Make ansible-lint happy

yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.

.ansible-lint

 exclude_paths:
   - misc
+  # FIXME: parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
+  - playbooks/tasks
 skip_list:
   # line too long (x > 80 characters) (line-length)
   - 'line-length'
+  # yaml: too many spaces inside braces (braces)
+  - 'braces'
   # Do not recommend running tasks as handlers
   - 'no-handler'
   # Do not force galaxy info in meta/main.yml

.gitlab-ci.yml

@@ -11,7 +11,8 @@ ansible-lint:
     # Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
     - sed "s/,hcloud_inventory.py//" -i ansible.cfg
     - sed "/^vault_password_file/d" -i ansible.cfg
-    - ansible-lint
+    # Fix load-failure: Failed to load or parse file
+    - ansible-lint $(printf -- "--exclude %s " */*/vault_*)
 
 terraform-validate:
   script:

group_vars/all/archusers.yml

@@ -222,7 +222,7 @@ arch_users:
     ssh_key: foxxx0.pub
     shell: /bin/zsh
     groups:
-       - tu
+      - tu
   fukawi2:
     name: "Phillip Smith"
     ssh_key: fukawi2.pub

group_vars/all/root_access.yml

@@ -24,10 +24,10 @@ root_ssh_keys:
 # run playbook 'playbooks/tasks/reencrypt-vault-key.yml' when this changes
 # before running it, make sure to gpg --lsign-key all of the below keys
 root_gpgkeys:
-  - 86CFFCA918CF3AF47147588051E8B148A9999C34 # foutrelis
-  - 05C7775A9E8B977407FE08E69D4C5AA15426DA0A # freswa
-  - ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB # grazzolini
-  - A2FF3A36AAA56654109064AB19802F8B0D70FC30 # heftig
-  - E499C79F53C96A54E572FEE1C06086337C50773E # jelle
-  - 8FC15A064950A99DD1BD14DD39E4B877E62EB915 # svenstaro
-  - E240B57E2C4630BA768E2F26FC1B547C8D8172C8 # anthraxx
+  - 86CFFCA918CF3AF47147588051E8B148A9999C34  # foutrelis
+  - 05C7775A9E8B977407FE08E69D4C5AA15426DA0A  # freswa
+  - ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB  # grazzolini
+  - A2FF3A36AAA56654109064AB19802F8B0D70FC30  # heftig
+  - E499C79F53C96A54E572FEE1C06086337C50773E  # jelle
+  - 8FC15A064950A99DD1BD14DD39E4B877E62EB915  # svenstaro
+  - E240B57E2C4630BA768E2F26FC1B547C8D8172C8  # anthraxx

