Migrate 'with_X' to 'loop'

701c1d01 · Robin Candau · Robin Candau · a5f41049 · 701c1d01 · 701c1d01
Commit 701c1d01 authored 2 months ago by Robin Candau Committed by Robin Candau 2 months ago
--- a/roles/archbuild/tasks/main.yml
+++ b/roles/archbuild/tasks/main.yml
@@ -18,7 +18,7 @@
 - name: Install archbuild scripts
  copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
-  with_items:
+  loop:
    - mkpkg
    - pkgdiffrepo
    - clean-chroots
@@ -28,12 +28,12 @@
 - name: Install archbuild config files
  copy: src={{ item }} dest=/usr/local/share/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - elinks-pkgdiffrepo.conf
 - name: Install archbuild units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - clean-chroots.timer
    - clean-chroots.service
    - clean-dests.timer
@@ -47,27 +47,27 @@
 - name: Install archbuild unit
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - var-lib-archbuild.mount
  notify:
    - Daemon reload
 - name: Install archbuild user units
  copy: src={{ item }} dest=/etc/systemd/user/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - mkpkg@.timer
    - mkpkg@.service
 - name: Create drop-in directories for devtools
  file: path=/etc/systemd/system/{{ item }}.d state=directory owner=root group=root mode=0755
-  with_items:
+  loop:
    - arch-nspawn-.scope
    - devtools.slice
    - user-.slice
 - name: Install drop-in snippets for devtools
  copy: src=devtools-override_{{ item }}.conf dest=/etc/systemd/system/{{ item }}.d/override.conf owner=root group=root mode=0644
-  with_items:
+  loop:
    - arch-nspawn-.scope
    - devtools.slice
    - user-.slice
@@ -76,12 +76,12 @@
 - name: Start and enable archbuild mounts
  service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }}
-  with_items:
+  loop:
    - var-lib-archbuild.mount
 - name: Start and enable archbuilddest mount
  service: name={{ item }} enabled=yes state=started
-  with_items:
+  loop:
    - var-lib-archbuilddest.mount
 - name: Create archbuilddest
@@ -91,33 +91,30 @@
    owner: root
    group: root
    mode: '0777'
-  with_nested:
+  loop: "{{ ['archbuilddest'] | product(['srcdest']) | list }}"
-    - [archbuilddest]
-    - [srcdest]
 - name: Set acl on archbuilddest
  acl:
    name: '/var/lib/archbuilddest/{{ item[0] }}'
    state: present
    entry: '{{ item[1] }}'
-  with_nested:
+  loop: "{{ ['srcdest'] |
-    - [srcdest]
+            product(['user::rwx',
-    - ['user::rwx',
+                     'group::rwx',
-       'group::rwx',
+                     'group:junior-dev:rwx',
-       'group:junior-dev:rwx',
+                     'group:junior-packager:rwx',
-       'group:junior-packager:rwx',
+                     'other::rwx',
-       'other::rwx',
+                     'mask::rwx',
-       'mask::rwx',
+                     'default:user::rwx',
-       'default:user::rwx',
+                     'default:group::r-x',
-       'default:group::r-x',
+                     'default:group:junior-dev:rwx',
-       'default:group:junior-dev:rwx',
+                     'default:group:junior-packager:rwx',
-       'default:group:junior-packager:rwx',
+                     'default:other::r-x',
-       'default:other::r-x',
+                     'default:mask::rwx']) | list }}"
-       'default:mask::rwx']
 - name: Start and enable archbuild units
  service: name={{ item }} enabled=yes state=started
-  with_items:
+  loop:
    - clean-chroots.timer
    - clean-dests.timer
    - clean-offload-build.timer

--- a/roles/archmanweb/tasks/main.yml
+++ b/roles/archmanweb/tasks/main.yml
@@ -81,7 +81,7 @@
 - name: Run Django management tasks
  django_manage: app_path="{{ archmanweb_dir }}/repo" command="{{ item }}"
-  with_items:
+  loop:
    - migrate
    - collectstatic
    - man_drop_cache
@@ -98,7 +98,7 @@
 - name: Install systemd units
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-  with_items:
+  loop:
    - archmanweb_update.service
    - archmanweb_update.timer

