roles/acme_dns_challenge/tasks/main.yml

-- name: install powerdns
+- name: Install powerdns
   pacman: name=powerdns state=present
 
-- name: install PowerDNS configuration
+- name: Install PowerDNS configuration
   template: src={{ item.src }} dest=/etc/powerdns/{{ item.dest }} owner=root group=root mode=0644
   loop:
     - {src: pdns.conf.j2, dest: pdns.conf}
     - {src: dnsupdate-policy.lua.j2, dest: dnsupdate-policy.lua}
-  notify: restart powerdns
+  notify: Restart powerdns
 
-- name: create directory for sqlite3 dbs
+- name: Create directory for sqlite3 dbs
   file: path=/var/lib/powerdns state=directory owner=powerdns group=powerdns mode=0755
 
-- name: initialize sqlite3 database for _acme-challenge zones
+- name: Initialize sqlite3 database for _acme-challenge zones
   command: sqlite3 -init /usr/share/doc/powerdns/schema.sqlite3.sql /var/lib/powerdns/pdns.sqlite3 ""
   become: true
   become_user: powerdns
   args:
     creates: /var/lib/powerdns/pdns.sqlite3
 
-- name: create _acme-challenge zones
+- name: Create _acme-challenge zones
   shell: |
     pdnsutil create-zone _acme-challenge.{{ item }} {{ inventory_hostname }}
     pdnsutil replace-rrset _acme-challenge.{{ item }} @ SOA "{{ inventory_hostname }}. root.archlinux.org. 0 10800 3600 604800 3600"
@@ -27,18 +27,18 @@
   become_user: powerdns
   changed_when: false
 
-- name: import TSIG key (for certbot)
+- name: Import TSIG key (for certbot)
   command: pdnsutil import-tsig-key {{ certbot_rfc2136_key }} {{ certbot_rfc2136_algorithm }} {{ certbot_rfc2136_secret }}
   changed_when: false
 
-- name: open powerdns ipv4 port for monitoring.archlinux.org
+- name: Open powerdns ipv4 port for monitoring.archlinux.org
   ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
     rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8081 accept"
   tags:
     - firewall
 
-- name: open firewall hole
+- name: Open firewall hole
   ansible.posix.firewalld: service=dns permanent=true state=enabled immediate=yes
 
-- name: start and enable powerdns
+- name: Start and enable powerdns
   systemd: name=pdns.service enabled=yes daemon_reload=yes state=started

roles/alertmanager/handlers/main.yml

-- name: reload alertmanager
+- name: Reload alertmanager
   service: name=alertmanager state=reloaded

roles/alertmanager/tasks/main.yml

-- name: install alertmanager server
+- name: Install alertmanager server
   pacman: name=alertmanager state=present
 
-- name: install alertmanager configuration
+- name: Install alertmanager configuration
   template: src=alertmanager.yml.j2 dest=/etc/alertmanager/alertmanager.yml owner=root group=alertmanager mode=640
-  notify: reload alertmanager
+  notify: Reload alertmanager
 
-- name: enable alertmanager server service
+- name: Enable alertmanager server service
   systemd: name=alertmanager enabled=yes daemon_reload=yes state=started

roles/arch_boxes_sync/tasks/main.yml

-- name: install arch-boxes-sync.sh script dependencies
+- name: Install arch-boxes-sync.sh script dependencies
   pacman: name=curl,jq,unzip state=present
 
-- name: install arch-boxes-sync.sh script
+- name: Install arch-boxes-sync.sh script
   copy: src=arch-boxes-sync.sh dest=/usr/local/bin/ owner=root group=root mode=0755
 
-- name: install arch-boxes-sync.{service,timer}
+- name: Install arch-boxes-sync.{service,timer}
   copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
   loop:
     - arch-boxes-sync.service
     - arch-boxes-sync.timer
   notify:
-    - daemon reload
+    - Daemon reload
 
-- name: start and enable arch-boxes-sync.timer
+- name: Start and enable arch-boxes-sync.timer
   systemd: name=arch-boxes-sync.timer enabled=yes daemon_reload=yes state=started

roles/archbuild/handlers/main.yml

-- name: daemon reload
+- name: Daemon reload
   systemd:
     daemon-reload: true

roles/archbuild/tasks/main.yml

-- name: install archbuild
+- name: Install archbuild
   pacman:
     name:
       - base-devel
@@ -16,7 +16,7 @@
       - appstream-generator
     state: present
 
-- name: install archbuild scripts
+- name: Install archbuild scripts
   copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
   with_items:
     - mkpkg
@@ -28,12 +28,12 @@
     - clean-offload-build
     - gitpkg
 
