Merge branch 'ansible-lint-6.6.0' into 'master'

Fix lint warnings and errors with ansible-lint 6.6.0 See merge request !631

Merge branch 'ansible-lint-6.6.0' into 'master'
bede1044 · Evangelos Foutras · 1ae3a815 · 08712c79 · bede1044 · bede1044
Commit bede1044 authored 2 years ago by Evangelos Foutras
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: "archlinux:latest"

 ansible-lint:
  before_script:
-    - pacman -Syu --needed --noconfirm ansible-lint ansible
+    - pacman -Syu --needed --noconfirm ansible-lint ansible python-jmespath
  script:
    # Fix weird ansible bug: https://github.com/trailofbits/algo/issues/1637
    # This probably happens due to gitlab-runner mounting the git repo into the container

--- a/roles/archusers/tasks/main.yml
+++ b/roles/archusers/tasks/main.yml
@@ -8,7 +8,7 @@
  with_dict: "{{ arch_users }}"

 - name: Create Arch Linux-specific users
-  user:
+  ansible.builtin.user:
    name: "{{ item.key }}"
    group: users
    groups: "{{ item.value.groups | join(',') }}"

--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -20,28 +20,28 @@

 - name: Set archweb groups
  user: name=archweb groups=uwsgi
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Create ssl cert
  include_role:
    name: certificate
  vars:
    domains: "{{ [archweb_domain] + archweb_alternate_domains }}"
-  when: archweb_site|bool and maintenance is not defined
+  when: archweb_site | bool and maintenance is not defined

 - name: Set up nginx
  template: src=nginx.d.conf.j2 dest="{{ archweb_nginx_conf }}" owner=root group=root mode=644
  notify: Reload nginx
-  when: archweb_site|bool and maintenance is not defined
+  when: archweb_site | bool and maintenance is not defined
  tags: ['nginx']

 - name: Make nginx log dir
  file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=root mode=0755
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Make rsync iso dir
  file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb mode=0755
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Clone archweb repo
  git: >
@@ -67,7 +67,7 @@

 - name: Create media dir
  file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}/media"
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Fix home permissions
  file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"
@@ -211,7 +211,7 @@
  template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
  notify:
    - Daemon reload
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Install archweb rsync iso service and timer
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
@@ -220,11 +220,11 @@
    - archweb-rsync_iso.timer
  notify:
    - Daemon reload
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Deploy archweb
  template: src=archweb.ini.j2 dest=/etc/uwsgi/vassals/archweb.ini owner=archweb group=http mode=0640
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Deploy new release
  file: path=/etc/uwsgi/vassals/archweb.ini state=touch owner=archweb group=http mode=0640
@@ -240,7 +240,7 @@
  with_items:
    - archweb-memcached.service
    - archweb-rsync_iso.timer
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Start and enable archweb reporead service
  service: name="archweb-reporead.service" enabled=yes state=started
@@ -288,7 +288,7 @@

 - name: Create retro dir
  file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_retro_dir }}"
-  when: archweb_site|bool
+  when: archweb_site | bool

 - name: Clone archweb-retro repo
  git:
@@ -297,4 +297,4 @@
    version: "{{ archweb_retro_commit_hash }}"
  become: true
  become_user: archweb
-  when: archweb_site|bool
+  when: archweb_site | bool
--- a/roles/archwiki/meta/main.yml
+++ b/roles/archwiki/meta/main.yml
+galaxy_info:
+  description: archwiki role
+  standalone: false
+
 dependencies:
  - role: nginx
--- a/roles/borg_server/tasks/main.yml
+++ b/roles/borg_server/tasks/main.yml
@@ -2,7 +2,7 @@
  pacman: name=borg state=present

 - name: Create borg user
-  user:
+  ansible.builtin.user:
    name: borg
    home: "{{ backup_dir }}"


--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -39,7 +39,7 @@
    - nginx

 - name: Create Arch Linux-specific users
-  user:
+  ansible.builtin.user:
    name: "{{ item.key }}"
    group: users
    groups: "{{ item.value.groups | join(',') }}"

--- a/roles/geo_dns/meta/main.yml
+++ b/roles/geo_dns/meta/main.yml
+galaxy_info:
+  description: geo_dns role
+  standalone: false
+
 dependencies:
  - role: geoipupdate
    vars:

--- a/roles/hetzner_storagebox/tasks/main.yml
+++ b/roles/hetzner_storagebox/tasks/main.yml
@@ -31,7 +31,7 @@
  register: tempfile

 - name: Fill tempfile
-  copy: content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}" mode=preserve
+  template: src=authorized_keys.j2 dest={{ tempfile.path }} mode=preserve
  no_log: true

 - name: Upload authorized_keys for Arch DevOps
@@ -83,7 +83,7 @@

 - name: Update list of sub-accounts
  set_fact:
-    subaccounts: "{{ subaccounts + [item.json.subaccount | combine({'comment':item.invocation.module_args.body.comment})] }}"
+    subaccounts: "{{ subaccounts + [item.json.subaccount | combine({'comment': item.invocation.module_args.body.comment})] }}"
  loop: "{{ new_subaccounts_raw.results }}"
  loop_control:
    label: "{{ item.invocation.module_args.body.comment }}"