--- a/roles/archusers/tasks/main.yml
+++ b/roles/archusers/tasks/main.yml
 - name: Create Arch Linux-specific groups
  group: name="{{ item }}" state=present system=no
-  with_items: "{{ arch_groups }}"
+  loop: "{{ arch_groups }}"
 - name: Filter arch_users for users with non-matching hosts
  set_fact: arch_users_filtered="{{ (arch_users_filtered | default([])) + [item] }}"
  when: item.value.hosts is not defined or inventory_hostname in item.value.hosts
-  with_dict: "{{ arch_users }}"
+  loop: "{{ arch_users | dict2items }}"
 - name: Create Arch Linux-specific users
  ansible.builtin.user:
@@ -42,4 +42,4 @@
  when:
    - item not in (arch_users_filtered | map(attribute='key'))
    - item not in (utility_users[inventory_hostname] | default([]))
-  with_items: "{{ all_users.files | map(attribute='path') | map('basename') | list }}"
+  loop: "{{ all_users.files | map(attribute='path') | map('basename') | list }}"
--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -97,7 +97,7 @@
  postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
  no_log: true
  when: archweb_site or archweb_services
-  with_items:
+  loop:
    - { user: "{{ archweb_db_site_user }}", password: "{{ vault_archweb_db_site_password }}" }
    - { user: "{{ archweb_db_services_user }}", password: "{{ vault_archweb_db_services_password }}" }
    - { user: "{{ archweb_db_dbscripts_user }}", password: "{{ vault_archweb_db_dbscripts_password }}" }
@@ -118,7 +118,7 @@
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}"
                    privs=CONNECT roles="{{ item }}" type=database
  when: archweb_site or archweb_services
-  with_items:
+  loop:
    - "{{ archweb_db_services_user }}"
    - "{{ archweb_db_dbscripts_user }}"
    - "{{ archweb_db_backup_user }}"
@@ -127,7 +127,7 @@
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}"
                    privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
  when: archweb_site or archweb_services
-  with_items:
+  loop:
    - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_table_objs }}" }
    - { user: "{{ archweb_db_dbscripts_user }}", objs: "{{ archweb_db_dbscripts_table_objs }}" }
    - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" }
@@ -136,7 +136,7 @@
  postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}"
                    privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
  when: archweb_site or archweb_services
-  with_items:
+  loop:
    - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_sequence_objs }}" }
    - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_sequence_objs }}" }
@@ -160,7 +160,7 @@
 - name: Install mirrorcheck service and timer
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-  with_items:
+  loop:
    - archweb-mirrorcheck.service
    - archweb-mirrorcheck.timer
  notify:
@@ -169,7 +169,7 @@
 - name: Install mirrorresolv service and timer
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-  with_items:
+  loop:
    - archweb-mirrorresolv.service
    - archweb-mirrorresolv.timer
  notify:
@@ -178,7 +178,7 @@
 - name: Install populate_signoffs service and timer
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-  with_items:
+  loop:
    - archweb-populate_signoffs.service
    - archweb-populate_signoffs.timer
  notify:
@@ -187,7 +187,7 @@
 - name: Install planet service and timer
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-  with_items:
+  loop:
    - archweb-planet.service
    - archweb-planet.timer
  notify:
@@ -196,7 +196,7 @@
 - name: Install rebuilderd status service and timer
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-  with_items:
+  loop:
    - archweb-rebuilderd.service
    - archweb-rebuilderd.timer
  notify:
@@ -225,7 +225,7 @@
 - name: Install archweb rsync iso service and timer
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-  with_items:
+  loop:
    - archweb-rsync_iso.service
    - archweb-rsync_iso.timer
  notify:
@@ -247,7 +247,7 @@
    enabled: true
    state: started
    daemon_reload: true
-  with_items:
+  loop:
    - archweb-memcached.service
    - archweb-rsync_iso.timer
  when: archweb_site | bool

--- a/roles/archwiki/tasks/main.yml
+++ b/roles/archwiki/tasks/main.yml
@@ -116,7 +116,7 @@
    enabled: true
    state: started
    daemon_reload: true
-  with_items:
+  loop:
    - archwiki-runjobs.timer
    - archwiki-runjobs-wait.service
    - archwiki-question-updater.timer

--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@@ -72,14 +72,14 @@
 - name: Install AUR systemd service and timers
  template: src={{ item.name }}.j2 dest=/etc/systemd/system/{{ item.name }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - "{{ aurweb_services }}"
    - "{{ aurweb_timers }}"
  when: release.changed and (item.install is not defined or item.install)
 - name: Stop AUR systemd services and timers
  service: name={{ item.name }} enabled=yes state=stopped
-  with_items:
+  loop:
    - "{{ aurweb_services }}"
    - "{{ aurweb_timers }}"
  when: release.changed and (item.restart is not defined or item.restart)
@@ -97,7 +97,7 @@
 - name: Create necessary directories
  file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755
-  with_items:
+  loop:
    - 'aurblup'
    - 'sessions'
    - 'uploads'
@@ -290,7 +290,7 @@
 - name: Start and enable AUR systemd services and timers
  systemd_service: name={{ item.name }} enabled=yes state=started daemon_reload=yes
-  with_items:
+  loop:
    - "{{ aurweb_services }}"
    - "{{ aurweb_timers }}"
  when: release.changed and (item.restart is not defined or item.restart)

--- a/roles/borg_client/tasks/main.yml
+++ b/roles/borg_client/tasks/main.yml
@@ -50,7 +50,7 @@
 - name: Install systemd timer and services for backup
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - borg-backup.timer
    - borg-backup.service
    - borg-backup-offsite.service

--- a/roles/borg_server/tasks/main.yml
+++ b/roles/borg_server/tasks/main.yml
@@ -21,13 +21,13 @@
    owner: borg
    group: borg
    mode: '0700'
-  with_items: "{{ backup_clients }}"
+  loop: "{{ backup_clients }}"
 - name: Fetch ssh keys from each borg client machine
  command: cat /root/.ssh/id_rsa.pub
  register: ssh_keys
  delegate_to: "{{ item }}"
-  with_items: "{{ backup_clients }}"
+  loop: "{{ backup_clients }}"
  changed_when: ssh_keys.stdout | length > 0
 - name: Allow certain clients to connect
@@ -36,4 +36,4 @@
    key: "{{ item.stdout }}"
    manage_dir: true
    key_options: "command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",restrict"
-  with_items: "{{ ssh_keys.results }}"
+  loop: "{{ ssh_keys.results }}"
--- a/roles/bugbot/tasks/main.yml
+++ b/roles/bugbot/tasks/main.yml
@@ -3,7 +3,7 @@
 - name: Receive valid signing keys
  command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }}
-  with_items: '{{ bugbot_pgp_emails }}'
+  loop: '{{ bugbot_pgp_emails }}'
  register: gpg
  changed_when: "gpg.rc == 0"

--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -13,7 +13,7 @@
 - name: Install letsencrypt renewal service
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - certbot-renewal.service
    - certbot-renewal.timer
@@ -26,7 +26,7 @@
 - name: Open firewall holes for certbot standalone authenticator
  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
-  with_items:
+  loop:
    - http
  when: configure_firewall
  tags:

--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -120,13 +120,13 @@
 - name: Create drop-in directories for oomd
  file: path=/etc/systemd/system/{{ item }}.d state=directory owner=root group=root mode=0755
-  with_items:
+  loop:
    - "-.slice"
    - user@.service
 - name: Install drop-in snippets for oomd
  copy: src=oomd-override_{{ item }}.conf dest=/etc/systemd/system/{{ item }}.d/override.conf owner=root group=root mode=0644
-  with_items:
+  loop:
    - "-.slice"
    - user@.service
  notify:
@@ -149,7 +149,7 @@
 - name: Install root shell config
  copy: src={{ item }} dest=/root/.{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - zshrc
    - dircolors

--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -18,7 +18,7 @@
 - name: Create dbscripts users
  user: name="{{ item }}" shell=/bin/bash
-  with_items:
+  loop:
    - git-packages
 - name: Add cleanup user
@@ -53,7 +53,7 @@
    groups: "{{ item.value.groups | join(',') }}"
    comment: "{{ item.value.name }}"
    state: present
-  with_dict: "{{ arch_users }}"
+  loop: "{{ arch_users | dict2items }}"
 - name: Create /etc/dbscripts directory
  file: path=/etc/dbscripts state=directory owner=root group=root mode=0755
@@ -75,7 +75,7 @@
 - name: Create dbscripts paths
  file: path="{{ item }}" state=directory owner=root group=root mode=0755
-  with_items:
+  loop:
    - /srv/repos/git-packages
 - name: Create git-packages/package-cleanup directory
@@ -142,7 +142,7 @@
 - name: Fetch dbscripts PGP key
  command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }}
-  with_items: '{{ dbscripts_pgp_emails }}'
+  loop: '{{ dbscripts_pgp_emails }}'
  register: gpg
  changed_when: "gpg.rc == 0"
@@ -161,7 +161,7 @@
 - name: Symlink dbscript binaries to /usr/local/bin
  file: path=/usr/local/bin/{{ item }} src=/packages/{{ item }} state=link owner=root group=root mode=0755
-  with_items:
+  loop:
    - db-move
    - db-update
    - db-remove
@@ -177,35 +177,35 @@
 - name: Make junior developer root repos
  file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
-  with_items: '{{ junior_developer_repos }}'
+  loop: '{{ junior_developer_repos }}'
 - name: Make junior developer repos
  file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-dev mode=0775
-  with_items: '{{ junior_developer_repos }}'
+  loop: '{{ junior_developer_repos }}'
 - name: Make developer root repos
  file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
-  with_items: '{{ developer_repos }}'
+  loop: '{{ developer_repos }}'
 - name: Make developer repos
  file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=dev mode=0775
-  with_items: '{{ developer_repos }}'
+  loop: '{{ developer_repos }}'
 - name: Make junior packager root repos
  file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
-  with_items: '{{ junior_packager_repos }}'
+  loop: '{{ junior_packager_repos }}'
 - name: Make junior packager repos
  file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-packager mode=0775
-  with_items: '{{ junior_packager_repos }}'
+  loop: '{{ junior_packager_repos }}'
 - name: Make packager root repos
  file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
-  with_items: '{{ packager_repos }}'
+  loop: '{{ packager_repos }}'
 - name: Make packager repos
  file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=packager mode=0775
-  with_items: '{{ packager_repos }}'
+  loop: '{{ packager_repos }}'
 - name: Make /srv/ftp/other/packages available
  file: path=/srv/ftp/other/packages state=directory owner=root group=junior-packager mode=0775
@@ -239,7 +239,7 @@
 - name: Install systemd timers
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - cleanup.timer
    - cleanup.service
    - sourceballs.timer
@@ -253,7 +253,7 @@
 - name: Activate systemd timers
  service: name={{ item }} enabled=yes state=started
-  with_items:
+  loop:
    - cleanup.timer
    - sourceballs.timer
    - lastsync.timer