-- name: install archbuild config files
+- name: Install archbuild config files
   copy: src={{ item }} dest=/usr/local/share/{{ item }} owner=root group=root mode=0644
   with_items:
     - elinks-pkgdiffrepo.conf
 
-- name: install archbuild units
+- name: Install archbuild units
   copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
   with_items:
     - clean-chroots.timer
@@ -45,35 +45,35 @@
     - var-lib-archbuilddest.mount
     - strictatime@.service
   notify:
-    - daemon reload
+    - Daemon reload
 
-- name: install archbuild unit
+- name: Install archbuild unit
   copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
   with_items:
     - var-lib-archbuild.mount
   notify:
-    - daemon reload
+    - Daemon reload
 
-- name: install archbuild user units
+- name: Install archbuild user units
   copy: src={{ item }} dest=/etc/systemd/user/{{ item }} owner=root group=root mode=0644
   with_items:
     - mkpkg@.timer
     - mkpkg@.service
 
-- name: install user-.slice snippet
+- name: Install user-.slice snippet
   copy: src=user-.slice.d dest=/etc/systemd/system owner=root group=root mode=0644
 
-- name: start and enable archbuild mounts
+- name: Start and enable archbuild mounts
   service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }}
   with_items:
     - var-lib-archbuild.mount
 
-- name: start and enable archbuilddest mount
+- name: Start and enable archbuilddest mount
   service: name={{ item }} enabled=yes state=started
   with_items:
     - var-lib-archbuilddest.mount
 
-- name: create archbuilddest
+- name: Create archbuilddest
   file:
     state: directory
     path: '/var/lib/{{ "/".join(item) }}'
@@ -84,7 +84,7 @@
     - [archbuilddest]
     - [srcdest]
 
-- name: set acl on archbuilddest
+- name: Set acl on archbuilddest
   acl:
     name: '/var/lib/archbuilddest/{{ item[0] }}'
     state: present
@@ -104,18 +104,18 @@
        'default:other::r-x',
        'default:mask::rwx']
 
-- name: start and enable archbuild units
+- name: Start and enable archbuild units
   service: name={{ item }} enabled=yes state=started
   with_items:
     - clean-chroots.timer
     - clean-dests.timer
     - clean-offload-build.timer
 
-- name: install makepkg.conf
+- name: Install makepkg.conf
   template: src=makepkg.conf.j2 dest=/etc/makepkg.conf owner=root group=root mode=0644
 
-- name: install archbuild sudoers config
+- name: Install archbuild sudoers config
   copy: src=sudoers dest=/etc/sudoers.d/archbuild owner=root group=root mode=0440
 
-- name: install gitconfig
+- name: Install gitconfig
   copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644

roles/archive/tasks/main.yml

-- name: install archivetools package
+- name: Install archivetools package
   pacman: name=archivetools state=present
 
-- name: make archive dir
+- name: Make archive dir
   file:
     path: "{{ archive_dir }}"
     state: directory
@@ -9,7 +9,7 @@
     group: archive
     mode: 0755
 
-- name: setup archive configuration
+- name: Setup archive configuration
   template:
     src: archive.conf.j2
     dest: /etc/archive.conf
@@ -17,34 +17,34 @@
     group: root
     mode: 0644
 
-- name: setup archive timer
+- name: Setup archive timer
   systemd: name=archive.timer enabled=yes state=started
 
-- name: setup archive-hardlink timer
+- name: Setup archive-hardlink timer
   systemd: name=archive-hardlink.timer enabled=yes state=started
-- name: install internet archive packages
+- name: Install internet archive packages
   pacman: name=python-internetarchive,python-xtarfile state=present
 
-- name: create archive user
+- name: Create archive user
   user: name={{ archive_user_name }} shell=/bin/false home="{{ archive_user_home }}" createhome=yes
 
-- name: configure archive.org client
+- name: Configure archive.org client
   command: ia configure --username={{ vault_archive_username }} --password={{ vault_archive_password }} creates={{ archive_user_home }}/.config/ia.ini
   become: true
   become_user: "{{ archive_user_name }}"
 
-- name: clone archive uploader code
+- name: Clone archive uploader code
   git: repo=https://github.com/archlinux/arch-historical-archive.git dest="{{ archive_repo }}" version="{{ archive_uploader_version }}"
   become: true
   become_user: "{{ archive_user_name }}"
 
-- name: install system service
+- name: Install system service
   template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
   loop:
     - archive-uploader.service
     - archive-uploader.timer
 
-- name: start uploader timer
+- name: Start uploader timer
   systemd:
     name: archive-uploader.timer
     enabled: true

roles/archive_web/tasks/main.yml

-- name: create ssl cert
+- name: Create ssl cert
   include_role:
     name: certificate
   vars:
     domains: ["{{ archive_domain }}"]
 