--- a/roles/hetzner_storagebox/tasks/upload_client_authorized_keys.yml
+++ b/roles/hetzner_storagebox/tasks/upload_client_authorized_keys.yml
 - name: Fill tempfile
-  copy: content="{{ lookup('template', 'authorized_keys_client.j2') }}" dest="{{ tempfile.path }}" mode=preserve
+  template: src=authorized_keys_client.j2 dest={{ tempfile.path }} mode=preserve
  no_log: true

 - name: Upload authorized_keys file to {{ backup_dir }}/{{ item.item }}

--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -27,11 +27,11 @@

 - name: Partition and format the disks (btrfs RAID)
  command: mkfs.btrfs -f -L root -d {{ raid_level | default('raid1') }} -m {{ raid_level | default('raid1') }} -O no-holes {{ system_disks | map('regex_replace', '^(.*)$', '\g<1>p2' if 'nvme' in system_disks[0] else '\g<1>2') | join(' ') }}
-  when: filesystem == "btrfs" and system_disks|length >= 2
+  when: filesystem == "btrfs" and system_disks | length >= 2

 - name: Partition and format the disks (btrfs single)
  command: mkfs.btrfs -f -L root -d single -m single -O no-holes {{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}
-  when: filesystem == "btrfs" and system_disks|length == 1
+  when: filesystem == "btrfs" and system_disks | length == 1

 - name: Mount the filesystem (btrfs)
  mount: src="{{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}" path=/mnt state=mounted fstype=btrfs opts="compress-force=zstd,space_cache=v2"

--- a/roles/mailman3/defaults/main.yml
+++ b/roles/mailman3/defaults/main.yml
@@ -45,11 +45,17 @@ lists:
  arch-general:
    description: General Discussion about Arch Linux
    display_name: Arch-general
-    info: "This mailing list hosts general discusson about the Arch Linux distribution.  Questions, problems, and new development ideas can be posted here.\n\nYou must be subscribed to the list in order to post to it."
+    info: |
+      This mailing list hosts general discusson about the Arch Linux distribution.  Questions, problems, and new development ideas can be posted here.
+
+      You must be subscribed to the list in order to post to it.
  arch-mirrors-announce:
    description: List for mirror admins to send announcements (like downtime notifications) to our users
    display_name: Arch-mirrors-announce
-    info: "This list is intended for admins of Arch Linux mirrors that want to notify our users about downtime of their mirror.\r\n\r\nThis list also accepts mails from non-subscribers."
+    info: |
+      This list is intended for admins of Arch Linux mirrors that want to notify our users about downtime of their mirror.
+
+      This list also accepts mails from non-subscribers.
  arch-mirrors:
    description: Arch Linux Mirroring Discussion and Announcements
    display_name: Arch-mirrors
@@ -67,7 +73,12 @@ lists:
  arch-projects:
    description: Arch Linux projects development discussion
    display_name: Arch-projects
-    info: "Announcements, development discussion, patches and pull requests for the Arch Linux projects:<ul><li><a target=\"blank\" href=\"https://github.com/archlinux/archweb/\">archweb</a> (patches preferably on Github as pull requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/arch-release-promotion/\">arch-release-promotion</a> (patches only on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/dbscripts/\">dbscripts</a> (patches preferably on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/devtools/\">devtools</a> (patches preferably on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://github.com/archlinux/mkinitcpio/\">mkinitcpio</a> (patches preferably on Github as pull requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/namcap/\">namcap</a> (patches preferably on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/netctl/\">netctl</a> (patches preferably on the mailing list)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/pyalpm/\">pyalpm</a> (patches preferably on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/repod/\">repod</a> (patches only on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/shim-signed/\">shim-signed</a> (contributions preferably on GitLab as merge requests)</li></ul>\r\nPlease begin the email subject with the name of a project in square brackets (e.g. <code>[devtools]</code>). If no project matches, use <code>[projects]</code>.\r\n\r\nNote: No user discussion!"
+    info: |
+      Announcements, development discussion, patches and pull requests for the Arch Linux projects:<ul><li><a target="blank" href="https://github.com/archlinux/archweb/">archweb</a> (patches preferably on Github as pull requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/arch-release-promotion/">arch-release-promotion</a> (patches only on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/dbscripts/">dbscripts</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/devtools/">devtools</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://github.com/archlinux/mkinitcpio/">mkinitcpio</a> (patches preferably on Github as pull requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/namcap/">namcap</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/netctl/">netctl</a> (patches preferably on the mailing list)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/pyalpm/">pyalpm</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/repod/">repod</a> (patches only on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/shim-signed/">shim-signed</a> (contributions preferably on GitLab as merge requests)</li></ul>
+
+      Please begin the email subject with the name of a project in square brackets (e.g. <code>[devtools]</code>). If no project matches, use <code>[projects]</code>.
+
+      Note: No user discussion!
  arch-releng:
    description: Arch Linux Release Engineering
    display_name: Arch-releng
@@ -91,7 +102,10 @@ lists:
  arch-women:
    description: Mailing list for the Arch Women project
    display_name: Arch-women
-    info: "<a href=\"https://archwomen.org/\">Arch Women</a> is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS.\r\n\r\nMailing list graciously hosted by the Arch Linux™ project."
+    info: |
+      <a href="https://archwomen.org/">Arch Women</a> is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS.
+
+      Mailing list graciously hosted by the Arch Linux™ project.
  aur-dev:
    description: Arch User Repository (AUR) Development
    display_name: Aur-dev