one-shots/keycloak-importer/archusers.yml

@@ -295,194 +295,194 @@ arch_users:
       - devops
       - tu
       - multilib
-  # jgc:
-  #   name: "Jan de Groot"
-  #   ssh_key: jgc.pub
-  #   groups:
-  #     - dev
-  #     - multilib
-  #     - tu
-  # jleclanche:
-  #   name: "Jerome Leclanche"
-  #   ssh_key: jleclanche.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - tu
-  # jlichtblau:
-  #   name: "Jaroslav Lichtblau"
-  #   ssh_key: jlichtblau.pub
-  #   groups:
-  #     - tu
-  # jouke:
-  #   name: "Jouke Witteveen"
-  #   ssh_key: jouke.pub
-  #   groups:
-  #     - ""
-  # jsteel:
-  #   name: "Jonathan Steel"
-  #   ssh_key: jsteel.pub
-  #   groups:
-  #     - tu
-  # juergen:
-  #   name: "Jürgen Hötzel"
-  #   ssh_key: juergen.pub
-  #   groups:
-  #     - dev
-  #     - multilib
-  #     - tu
-  # kgizdov:
-  #   name: "Konstantin Gizdov"
-  #   ssh_key: kgizdov.pub
-  #   groups:
-  #     - tu
-  # kkeen:
-  #   name: "Kyle Keen"
-  #   ssh_key: kkeen.pub
-  #   groups:
-  #     - tu
-  #     - multilib
-  # lcarlier:
-  #   name: "Laurent Carlier"
-  #   ssh_key: lcarlier.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # lfleischer:
-  #   name: "Lukas Fleischer"
-  #   ssh_key: lfleischer.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # maximbaz:
-  #   name: "Maxim Baz"
-  #   ssh_key: maximbaz.pub
-  #   groups:
-  #     - tu
-  # mtorromeo:
-  #   name: "Massimiliano Torromeo"
-  #   ssh_key: mtorromeo.pub
-  #   groups:
-  #     - tu
-  # muflone:
-  #   name: "Fabio Castelli"
-  #   ssh_key: muflone.pub
-  #   groups:
-  #     - tu
-  # nicohood:
-  #   name: "NicoHood"
-  #   ssh_key: nicohood.pub
-  #   groups:
-  #     - tu
-  # pierre:
-  #   name: "Pierre Schmitz"
-  #   ssh_key: pierre.pub
-  #   groups:
-  #     - dev
-  #     - multilib
-  #     - tu
-  # polyzen:
-  #   name: "Daniel M. Capella"
-  #   ssh_key: polyzen.pub
-  #   groups:
-  #     - tu
-  # remy:
-  #   name: "Rémy Oudompheng"
-  #   ssh_key: remy.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  # ronald:
-  #   name: "Ronald van Haren"
-  #   ssh_key: ronald.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  # sangy:
-  #   name: "Santiago Torres-Arias"
-  #   ssh_key: sangy.pub
-  #   groups:
-  #     - tu
-  #     - docker-image-sudo
-  # schuay:
-  #   name: "Jakob Gruber"
-  #   ssh_key: schuay.pub
-  #   groups:
-  #     - tu
-  #     - multilib
-  # scimmia:
-  #   name: "Doug Newgard"
-  #   ssh_key: scimmia.pub
-  #   groups: []
-  # morganamilo:
-  #   name: "Morgan Adamiec"
-  #   ssh_key: morganamilo.pub
-  #   groups: []
-  # seblu:
-  #   name: "Sébastien Luttringer"
-  #   ssh_key: seblu.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # shibumi:
-  #   name: "Christian Rebischke"
-  #   ssh_key: shibumi.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - tu
-  #     - archboxes-sudo
-  # kpcyrd:
-  #   name: "Kpcyrd"
-  #   ssh_key: kpcyrd.pub
-  #   groups:
-  #     - tu
-  # spupykin:
-  #   name: "Sergej Pupykin"
-  #   ssh_key: spupykin.pub
-  #   groups:
-  #     - tu
-  #     - multilib
-  # svenstaro:
-  #   name: "Sven-Hendrik Haase"
-  #   ssh_key: svenstaro.pub
-  #   groups:
-  #     - dev
-  #     - devops
-  #     - tu
-  #     - multilib
-  # tensor5:
-  #   name: "Nicola Squartini"
-  #   ssh_key: tensor5.pub
-  #   groups:
-  #     - tu
-  # tpowa:
-  #   name: "Tobias Powalowski"
-  #   ssh_key: tpowa.pub
-  #   groups:
-  #     - dev
-  #     - multilib
-  #     - tu
-  # wild:
-  #   name: "Dan Printzell"
-  #   ssh_key: wild.pub
-  #   groups:
-  #     - tu
-  # xyne:
-  #   name: "Xyne"
-  #   ssh_key: xyne.pub
-  #   groups:
-  #     - tu
-  # yan12125:
-  #   name: "Chih-Hsuan Yen"
-  #   ssh_key: yan12125.pub
-  #   groups:
-  #     - tu
-  # zorun:
-  #   name: "Baptiste Jonglez"
-  #   ssh_key: zorun.pub
-  #   groups:
-  #     - tu
+# jgc:
+#   name: "Jan de Groot"
+#   ssh_key: jgc.pub
+#   groups:
+#     - dev
+#     - multilib
+#     - tu
+# jleclanche:
+#   name: "Jerome Leclanche"
+#   ssh_key: jleclanche.pub
+#   shell: /bin/zsh
+#   groups:
+#     - tu
+# jlichtblau:
+#   name: "Jaroslav Lichtblau"
+#   ssh_key: jlichtblau.pub
+#   groups:
+#     - tu
+# jouke:
+#   name: "Jouke Witteveen"
+#   ssh_key: jouke.pub
+#   groups:
+#     - ""
+# jsteel:
+#   name: "Jonathan Steel"
+#   ssh_key: jsteel.pub
+#   groups:
+#     - tu
+# juergen:
+#   name: "Jürgen Hötzel"
+#   ssh_key: juergen.pub
+#   groups:
+#     - dev
+#     - multilib
+#     - tu
+# kgizdov:
+#   name: "Konstantin Gizdov"
+#   ssh_key: kgizdov.pub
+#   groups:
+#     - tu
+# kkeen:
+#   name: "Kyle Keen"
+#   ssh_key: kkeen.pub
+#   groups:
+#     - tu
+#     - multilib
+# lcarlier:
+#   name: "Laurent Carlier"
+#   ssh_key: lcarlier.pub
+#   groups:
+#     - dev
+#     - tu
+#     - multilib
+# lfleischer:
+#   name: "Lukas Fleischer"
+#   ssh_key: lfleischer.pub
+#   shell: /bin/zsh
+#   groups:
+#     - dev
+#     - tu
+#     - multilib
+# maximbaz:
+#   name: "Maxim Baz"
+#   ssh_key: maximbaz.pub
+#   groups:
+#     - tu
+# mtorromeo:
+#   name: "Massimiliano Torromeo"
+#   ssh_key: mtorromeo.pub
+#   groups:
+#     - tu
+# muflone:
+#   name: "Fabio Castelli"
+#   ssh_key: muflone.pub
+#   groups:
+#     - tu
+# nicohood:
+#   name: "NicoHood"
+#   ssh_key: nicohood.pub
+#   groups:
+#     - tu
+# pierre:
+#   name: "Pierre Schmitz"
+#   ssh_key: pierre.pub
+#   groups:
+#     - dev
+#     - multilib
+#     - tu
+# polyzen:
+#   name: "Daniel M. Capella"
+#   ssh_key: polyzen.pub
+#   groups:
+#     - tu
+# remy:
+#   name: "Rémy Oudompheng"
+#   ssh_key: remy.pub
+#   groups:
+#     - dev
+#     - tu
+# ronald:
+#   name: "Ronald van Haren"
+#   ssh_key: ronald.pub
+#   groups:
+#     - dev
+#     - tu
+# sangy:
+#   name: "Santiago Torres-Arias"
+#   ssh_key: sangy.pub
+#   groups:
+#     - tu
+#     - docker-image-sudo
+# schuay:
+#   name: "Jakob Gruber"
+#   ssh_key: schuay.pub
+#   groups:
+#     - tu
+#     - multilib
+# scimmia:
+#   name: "Doug Newgard"
+#   ssh_key: scimmia.pub
+#   groups: []
+# morganamilo:
+#   name: "Morgan Adamiec"
+#   ssh_key: morganamilo.pub
+#   groups: []
+# seblu:
+#   name: "Sébastien Luttringer"
+#   ssh_key: seblu.pub
+#   shell: /bin/zsh
+#   groups:
+#     - dev
+#     - tu
+#     - multilib
+# shibumi:
+#   name: "Christian Rebischke"
+#   ssh_key: shibumi.pub
+#   shell: /bin/zsh
+#   groups:
+#     - tu
+#     - archboxes-sudo
+# kpcyrd:
+#   name: "Kpcyrd"
+#   ssh_key: kpcyrd.pub
+#   groups:
+#     - tu
+# spupykin:
+#   name: "Sergej Pupykin"
+#   ssh_key: spupykin.pub
+#   groups:
+#     - tu
+#     - multilib
+# svenstaro:
+#   name: "Sven-Hendrik Haase"
+#   ssh_key: svenstaro.pub
+#   groups:
+#     - dev
+#     - devops
+#     - tu
+#     - multilib
+# tensor5:
+#   name: "Nicola Squartini"
+#   ssh_key: tensor5.pub
+#   groups:
+#     - tu
+# tpowa:
+#   name: "Tobias Powalowski"
+#   ssh_key: tpowa.pub
+#   groups:
+#     - dev
+#     - multilib
+#     - tu
+# wild:
+#   name: "Dan Printzell"
+#   ssh_key: wild.pub
+#   groups:
+#     - tu
+# xyne:
+#   name: "Xyne"
+#   ssh_key: xyne.pub
+#   groups:
+#     - tu
+# yan12125:
+#   name: "Chih-Hsuan Yen"
+#   ssh_key: yan12125.pub
+#   groups:
+#     - tu
+# zorun:
+#   name: "Baptiste Jonglez"
+#   ssh_key: zorun.pub
+#   groups:
+#     - tu