-- name: set up nginx
+- name: Set up nginx
   template:
     src: nginx.d.conf.j2
     dest: /etc/nginx/nginx.d/archive.conf
@@ -12,10 +12,10 @@
     group: root
     mode: 0644
   notify:
-    - reload nginx
+    - Reload nginx
   tags: ['nginx']
 
-- name: make nginx log dir
+- name: Make nginx log dir
   file:
     path: /var/log/nginx/{{ archive_domain }}
     state: directory

roles/archmanweb/tasks/main.yml

-- name: create ssl cert
+- name: Create ssl cert
   include_role:
     name: certificate
   vars:
     domains: ["{{ archmanweb_domain }}"]
   when: 'archmanweb_domain is defined'
 
-- name: install required packages
+- name: Install required packages
   pacman:
     state: present
     name:
@@ -22,24 +22,24 @@
       - make
       - sassc
 
-- name: make archmanweb user
+- name: Make archmanweb user
   user: name=archmanweb shell=/bin/false home="{{ archmanweb_dir }}"
 
-- name: fix home permissions
+- name: Fix home permissions
   file: state=directory owner=archmanweb group=archmanweb mode=0755 path="{{ archmanweb_dir }}"
 
-- name: set archmanweb groups
+- name: Set archmanweb groups
   user: name=archmanweb groups=uwsgi
 
-- name: set up nginx
+- name: Set up nginx
   template: src=nginx.d.conf.j2 dest="{{ archmanweb_nginx_conf }}" owner=root group=root mode=644
-  notify: reload nginx
+  notify: Reload nginx
   tags: ['nginx']
 
-- name: make nginx log dir
+- name: Make nginx log dir
   file: path=/var/log/nginx/{{ archmanweb_domain }} state=directory owner=root group=root mode=0755
 
-- name: clone archmanweb repo
+- name: Clone archmanweb repo
   git: >
     repo={{ archmanweb_repository }}
     dest="{{ archmanweb_dir }}/repo"
@@ -51,7 +51,7 @@
   become_user: archmanweb
   register: release
 
-- name: build archlinux-common-style
+- name: Build archlinux-common-style
   command:
     cmd: make SASS=sassc
     chdir: "{{ archmanweb_dir }}/repo/archlinux-common-style"
@@ -59,27 +59,27 @@
   become_user: archmanweb
   when: release.changed or archmanweb_forced_deploy
 
-- name: configure archmanweb
+- name: Configure archmanweb
   template: src=local_settings.py.j2 dest={{ archmanweb_dir }}/repo/local_settings.py owner=archmanweb group=archmanweb mode=0660
   register: config
   no_log: true
 
-- name: copy robots.txt
+- name: Copy robots.txt
   copy: src=robots.txt dest="{{ archmanweb_dir }}/repo/robots.txt" owner=root group=root mode=0644
 
-- name: create archmanweb db user
+- name: Create archmanweb db user
   postgresql_user: name={{ archmanweb_db_user }} password={{ vault_archmanweb_db_password }} login_host="{{ archmanweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
   no_log: true
 
-- name: create archmanweb db
+- name: Create archmanweb db
   postgresql_db: name="{{ archmanweb_db }}" login_host="{{ archmanweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ archmanweb_db_user }}"
   register: db_created
 
-- name: add pg_trgm extension to the archmanweb db
+- name: Add pg_trgm extension to the archmanweb db
   postgresql_ext: name="pg_trgm" db="{{ archmanweb_db }}" login_host="{{ archmanweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}"
   when: db_created.changed or archmanweb_forced_deploy
 
-- name: run Django management tasks
+- name: Run Django management tasks
   django_manage: app_path="{{ archmanweb_dir }}/repo" command="{{ item }}"
   with_items:
     - migrate
@@ -89,18 +89,18 @@
   become_user: archmanweb
   when: db_created.changed or release.changed or config.changed or archmanweb_forced_deploy
 
-- name: configure UWSGI for archmanweb
+- name: Configure UWSGI for archmanweb
   template: src=archmanweb.ini.j2 dest=/etc/uwsgi/vassals/archmanweb.ini owner=archmanweb group=http mode=0640
 
-- name: deploy new release
+- name: Deploy new release
   file: path=/etc/uwsgi/vassals/archmanweb.ini state=touch owner=archmanweb group=http mode=0640
   when: release.changed or config.changed or archmanweb_forced_deploy
 
-- name: install systemd units
+- name: Install systemd units
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
   with_items:
     - archmanweb_update.service
     - archmanweb_update.timer
 