--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@@ -69,7 +69,7 @@
    - mailman3-notify.timer
    - uwsgi@mailman\x2dweb.service

- name: update list configurations
+- name: Update list configurations
  uri:
    url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config
    user: "{{ vault_mailman_admin_user }}"

--- a/roles/maintenance/tasks/main.yml
+++ b/roles/maintenance/tasks/main.yml
@@ -6,7 +6,7 @@

 - name: Create the service http root dir
  file: path={{ maintenance_http_dir }}/{{ service_domain }} state=directory owner=root group=root mode=0755
-  when: maintenance is defined and maintenance|bool
+  when: maintenance is defined and maintenance | bool

 - name: Set up nginx maintenance mode
  template:
@@ -16,7 +16,7 @@
    group: root
    mode: 0644
  notify: Reload nginx
-  when: service_nginx_template is not defined and maintenance is defined and maintenance|bool
+  when: service_nginx_template is not defined and maintenance is defined and maintenance | bool

 - name: Set up custom nginx maintenance mode
  template:
@@ -26,7 +26,7 @@
    group: root
    mode: 0644
  notify: Reload nginx
-  when: service_nginx_template is defined and maintenance is defined and maintenance|bool
+  when: service_nginx_template is defined and maintenance is defined and maintenance | bool

 - name: Create the 503 html file
  template:
@@ -35,7 +35,7 @@
    owner: root
    group: root
    mode: 0644
-  when: maintenance is defined and maintenance|bool
+  when: maintenance is defined and maintenance | bool

 - name: Force reload nginx
  meta: flush_handlers
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -229,7 +229,7 @@
  notify:
    - Restart synapse

- name: Install signing key
+- name: Install signing key  # noqa template-instead-of-copy
  copy:
    content: '{{ vault_matrix_secrets.signing_key }}'
    dest: /etc/synapse/{{ matrix_server_name }}.signing.key
@@ -237,7 +237,7 @@
    group: synapse
    mode: 0640

- name: Install ircpass key
+- name: Install ircpass key  # noqa template-instead-of-copy
  copy:
    content: '{{ vault_matrix_secrets.ircpass_key }}'
    dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key

--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@@ -12,8 +12,8 @@
      copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network.d/dns.conf owner=root group=root mode=0644
      notify:
        - Restart networkd
-      when: static_dns|default(true)
-  when: not dhcp|default(false)
+      when: static_dns | default(true)
+  when: not dhcp | default(false)

 - name: Configure network (dhcp)
  block:
@@ -29,8 +29,8 @@
      copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network.d/dns.conf owner=root group=root mode=0644
      notify:
        - Restart networkd
-      when: static_dns|default(false)
-  when: dhcp|default(false)
+      when: static_dns | default(false)
+  when: dhcp | default(false)

 - name: Create symlink to resolv.conf
  file: src=/run/systemd/resolve/stub-resolv.conf dest={{ chroot_path }}/etc/resolv.conf state=link force=yes follow=no owner=root group=root

--- a/roles/postfix_null/meta/main.yml
+++ b/roles/postfix_null/meta/main.yml
+galaxy_info:
+  description: postfix_null role
+  standalone: false
+
 dependencies:
  - role: postfwd
    delegate_to: mail.archlinux.org
--- a/roles/postfix_null/tasks/main.yml
+++ b/roles/postfix_null/tasks/main.yml
@@ -11,7 +11,7 @@

 - name: Create user account on mail to relay with
  delegate_to: mail.archlinux.org
-  user:
+  ansible.builtin.user:
    name: "{{ inventory_hostname_short }}"
    comment: "SMTP Relay Account for {{ inventory_hostname }}"
    group: nobody

--- a/roles/rspamd/meta/main.yml
+++ b/roles/rspamd/meta/main.yml
+galaxy_info:
+  description: rspamd role
+  standalone: false
+
 dependencies:
  - role: redis
--- a/roles/rsync_net/tasks/main.yml
+++ b/roles/rsync_net/tasks/main.yml
@@ -18,7 +18,7 @@
  register: tempfile

 - name: Fill tempfile  # noqa risky-file-permissions
-  copy: content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}" mode=0644
+  template: src=authorized_keys.j2 dest={{ tempfile.path }} mode=0644

 - name: Upload authorized_keys file
  expect: