkey -r -s {{ dkim_selector }} -d archlinux.org --bits=4096
args:
- creates: /etc/opendkim/private/{{dkim_selector}}.private
+ creates: /etc/opendkim/private/{{ dkim_selector }}.private
chdir: /etc/opendkim/private
# see README.md for instruction on how to add the key to DNS. This will fail unless the key in DNS is correct!
- name: verify key in dns
- command: opendkim-testkey -d archlinux.org -s {{dkim_selector}} -k /etc/opendkim/private/{{dkim_selector}}.private -vvv
+ command: opendkim-testkey -d archlinux.org -s {{ dkim_selector }} -k /etc/opendkim/private/{{ dkim_selector }}.private -vvv
tags:
- dkimverify
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
index c4994803d54b7028f8ee89196aeec38d15004b45..1e403f44092db99b6f10589c31a53596c2eb2a0f 100644
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@@ -9,7 +9,7 @@
command: postfix reload
- name: postmap additional files
- command: postmap /etc/postfix/{{item}}
+ command: postmap /etc/postfix/{{ item }}
with_items:
- access_client
- access_sender
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 12ca15e91fd4db5b9dd67a4e1fbb9e3f6e241259..ff4b657f64ccad591de84164a5641500ca52ee5b 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -4,7 +4,7 @@
pacman: name=postfix state=present
- name: install template configs
- template: src={{item}}.j2 dest=/etc/postfix/{{item}} owner=root group=root mode=0644
+ template: src={{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
with_items:
- main.cf
- master.cf
@@ -19,7 +19,7 @@
- update aliases db
- name: install additional files
- copy: src={{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=0644
+ copy: src={{ item }} dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
with_items:
- access_client
- access_sender
@@ -49,7 +49,7 @@
when: postfix_smtpd_public
- name: install bouncehandler config
- template: src=wiki-bouncehandler.conf.j2 dest={{postfix_wiki_bounce_config}} owner={{postfix_wiki_bounce_user}} group=root mode=0600
+ template: src=wiki-bouncehandler.conf.j2 dest={{ postfix_wiki_bounce_config }} owner={{ postfix_wiki_bounce_user }} group=root mode=0600
when: postfix_server
- name: install packages for bounce handler
@@ -57,17 +57,17 @@
when: postfix_server
- name: install bouncehandler script
- copy: src=bouncehandler.pl dest={{postfix_wiki_bounce_mail_handler}} owner=root group=root mode=0755
+ copy: src=bouncehandler.pl dest={{ postfix_wiki_bounce_mail_handler }} owner=root group=root mode=0755
when: postfix_server
- name: make bouncehandler user
- user: name={{postfix_wiki_bounce_user}} shell=/bin/false skeleton=/var/empty state={{"present" if postfix_server else "absent"}}
+ user: name={{ postfix_wiki_bounce_user }} shell=/bin/false skeleton=/var/empty state={{ "present" if postfix_server else "absent" }}
- name: start and enable postfix
service: name=postfix enabled=yes state=started
- name: remove old files
- file: path={{item}} state=absent
+ file: path={{ item }} state=absent
with_items:
- compat_maps
- compat_maps.db
@@ -93,8 +93,8 @@
delegate_to: orion.archlinux.org
when: postfix_relayhost != ""
user:
- name: "{{inventory_hostname_short}}"
- comment: "SMTP Relay Account for {{inventory_hostname}}"
+ name: "{{ inventory_hostname_short }}"
+ comment: "SMTP Relay Account for {{ inventory_hostname }}"
group: nobody
password: "{{ postfix_relay_password | password_hash('sha512') }}"
shell: /sbin/nologin
@@ -103,7 +103,7 @@
create_home: no
- name: open firewall holes
- firewalld: service={{item}} permanent=true state=enabled immediate=yes
+ firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- smtp
- smtp-submission
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index 3c363102af21b54c24470a23f3b8bc8e21bef5be..73636577b5827010c780ff0eb3a7f239c9e99b5c 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -67,7 +67,7 @@
- name: open firewall holes to known postgresql ipv4 clients
firewalld: permanent=true state=enabled immediate=yes
- rich_rule="rule family=ipv4 source address={{item}} port protocol=tcp port=5432 accept"
+ rich_rule="rule family=ipv4 source address={{ item }} port protocol=tcp port=5432 accept"
with_items: "{{ postgres_ssl_hosts4 }}"
when: configure_firewall
tags:
@@ -75,7 +75,7 @@
- name: open firewall holes to known postgresql ipv6 clients
firewalld: permanent=true state=enabled immediate=yes
- rich_rule="rule family=ipv6 source address={{item}} port protocol=tcp port=5432 accept"
+ rich_rule="rule family=ipv6 source address={{ item }} port protocol=tcp port=5432 accept"
with_items: "{{ postgres_ssl_hosts6 }}"
when: configure_firewall
tags:
diff --git a/roles/public_html/tasks/main.yml b/roles/public_html/tasks/main.yml
index 415c116e3a9840e3085b58f8f288e3f37bce6ded..81db39fd1be6e6052c541b7ee42ef758f7a5bc88 100644
--- a/roles/public_html/tasks/main.yml
+++ b/roles/public_html/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: create ssl cert
- command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ public_domain }}' creates='/etc/letsencrypt/live/{{ public_domain }}/fullchain.pem'
+ command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ public_domain }}' creates='/etc/letsencrypt/live/{{ public_domain }}/fullchain.pem'
- name: copy webroot files
copy: src=public_html dest=/srv owner=root group=root mode=0644 directory_mode=0755
diff --git a/roles/spampd/tasks/main.yml b/roles/spampd/tasks/main.yml
index c2dba9fbc22b34b9d9cf83be7f54b48349e7784f..d17fdf2e17f4534e5cc5a8718dde9676d0fa9489 100644
--- a/roles/spampd/tasks/main.yml
+++ b/roles/spampd/tasks/main.yml
@@ -35,13 +35,13 @@
file: path=/etc/mail/spamassassin/sa-update-keys mode=700 owner=root group=root state=directory
- name: add gpg keys to SA keyring
- command: /usr/bin/vendor_perl/sa-update --import "/etc/mail/spamassassin/{{item}}"
+ command: /usr/bin/vendor_perl/sa-update --import "/etc/mail/spamassassin/{{ item }}"
with_items:
- yerp.gpg.key
- zmi.gpg.key
- name: install SA configs
- template: src={{item}}.j2 dest=/etc/mail/spamassassin/{{item}} owner=root group=root mode=0644
+ template: src={{ item }}.j2 dest=/etc/mail/spamassassin/{{ item }} owner=root group=root mode=0644
notify:
restart spampd
loop:
diff --git a/roles/syncrepo/tasks/main.yml b/roles/syncrepo/tasks/main.yml
index e9ff487e7f59e6c6ba87e7b9486076a87ad63035..9afaf36b31ab0c9eef5e4467995d9b4d113fe261 100644
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: create ssl cert
- command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ mirror_domain }}' creates='/etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem'
+ command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ mirror_domain }}' creates='/etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem'
when: 'mirror_domain is defined'
- name: install rsync