-- name: start and enable archmanweb update timer
+- name: Start and enable archmanweb update timer
   systemd: name="archmanweb_update.timer" enabled=yes state=started daemon_reload=yes

roles/archusers/tasks/main.yml

-- name: create Arch Linux-specific groups
+- name: Create Arch Linux-specific groups
   group: name="{{ item }}" state=present system=no
   with_items: "{{ arch_groups }}"
 
-- name: filter arch_users for users with non-matching hosts
-  set_fact: arch_users_filtered="{{ (arch_users_filtered | default([])) + [ item ] }}"
+- name: Filter arch_users for users with non-matching hosts
+  set_fact: arch_users_filtered="{{ (arch_users_filtered | default([])) + [item] }}"
   when: item.value.hosts is not defined or inventory_hostname in item.value.hosts
   with_dict: "{{ arch_users }}"
 
-- name: create Arch Linux-specific users
+- name: Create Arch Linux-specific users
   user:
     name: "{{ item.key }}"
     group: users
@@ -19,25 +19,25 @@
     state: present
   loop: "{{ arch_users_filtered }}"
 
-- name: create .ssh directory
+- name: Create .ssh directory
   file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
   loop: "{{ arch_users_filtered }}"
 
-- name: configure ssh keys
+- name: Configure ssh keys
   template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
   when: item.value.ssh_key is defined
   loop: "{{ arch_users_filtered }}"
 
-- name: remove ssh keys if undefined
+- name: Remove ssh keys if undefined
   file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
   when: item.value.ssh_key is not defined
   loop: "{{ arch_users_filtered }}"
 
-- name: get list of remote users
+- name: Get list of remote users
   find: paths="/home" file_type="directory"
   register: all_users
 
-- name: disable ssh keys of disabled users
+- name: Disable ssh keys of disabled users
   file: path="/home/{{ item }}/.ssh/authorized_keys" state=absent
   when:
     - item not in (arch_users_filtered | map(attribute='key'))

roles/archweb/handlers/main.yml

-- name: daemon reload
+- name: Daemon reload
   systemd:
     daemon-reload: true
 
-- name: restart archweb memcached
+- name: Restart archweb memcached
   service: name=archweb-memcached state=restarted

roles/archweb/tasks/main.yml

-- name: run maintenance mode
+- name: Run maintenance mode
   include_role:
     name: maintenance
   vars:
@@ -9,41 +9,41 @@
     service_nginx_template: "maintenance-nginx.d.conf.j2"
   when: maintenance is defined and archweb_site
 
-- name: install required packages
+- name: Install required packages
   pacman: name=git,python-setuptools,python-psycopg2,llvm-libs,uwsgi-plugin-python state=present
 
-- name: make archweb user
+- name: Make archweb user
   user: name=archweb shell=/bin/false home="{{ archweb_dir }}" createhome=no
 
-- name: fix home permissions
+- name: Fix home permissions
   file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"
 
-- name: set archweb groups
+- name: Set archweb groups
   user: name=archweb groups=uwsgi
   when: archweb_site|bool
 
-- name: create ssl cert
+- name: Create ssl cert
   include_role:
     name: certificate
   vars:
     domains: "{{ [archweb_domain] + archweb_alternate_domains }}"
   when: archweb_site|bool and maintenance is not defined
 
-- name: set up nginx
+- name: Set up nginx
   template: src=nginx.d.conf.j2 dest="{{ archweb_nginx_conf }}" owner=root group=root mode=644
-  notify: reload nginx
+  notify: Reload nginx
   when: archweb_site|bool and maintenance is not defined
   tags: ['nginx']
 
-- name: make nginx log dir
+- name: Make nginx log dir
   file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=root mode=0755
   when: archweb_site|bool
 
-- name: make rsync iso dir
+- name: Make rsync iso dir
   file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb mode=0755
   when: archweb_site|bool
 
-- name: clone archweb repo
+- name: Clone archweb repo
   git: >
     repo={{ archweb_repository }}
     dest="{{ archweb_dir }}"
@@ -54,36 +54,36 @@
   become_user: archweb
   register: release
 
-- name: make virtualenv
+- name: Make virtualenv
   command: python -m venv --system-site-packages "{{ archweb_dir }}"/env creates="{{ archweb_dir }}/env/bin/python"
   become: true
   become_user: archweb
 
-- name: install stuff into virtualenv
+- name: Install stuff into virtualenv
   pip: requirements="{{ archweb_dir }}/requirements_prod.txt" virtualenv="{{ archweb_dir }}/env"
   become: true
   become_user: archweb
   register: virtualenv
 
-- name: create media dir
+- name: Create media dir
   file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}/media"
   when: archweb_site|bool
 
