Fix for ansible 2.10 (fixes #149)

playbooks/luna.yml

@@ -5,7 +5,7 @@
   remote_user: root
   tasks:
     - name: open firewall holes for services
-      firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+      ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
       with_items:
         - http
         - https
@@ -17,7 +17,7 @@
         - firewall
 
     - name: open firewall holes for ports
-      firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+      ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
       with_items:
         - 6969/tcp
         - 4949/tcp

playbooks/tasks/fetch-borg-keys.yml

@@ -4,7 +4,7 @@
   hosts: 127.0.0.1
   tasks:
       - name: create borg-keys directory
-        file: path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve
+        file: path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve  # noqa 208
 
 - name: fetch borg keys
   hosts: borg_clients

roles/aurweb/tasks/main.yml

@@ -172,7 +172,12 @@
 - name: deploy new smartgit release
   become: true
   become_user: "{{ aurweb_user }}"
-  file: path=/etc/uwsgi/vassals/smartgit.ini state=touch mode=preserve
+  file:
+    path: /etc/uwsgi/vassals/smartgit.ini
+    state: touch
+    owner: "{{ aurweb_user }}"
+    group: http
+    mode: 0644
   when: git.changed
 
 - name: create git repo dir

roles/certbot/tasks/main.yml

@@ -23,7 +23,7 @@
     daemon_reload: yes
 
 - name: open firewall holes for certbot standalone authenticator
-  firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
   with_items:
     - http
   when: configure_firewall

roles/dbscripts/tasks/main.yml

@@ -295,7 +295,7 @@
   service: name=rsyncd.socket enabled=yes state=started
 
 - name: open firewall holes for rsync
-  firewalld: service=rsyncd permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service=rsyncd permanent=true state=enabled immediate=yes
   when: configure_firewall
   tags:
     - firewall
@@ -307,7 +307,7 @@
   service: name=svnserve enabled=yes state=started
 
 - name: open firewall holes for svnserve
-  firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
   when: configure_firewall
   tags:
     - firewall

roles/dovecot/tasks/main.yml

@@ -21,7 +21,7 @@
   service: name=dovecot enabled=yes state=started
 
 - name: open firewall holes
-  firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
   with_items:
     - pop3
     - pop3s

roles/firewalld/tasks/main.yml

@@ -17,7 +17,7 @@
     state: "{{ configure_firewall | ternary('started', 'stopped') }}"
 
 - name: disable default dhcpv6-client rule
-  firewalld:
+  ansible.posix.firewalld:
     service: dhcpv6-client
     state: disabled
     immediate: yes

roles/gitlab/tasks/main.yml

@@ -86,7 +86,7 @@
       - "/srv/gitlab/data:/var/opt/gitlab"
 
 - name: open firewall holes
-  firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
   when: configure_firewall
   with_items:
     - "80/tcp"
@@ -97,7 +97,7 @@
     - firewall
 
 - name: make docker0 interface trusted
-  firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
   when: configure_firewall
   tags:
     - firewall

roles/gitlab_runner/tasks/main.yml

@@ -8,7 +8,7 @@
   systemd: name=docker enabled=yes state=started daemon_reload=yes
 
 - name: make docker0 interface trusted
-  firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
   when: configure_firewall
   tags:
     - firewall

roles/keycloak/tasks/main.yml

@@ -27,7 +27,7 @@
   service: name=keycloak enabled=yes state=started
 
 - name: open firewall hole
-  firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
   when: configure_firewall
   with_items:
     - 80/tcp

roles/matrix/tasks/main.yml

@@ -195,7 +195,7 @@
     - restart matrix-appservice-irc
 
 - name: open firewall holes
-  firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
   with_items:
     - 113/tcp
   when: configure_firewall

roles/nginx/tasks/main.yml

@@ -56,7 +56,7 @@
   service: name=nginx enabled=yes
 
 - name: open firewall holes
-  firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
   with_items:
     - http
     - https

roles/postfix/tasks/main.yml

@@ -104,7 +104,7 @@
     create_home: no
 
 - name: open firewall holes
-  firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
   with_items:
     - smtp
     - smtp-submission

roles/postgres/tasks/main.yml

@@ -67,7 +67,7 @@
   when: postgres_ssl == 'on'
 
 - name: open firewall holes to known postgresql ipv4 clients
-  firewalld: permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: permanent=true state=enabled immediate=yes
     rich_rule="rule family=ipv4 source address={{ item }} port protocol=tcp port=5432 accept"
   with_items: "{{ postgres_ssl_hosts4 }}"
   when: configure_firewall
@@ -75,7 +75,7 @@
     - firewall
 
 - name: open firewall holes to known postgresql ipv6 clients
-  firewalld: permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: permanent=true state=enabled immediate=yes
     rich_rule="rule family=ipv6 source address={{ item }} port protocol=tcp port=5432 accept"
   with_items: "{{ postgres_ssl_hosts6 }}"
   when: configure_firewall

roles/prometheus_exporters/tasks/main.yml

@@ -110,21 +110,21 @@
   when: "'memcached' in group_names"
 
 - name: open prometheus-node-exporter ipv4 port for monitoring.archlinux.org
-  firewalld: state=enabled permanent=true immediate=yes
+  ansible.posix.firewalld: state=enabled permanent=true immediate=yes
         rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_exporter_port }} accept"
   when: "'prometheus' not in group_names"
 
 - name: open gitlab exporter ipv4 port for monitoring.archlinux.org
-  firewalld: state=enabled permanent=true immediate=yes
+  ansible.posix.firewalld: state=enabled permanent=true immediate=yes
         rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ gitlab_runner_exporter_port }} accept"
   when: "'gitlab_runners' in group_names"
 
 - name: open prometheus mysqld exporter ipv4 port for monitoring.archlinux.org
-  firewalld: state=enabled permanent=true immediate=yes
+  ansible.posix.firewalld: state=enabled permanent=true immediate=yes
         rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_mysqld_exporter_port }} accept"
   when: "'mysql_servers' in group_names"
 
 - name: open prometheus memcached exporter ipv4 port for monitoring.archlinux.org
-  firewalld: state=enabled permanent=true immediate=yes
+  ansible.posix.firewalld: state=enabled permanent=true immediate=yes
         rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_memcached_exporter_port }} accept"
   when: "'memcached' in group_names"

roles/quassel/tasks/main.yml

@@ -57,7 +57,7 @@
     - clean-quassel.timer
 
 - name: open firewall holes
-  firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
   with_items:
     - 4242/tcp
     - 113/tcp

roles/sshd/tasks/main.yml

@@ -22,7 +22,7 @@
   service: name=sshd enabled=yes state=started
 
 - name: open firewall holes
-  firewalld: service=ssh permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service=ssh permanent=true state=enabled immediate=yes
   when: configure_firewall is defined and configure_firewall
   tags:
     - firewall

roles/syncrepo/tasks/main.yml

@@ -51,7 +51,7 @@
   tags: ['nginx']
 
 - name: open firewall holes
-  firewalld: service=rsyncd permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service=rsyncd permanent=true state=enabled immediate=yes
   when: configure_firewall
   tags:
     - firewall

roles/zabbix_agent/tasks/main.yml

@@ -122,7 +122,7 @@
   service: name=zabbix-agent enabled=yes state=started
 
 - name: open firewall holes
-  firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
   when: configure_firewall
   tags:
     - firewall

roles/zabbix_server/tasks/main.yml

@@ -75,7 +75,7 @@
   service: name=php-fpm@zabbix-web.socket state=started enabled=true
 
 - name: open firewall holes
-  firewalld: service=zabbix-server permanent=true state=enabled immediate=yes
+  ansible.posix.firewalld: service=zabbix-server permanent=true state=enabled immediate=yes
   when: configure_firewall
   tags:
     - firewall