playbooks/all-hosts-basic.yml

@@ -9,7 +9,7 @@
     - { role: firewalld }
     - { role: unbound }
     # reconfiguring sshd may break the AUR on luna (unchecked)
-    #- { role: sshd, tags: ['sshd'] }
+    # - { role: sshd, tags: ['sshd'] }
     - { role: root_ssh }
     - { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
     - { role: hardening }

playbooks/archlinux.org.yml

@@ -3,18 +3,18 @@
 - name: "prepare postgres ssl hosts list"
   hosts: archlinux.org
   tasks:
-      - name: assign ipv4 addresses to fact postgres_ssl_hosts4
-        set_fact: postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
-        vars:
-            gemini4: "{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}/32"
-            detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
-        tags: ["postgres", "firewall"]
-      - name: assign ipv6 addresses to fact postgres_ssl_hosts6
-        set_fact: postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
-        vars:
-            gemini6: "{{ hostvars['gemini.archlinux.org']['ipv6_address'] }}/128"
-            detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
-        tags: ["postgres", "firewall"]
+    - name: assign ipv4 addresses to fact postgres_ssl_hosts4
+      set_fact: postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
+      vars:
+        gemini4: "{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}/32"
+        detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
+      tags: ["postgres", "firewall"]
+    - name: assign ipv6 addresses to fact postgres_ssl_hosts6
+      set_fact: postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
+      vars:
+        gemini6: "{{ hostvars['gemini.archlinux.org']['ipv6_address'] }}/128"
+        detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
+      tags: ["postgres", "firewall"]
 
 - name: setup archlinux.org
   hosts: archlinux.org

playbooks/aur-dev.archlinux.org.yml

@@ -10,7 +10,7 @@
     - { role: root_ssh }
     - { role: certbot }
     - { role: nginx }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: sudo }
     - { role: php_fpm, php_extensions: ['iconv', 'memcached', 'mysqli', 'pdo_mysql'], zend_extensions: ['opcache'] }
     - { role: memcached }

playbooks/aur.archlinux.org.yml

@@ -11,7 +11,7 @@
     - { role: prometheus_exporters }
     - { role: certbot }
     - { role: nginx }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True, mariadb_innodb_buffer_pool_size: '1G' }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true, mariadb_innodb_buffer_pool_size: '1G' }
     - { role: sudo }
     - { role: php_fpm, php_extensions: ['iconv', 'memcached', 'mysqli', 'pdo_mysql'], zend_extensions: ['opcache'] }
     - { role: memcached }

playbooks/bbs.archlinux.org.yml

@@ -10,7 +10,7 @@
     - { role: root_ssh }
     - { role: certbot }
     - { role: nginx }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: sudo }
     - { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
     - { role: fluxbb }

playbooks/bugs.archlinux.org.yml

@@ -10,7 +10,7 @@
     - { role: root_ssh }
     - { role: certbot }
     - { role: nginx }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: sudo }
     - { role: php7_fpm, php_extensions: ['mysqli'], zend_extensions: ['opcache'] }
     - { role: flyspray }

playbooks/gitlab.archlinux.org.yml

@@ -13,8 +13,7 @@
         gitlab_domain: "gitlab.archlinux.org",
         gitlab_primary_addresses: ['159.69.41.129', '[2a01:4f8:c2c:5d2d::1]', '127.0.0.1', '[::1]'],
         gitlab_pages_http_addresses: ['116.203.6.156:80', '[2a01:4f8:c2c:5d2d::2]:80'],
-        gitlab_pages_https_addresses: ['116.203.6.156:443', '[2a01:4f8:c2c:5d2d::2]:443']
-      }
+        gitlab_pages_https_addresses: ['116.203.6.156:443', '[2a01:4f8:c2c:5d2d::2]:443']}
     - { role: borg_client, tags: ["borg"] }
     - { role: prometheus_exporters }
     - { role: fail2ban }

playbooks/hetzner_storagebox.yml

@@ -2,6 +2,6 @@
 
 - name: setup Hetzner storagebox account
   hosts: u236610.your-storagebox.de
-  gather_facts: False
+  gather_facts: false
   roles:
     - { role: hetzner_storagebox, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }

playbooks/luna.yml

@@ -27,7 +27,7 @@
   roles:
     - nginx
     - rspamd
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: prometheus_exporters }
 # luna is hosting mailman lists; this postfix role does not cater to this yet
 # TODO: make postfix role handle mailman config?