--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -58,7 +58,7 @@
 - name: Open firewall holes
  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
-  with_items:
+  loop:
    - imaps
    - managesieve
  when: configure_firewall
@@ -67,7 +67,7 @@
 - name: Install systemd timers
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - dovecot-cleanup.timer
    - dovecot-cleanup.service
@@ -77,5 +77,5 @@
    state: started
    enabled: true
    daemon_reload: true
-  with_items:
+  loop:
    - dovecot-cleanup.timer
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@@ -28,7 +28,7 @@
    owner: "root"
    group: "root"
    mode: '0644'
-  with_items:
+  loop:
    - "fail2ban.local"
    - "jail.local"
  notify:

--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
@@ -120,7 +120,7 @@
 - name: Open firewall holes
  ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
  when: configure_firewall
-  with_items:
+  loop:
    - "80/tcp"
    - "443/tcp"
    - "22/tcp"
@@ -133,7 +133,7 @@
 - name: Copy {gitlab-cleanup,gitlab-bot-token-extender} timer and service
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  with_items:
+  loop:
    - gitlab-cleanup.timer
    - gitlab-cleanup.service
    - gitlab-bot-token-extender.timer

--- a/roles/gluebuddy/tasks/main.yml
+++ b/roles/gluebuddy/tasks/main.yml
@@ -3,7 +3,7 @@
 - name: Install systemd service/timer
  copy: src={{ item }} dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-  with_items:
+  loop:
    - gluebuddy.service
    - gluebuddy.timer
  notify:

--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@@ -21,7 +21,7 @@
 - name: Create grafana provisioning directory
  file: path={{ item }} mode=0700 owner=grafana group=grafana state=directory
-  with_items:
+  loop:
    - /etc/grafana/provisioning
    - /etc/grafana/provisioning/datasources
    - /etc/grafana/provisioning/dashboards

--- a/roles/hetzner_storagebox/tasks/main.yml
+++ b/roles/hetzner_storagebox/tasks/main.yml
@@ -22,7 +22,7 @@
  check_mode: false
  register: client_ssh_keys
  delegate_to: "{{ item }}"
-  with_items: "{{ backup_clients }}"
+  loop: "{{ backup_clients }}"
  changed_when: client_ssh_keys.changed
 - name: Create tempfile

--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -40,7 +40,7 @@
      {% endif %}
      --new=0:0:0 --change-name=0:root --typecode=0:8304
      {{ item }}
-  with_items:
+  loop:
    - "{{ system_disks }}"
  register: sgdisk
  changed_when: "sgdisk.rc == 0"
@@ -181,14 +181,14 @@
 - name: Install grub (legacy mode)
  command: chroot /mnt grub-install --target=i386-pc --recheck {{ item }}
-  with_items:
+  loop:
    - "{{ system_disks }}"
  register: chroot_grub_install_legacy
  changed_when: "chroot_grub_install_legacy.rc == 0"
 - name: Install grub (uefi mode)
  command: chroot /mnt grub-install --target=x86_64-efi --efi-directory=/efi --removable --recheck {{ item }}
-  with_items:
+  loop:
    - "{{ system_disks }}"
  register: chroot_grub_install_uefi
  changed_when: "chroot_grub_install_uefi.rc == 0"

--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -19,7 +19,7 @@
 - name: Disallow remote root login
  command: 'mysql -NBe "{{ item }}"'
-  with_items:
+  loop:
    - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
  changed_when: false
@@ -28,7 +28,7 @@
 - name: Set root password
  mysql_user: user=root host={{ item }} password={{ vault_mariadb_users.root }}
-  with_items:
+  loop:
    - '127.0.0.1'
    - '::1'
    - 'localhost'