-- name: fix home permissions
+- name: Fix home permissions
   file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"
 
-- name: make archlinux.org dir
+- name: Make archlinux.org dir
   file: path="{{ archweb_dir }}/archlinux.org" state=directory owner=archweb group=archweb mode=0755
 
-- name: configure robots.txt
+- name: Configure robots.txt
   copy: src=robots.txt dest="{{ archweb_dir }}/archlinux.org/robots.txt" owner=root group=root mode=0644
 
-- name: configure archweb
+- name: Configure archweb
   template: src=local_settings.py.j2 dest={{ archweb_dir }}/local_settings.py owner=archweb group=archweb mode=0660
   register: config
   no_log: true
 
-- name: create archweb db users
+- name: Create archweb db users
   postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
   no_log: true
   when: archweb_site or archweb_services
@@ -93,18 +93,18 @@
     - { user: "{{ archweb_db_dbscripts_user }}", password: "{{ vault_archweb_db_dbscripts_password }}" }
     - { user: "{{ archweb_db_backup_user }}", password: "{{ vault_archweb_db_backup_password }}" }
 
-- name: create archweb db
+- name: Create archweb db
   postgresql_db: name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
   when: archweb_site or archweb_services
   register: db_created
 
-- name: django migrate
+- name: Django migrate
   django_manage: app_path="{{ archweb_dir }}" command=migrate virtualenv="{{ archweb_dir }}/env"
   become: true
   become_user: archweb
   when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
 
-- name: db privileges for archweb users
+- name: DB privileges for archweb users
   postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
                     privs=CONNECT roles="{{ item }}" type=database
   when: archweb_site or archweb_services
@@ -113,7 +113,7 @@
     - "{{ archweb_db_dbscripts_user }}"
     - "{{ archweb_db_backup_user }}"
 
-- name: table privileges for archweb users
+- name: Table privileges for archweb users
   postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
                     privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
   when: archweb_site or archweb_services
@@ -122,7 +122,7 @@
     - { user: "{{ archweb_db_dbscripts_user }}", objs: "{{ archweb_db_dbscripts_table_objs }}" }
     - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" }
 
-- name: sequence privileges for archweb users
+- name: Sequence privileges for archweb users
   postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
                     privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
   when: archweb_site or archweb_services
@@ -130,108 +130,108 @@
     - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_sequence_objs }}" }
     - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_sequence_objs }}" }
 
-- name: django collectstatic
+- name: Django collectstatic
   django_manage: app_path="{{ archweb_dir }}" command=collectstatic virtualenv="{{ archweb_dir }}/env"
   become: true
   become_user: archweb
   when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
 
-- name: install reporead service
+- name: Install reporead service
   template: src="archweb-reporead.service.j2" dest="/etc/systemd/system/archweb-reporead.service" owner=root group=root mode=0644
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_services or archweb_reporead
 
-- name: install readlinks service
+- name: Install readlinks service
   template: src="archweb-readlinks.service.j2" dest="/etc/systemd/system/archweb-readlinks.service" owner=root group=root mode=0644
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_services or archweb_reporead
 
-- name: install mirrorcheck service and timer
+- name: Install mirrorcheck service and timer
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
   with_items:
     - archweb-mirrorcheck.service
     - archweb-mirrorcheck.timer
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_services or archweb_mirrorcheck
 
-- name: install mirrorresolv service and timer
+- name: Install mirrorresolv service and timer
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
   with_items:
     - archweb-mirrorresolv.service
     - archweb-mirrorresolv.timer
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_services or archweb_mirrorresolv
 
-- name: install populate_signoffs service and timer
+- name: Install populate_signoffs service and timer
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
   with_items:
     - archweb-populate_signoffs.service
     - archweb-populate_signoffs.timer
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_services or archweb_populate_signoffs
 
-- name: install planet service and timer
+- name: Install planet service and timer
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
   with_items:
     - archweb-planet.service
     - archweb-planet.timer
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_planet
 
-- name: install rebuilderd status service and timer
+- name: Install rebuilderd status service and timer
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
   with_items:
     - archweb-rebuilderd.service
     - archweb-rebuilderd.timer
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_site
 
-- name: install pgp_import service
+- name: Install pgp_import service
   template: src="archweb-pgp_import.service.j2" dest="/etc/systemd/system/archweb-pgp_import.service" owner=root group=root mode=0644
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_services or archweb_pgp_import
 
-- name: create pacman.d hooks dir
+- name: Create pacman.d hooks dir
   file: state=directory owner=root group=root mode=0750 path="/etc/pacman.d/hooks"
   when: archweb_services or archweb_pgp_import
 