playbooks/rsync.net.yml

@@ -2,6 +2,6 @@
 
 - name: setup rsync.net account
   hosts: prio.ch-s012.rsync.net
-  gather_facts: False
+  gather_facts: false
   roles:
     - { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }

playbooks/tasks/fetch-borg-keys.yml

@@ -3,36 +3,36 @@
 - name: prepare local storage directory
   hosts: 127.0.0.1
   tasks:
-      - name: create borg-keys directory
-        file: path="{{ playbook_dir }}/../../borg-keys/" state=directory # noqa 208
+    - name: create borg-keys directory
+      file: path="{{ playbook_dir }}/../../borg-keys/" state=directory  # noqa 208
 
 - name: fetch borg keys
   hosts: borg_clients
   tasks:
-      - name: fetch borg key
-        command: "/usr/local/bin/borg key export :: /dev/stdout"
-        register: borg_key
-        changed_when: "borg_key.rc == 0"
+    - name: fetch borg key
+      command: "/usr/local/bin/borg key export :: /dev/stdout"
+      register: borg_key
+      changed_when: "borg_key.rc == 0"
 
-      - name: fetch borg offsite key
-        command: "/usr/local/bin/borg-offsite key export :: /dev/stdout"
-        register: borg_offsite_key
-        changed_when: "borg_offsite_key.rc == 0"
+    - name: fetch borg offsite key
+      command: "/usr/local/bin/borg-offsite key export :: /dev/stdout"
+      register: borg_offsite_key
+      changed_when: "borg_offsite_key.rc == 0"
 
-      - name: save borg key
-        shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
-        args:
-            stdin: "{{ borg_key.stdout }}"
-            chdir: "{{ playbook_dir }}/../.."
-        delegate_to: localhost
-        register: gpg_key
-        changed_when: "gpg_key.rc == 0"
+    - name: save borg key
+      shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
+      args:
+        stdin: "{{ borg_key.stdout }}"
+        chdir: "{{ playbook_dir }}/../.."
+      delegate_to: localhost
+      register: gpg_key
+      changed_when: "gpg_key.rc == 0"
 
-      - name: save borg offsite key
-        shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
-        args:
-            stdin: "{{ borg_offsite_key.stdout }}"
-            chdir: "{{ playbook_dir }}/../.."
-        delegate_to: localhost
-        register: gpg_offsite_key
-        changed_when: "gpg_offsite_key.rc == 0"
+    - name: save borg offsite key
+      shell: gpg --batch --armor --encrypt --output - >"{{ playbook_dir }}/../../borg-keys/{{ inventory_hostname }}-offsite.gpg" {% for userid in root_gpgkeys %}--recipient {{ userid }} {% endfor %}
+      args:
+        stdin: "{{ borg_offsite_key.stdout }}"
+        chdir: "{{ playbook_dir }}/../.."
+      delegate_to: localhost
+      register: gpg_offsite_key
+      changed_when: "gpg_offsite_key.rc == 0"

playbooks/tasks/pacman-website.yml

@@ -30,4 +30,3 @@
       - name: upload website
         unarchive: src={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc/website.tar.gz dest={{ archweb_dir }}/archlinux.org/pacman mode=0644
         delegate_to: archlinux.org
-

playbooks/tasks/sync-ssh-hostkeys.yml

@@ -3,48 +3,48 @@
 - name: fetch ssh hostkeys
   hosts: all,!rsync_net,!hetzner_storageboxes
   tasks:
-      - name: fetch hostkey checksums
-        shell: "for type in sha256 md5; do for file in /etc/ssh/ssh_host_*.pub; do ssh-keygen -l -f $file -E $type; done; echo; done"
-        register: ssh_hostkeys
-        changed_when: ssh_hostkeys | length > 0
-      - name: fetch known_hosts
-        shell: "set -o pipefail && ssh-keyscan 127.0.0.1 2>/dev/null | sed 's#^127.0.0.1#{{ inventory_hostname }}#' | sort"
-        environment:
-          LC_COLLATE: C # to ensure reproducible ordering
-        args:
-          executable: /bin/bash # required for repro3.pkgbuild.com which is ubuntu and has dash as default shell
-        register: known_hosts
-        changed_when: known_hosts | length > 0
+    - name: fetch hostkey checksums
+      shell: "for type in sha256 md5; do for file in /etc/ssh/ssh_host_*.pub; do ssh-keygen -l -f $file -E $type; done; echo; done"
+      register: ssh_hostkeys
+      changed_when: ssh_hostkeys | length > 0
+    - name: fetch known_hosts
+      shell: "set -o pipefail && ssh-keyscan 127.0.0.1 2>/dev/null | sed 's#^127.0.0.1#{{ inventory_hostname }}#' | sort"
+      environment:
+        LC_COLLATE: C  # to ensure reproducible ordering
+      args:
+        executable: /bin/bash  # required for repro3.pkgbuild.com which is ubuntu and has dash as default shell
+      register: known_hosts
+      changed_when: known_hosts | length > 0
 
 - name: store hostkeys
   hosts: localhost
   tasks:
-      - name: store hostkeys
-        copy:
-          dest: "{{ playbook_dir }}/../../docs/ssh-hostkeys.txt"
-          content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].ssh_hostkeys.stdout }}\n\n{% endfor %}"
-          mode: preserve
-        delegate_to: localhost
-      - name: store known_hosts
-        copy:
-          dest: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
-          content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].known_hosts.stdout }}\n\n{% endfor %}"
-          mode: preserve
-        delegate_to: localhost
-      - name: manually append rsync.net host keys
-        lineinfile:
-          path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
-          line: "{% for host in query('inventory_hostnames', 'rsync_net') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
-        delegate_to: localhost
-      - name: manually append Hetzner Storageboxes host keys
-        lineinfile:
-          path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
-          line: "{% for host in query('inventory_hostnames', 'hetzner_storageboxes') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
-        delegate_to: localhost
+    - name: store hostkeys
+      copy:
+        dest: "{{ playbook_dir }}/../../docs/ssh-hostkeys.txt"
+        content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].ssh_hostkeys.stdout }}\n\n{% endfor %}"
+        mode: preserve
+      delegate_to: localhost
+    - name: store known_hosts
+      copy:
+        dest: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
+        content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].known_hosts.stdout }}\n\n{% endfor %}"
+        mode: preserve
+      delegate_to: localhost
+    - name: manually append rsync.net host keys
+      lineinfile:
+        path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
+        line: "{% for host in query('inventory_hostnames', 'rsync_net') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
+      delegate_to: localhost
+    - name: manually append Hetzner Storageboxes host keys
+      lineinfile:
+        path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
+        line: "{% for host in query('inventory_hostnames', 'hetzner_storageboxes') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
+      delegate_to: localhost
 
 - name: upload known_hosts to all nodes
   hosts: all,!rsync_net,!hetzner_storageboxes
   tasks:
-      - name: upload known_hosts
-        copy: dest=/etc/ssh/ssh_known_hosts src="{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" owner=root group=root mode=0644
-        tags: ['upload-known-hosts']
+    - name: upload known_hosts
+      copy: dest=/etc/ssh/ssh_known_hosts src="{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" owner=root group=root mode=0644
+      tags: ['upload-known-hosts']

playbooks/wiki.archlinux.org.yml

@@ -12,7 +12,7 @@
     - { role: certbot }
     - { role: nginx }
     - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: sudo }
     - { role: php_fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'sockets', 'zip'], zend_extensions: ['opcache'] }
     - { role: memcached }

roles/arch32_mirror/tasks/main.yml

@@ -22,9 +22,9 @@
 - name: start and enable syncrepo unit
   systemd:
     name: syncrepo_arch32.timer
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: make nginx log dir
   file: path=/var/log/nginx/{{ arch32_mirror_domain }} state=directory owner=root group=root mode=0755