-- name: install pgp_import hook
+- name: Install pgp_import hook
   template: src="archweb-pgp_import-pacman-hook.j2" dest="/etc/pacman.d/hooks/archweb-pgp_import.hook" owner=root group=root mode=0644
   when: archweb_services or archweb_pgp_import
 
-- name: install archweb memcached service
+- name: Install archweb memcached service
   template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_site|bool
 
-- name: install archweb rsync iso service and timer
+- name: Install archweb rsync iso service and timer
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
   with_items:
     - archweb-rsync_iso.service
     - archweb-rsync_iso.timer
   notify:
-    - daemon reload
+    - Daemon reload
   when: archweb_site|bool
 
-- name: deploy archweb
+- name: Deploy archweb
   template: src=archweb.ini.j2 dest=/etc/uwsgi/vassals/archweb.ini owner=archweb group=http mode=0640
   when: archweb_site|bool
 
-- name: deploy new release
+- name: Deploy new release
   file: path=/etc/uwsgi/vassals/archweb.ini state=touch owner=archweb group=http mode=0640
   when: archweb_site and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
-  notify: restart archweb memcached
+  notify: Restart archweb memcached
 
-- name: start and enable archweb memcached service and archweb-rsync_iso timer
+- name: Start and enable archweb memcached service and archweb-rsync_iso timer
   systemd:
     name: "{{ item }}"
     enabled: true
@@ -242,55 +242,55 @@
     - archweb-rsync_iso.timer
   when: archweb_site|bool
 
-- name: start and enable archweb reporead service
+- name: Start and enable archweb reporead service
   service: name="archweb-reporead.service" enabled=yes state=started
   when: archweb_services or archweb_reporead
 
-- name: restart archweb reporead service
+- name: Restart archweb reporead service
   service: name="archweb-reporead.service" state=restarted
   when: archweb_services or archweb_reporead and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
 
-- name: start and enable archweb readlinks service
+- name: Start and enable archweb readlinks service
   service: name="archweb-readlinks.service" enabled=yes state=started
   when: archweb_services or archweb_reporead
 
-- name: restart archweb readlinks service
+- name: Restart archweb readlinks service
   service: name="archweb-readlinks.service" state=restarted
   when: archweb_services or archweb_reporead and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
 
-- name: start and enable archweb mirrorcheck timer
+- name: Start and enable archweb mirrorcheck timer
   service: name="archweb-mirrorcheck.timer" enabled=yes state=started
   when: archweb_services or archweb_mirrorcheck
 
-- name: start and enable archweb mirrorresolv timer
+- name: Start and enable archweb mirrorresolv timer
   service: name="archweb-mirrorresolv.timer" enabled=yes state=started
   when: archweb_services or archweb_mirrorresolv
 
-- name: start and enable archweb populate_signoffs timer
+- name: Start and enable archweb populate_signoffs timer
   service: name="archweb-populate_signoffs.timer" enabled=yes state=started
   when: archweb_services or archweb_populate_signoffs
 
-- name: start and enable archweb planet timer
+- name: Start and enable archweb planet timer
   service: name="archweb-planet.timer" enabled=yes state=started
   when: archweb_planet
 
-- name: start and enable archweb rebulderd update timer
+- name: Start and enable archweb rebulderd update timer
   service: name="archweb-rebuilderd.timer" enabled=yes state=started
   when: archweb_site
 
-- name: install donation import wrapper script
+- name: Install donation import wrapper script
   template: src=donor_import_wrapper.sh.j2 dest=/usr/local/bin/donor_import_wrapper.sh owner=root group=root mode=0755
   when: archweb_site
 
-- name: install sudoer rights for fetchmail to call archweb django scripts
+- name: Install sudoer rights for fetchmail to call archweb django scripts
   template: src=sudoers-fetchmail-archweb.j2 dest=/etc/sudoers.d/fetchmail-archweb owner=root group=root mode=0440
   when: archweb_site
 
-- name: create retro dir
+- name: Create retro dir
   file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_retro_dir }}"
   when: archweb_site|bool
 
-- name: clone archweb-retro repo
+- name: Clone archweb-retro repo
   git:
     repo: "{{ archweb_retro_repository }}"
     dest: "{{ archweb_retro_dir }}"

roles/archwiki/handlers/main.yml

-- name: restart php-fpm@archwiki
+- name: Restart php-fpm@archwiki
   service: name=php-fpm@{{ archwiki_user }} state=restarted
 
-- name: run wiki updatescript
+- name: Run wiki updatescript
   command: php {{ archwiki_dir }}/public/maintenance/update.php --quick
   become: true
   become_user: "{{ archwiki_user }}"
@@ -11,7 +11,7 @@
 # otherwise nginx will spit errors into the log until it is restarted (even
 # reload is not enough).
 # reference: https://stackoverflow.com/a/6896903
-- name: purge nginx cache
+- name: Purge nginx cache
   command: find /var/lib/nginx/cache -type f -delete
 
 # The MediaWiki file cache can be invalidated by deleting the files in the
@@ -20,5 +20,5 @@
 # being set to true). References:
 # - https://www.mediawiki.org/wiki/Manual:File_cache
 # - https://www.mediawiki.org/wiki/Manual:$wgInvalidateCacheOnLocalSettingsChange
-- name: invalidate MediaWiki file cache
+- name: Invalidate MediaWiki file cache
   file: path="{{ archwiki_dir }}/public/LocalSettings.php" state=touch owner=archwiki group=archwiki mode=0640

roles/archwiki/tasks/main.yml

-- name: run maintenance mode
+- name: Run maintenance mode
   include_role:
     name: maintenance
   vars:
@@ -8,94 +8,94 @@
     service_nginx_conf: "{{ archwiki_nginx_conf }}"
   when: maintenance is defined
 
-- name: create ssl cert
+- name: Create ssl cert
   include_role:
     name: certificate
   vars:
     domains: ["{{ archwiki_domain }}"]
   when: 'archwiki_domain is defined'
 
-- name: install packages
+- name: Install packages
   pacman: name=git,php-intl state=present
 
-- name: make archwiki user
+- name: Make archwiki user
   user: name="{{ archwiki_user }}" shell=/bin/false home="{{ archwiki_dir }}" createhome=no
   register: user_created
 
-- name: fix home permissions
+- name: Fix home permissions
   file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0751 path="{{ archwiki_dir }}"
 
-- name: fix cache permissions
+- name: Fix cache permissions
   file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/cache"
 
-- name: fix sessions permissions
+- name: Fix sessions permissions
   file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/sessions"
 
-- name: fix uploads permissions
+- name: Fix uploads permissions
   file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/uploads"
 
-- name: set up nginx
+- name: Set up nginx
   template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644
   notify:
-    - reload nginx
+    - Reload nginx
   when: maintenance is not defined
   tags: ['nginx']
 
-- name: configure robots.txt
+- name: Configure robots.txt
   copy: src=robots.txt dest="{{ archwiki_dir }}/robots.txt" owner=root group=root mode=0644
 
-- name: make nginx log dir
+- name: Make nginx log dir
   file: path=/var/log/nginx/{{ archwiki_domain }} state=directory owner=root group=root mode=0755
 
-- name: make debug log dir
+- name: Make debug log dir
   file: path=/var/log/archwiki state=directory owner={{ archwiki_user }} group=root mode=0700
 
-- name: clone archwiki repo
+- name: Clone archwiki repo
   git: repo={{ archwiki_repository }} dest="{{ archwiki_dir }}/public" version={{ archwiki_version }}
   become: true
   become_user: "{{ archwiki_user }}"
   notify:
-    - run wiki updatescript
+    - Run wiki updatescript
     # purge the nginx cache and MediaWiki file cache to make sure clients get updated assets
     # as well as freshly rendered pages using the new assets
-    - purge nginx cache
-    - invalidate MediaWiki file cache
+    - Purge nginx cache
+    - Invalidate MediaWiki file cache
 
-- name: configure archwiki
+- name: Configure archwiki
   template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640
   register: config
   no_log: true
 
-- name: create archwiki db
+- name: Create archwiki db
   mysql_db: name="{{ archwiki_db }}" login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
   register: db_created
 
-- name: create archwiki db user
+- name: Create archwiki db user
   mysql_user: name={{ archwiki_db_user }} password={{ vault_archwiki_db_password }}
               login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
               priv="{{ archwiki_db }}.*:ALL"
   no_log: true
 
-- name: configure php-fpm
+- name: Configure php-fpm
   template:
     src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ archwiki_user }}.conf"
     owner=root group=root mode=0644
   notify:
-    - restart php-fpm@{{ archwiki_user }}
+    - Restart php-fpm@{{ archwiki_user }}
 
-- name: start and enable systemd socket
+- name: Start and enable systemd socket
   service: name=php-fpm@{{ archwiki_user }}.socket state=started enabled=true
 
-- name: create memcached.service.d drop-in directory
+- name: Create memcached.service.d drop-in directory
   file: path=/etc/systemd/system/memcached@archwiki.service.d state=directory owner=root group=root mode=0755
 
-- name: install memcached.service drop-in
+- name: Install memcached.service drop-in
   template: src="memcached.service.d-archwiki.conf.j2" dest="/etc/systemd/system/memcached@archwiki.service.d/archwiki.conf" owner=root group=root mode=0644
 
-- name: start and enable memcached service
+- name: Start and enable memcached service
   service: name=memcached@archwiki.service state=started enabled=true daemon_reload=true
 
-- name: install systemd services/timers
+- name: Install systemd services/timers
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
   loop:
     - archwiki-runjobs.service
@@ -105,7 +105,7 @@
     - archwiki-prune-cache.timer
     - archwiki-question-updater.service
 
-- name: start and enable archwiki timers and services
+- name: Start and enable archwiki timers and services
   systemd:
     name: "{{ item }}"
     enabled: true
@@ -116,17 +116,17 @@
     - archwiki-prune-cache.timer
     - archwiki-runjobs-wait.service
 
-- name: create question answer file
+- name: Create question answer file
   systemd:
     name: archwiki-question-updater.service
     state: started
     daemon_reload: true
 
-- name: ensure question answer file exists and set permissions
+- name: Ensure question answer file exists and set permissions
   file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
 
-- name: create pacman.d hooks dir
+- name: Create pacman.d hooks dir
   file: state=directory owner=root group=root mode=0755 path=/etc/pacman.d/hooks
 
-- name: install archwiki question updater hook
+- name: Install archwiki question updater hook
   template: src=archwiki-question-updater.hook.j2 dest=/etc/pacman.d/hooks/archwiki-question-updater.hook owner=root group=root mode=0644

roles/aurweb/defaults/main.yml

@@ -8,7 +8,7 @@ aurweb_conf_dir: '/etc/aurweb'
 aurweb_git_dir: "{{ aurweb_dir }}/aur.git"
 aurweb_git_hook: '/usr/local/bin/aurweb-git-update'
 aurweb_nginx_conf: '/etc/nginx/nginx.d/aurweb.conf'
-aurweb_version: 'live'
+aurweb_version: 'v6.1.2'
 aurweb_pgp_keys: ['0F985B6F99B6686854C44EC3F7E46DED420788F3', 'DB650286BD9EAE39890D3FE6FE3DC1668CB24956']
 
 aurweb_db: 'aur'

roles/aurweb/handlers/main.yml

-- name: daemon reload
+- name: Daemon reload
   systemd:
     daemon-reload: true
 
-- name: restart php-fpm@{{ aurweb_user }}
+- name: Restart php-fpm@{{ aurweb_user }}
   service: name=php-fpm@{{ aurweb_user }} state=restarted
 
-- name: restart sshd
+- name: Restart sshd
   service: name=sshd state=restarted

roles/aurweb/tasks/main.yml

-- name: install required packages
+- name: Install required packages
   pacman:
     state: present
     name:
@@ -11,37 +11,37 @@
       - gcc
       - pkg-config
 
-- name: install the cgit package
+- name: Install the cgit package
   pacman:
     state: present
     name:
       - cgit-aurweb
   register: cgit
 
-- name: install the git package
+- name: Install the git package
   pacman:
     state: present
     name:
       - git
   register: git
 
-- name: make aur user
+- name: Make aur user
   user: name="{{ aurweb_user }}" shell=/bin/bash createhome=yes
   register: aur_user
 
-- name: create .ssh for the aur user
+- name: Create .ssh for the aur user
   file: path={{ aur_user.home }}/.ssh state=directory owner={{ aur_user.name }} group={{ aur_user.name }} mode=0700
 
-- name: install SSH key for mirroring to GitHub
+- name: Install SSH key for mirroring to GitHub
   copy: src=id_ed25519 dest={{ aur_user.home }}/.ssh/ owner={{ aur_user.name }} group={{ aur_user.name }} mode=0600
 
-- name: fetch host keys for github.com
+- name: Fetch host keys for github.com
   command: ssh-keyscan github.com
   args:
     creates: "{{ aur_user.home }}/.ssh/known_hosts"
   register: github_host_keys
 
-- name: write github.com host keys to the aur user's known_hosts
+- name: Write github.com host keys to the aur user's known_hosts
   lineinfile: name={{ aur_user.home }}/.ssh/known_hosts create=yes line={{ item }} owner={{ aur_user.name }} group={{ aur_user.name }} mode=0644
   loop: "{{ github_host_keys.stdout_lines }}"
   when: github_host_keys.changed
@@ -49,7 +49,7 @@
 - name: Create directory
   file: path={{ aurweb_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
 
-- name: receive valid signing keys
+- name: Receive valid signing keys
   command: /usr/bin/gpg --keyserver keys.openpgp.org --recv {{ item }}
   loop: '{{ aurweb_pgp_keys }}'
   become: true
@@ -57,7 +57,7 @@
   register: gpg
   changed_when: "gpg.rc == 0"
 
-- name: aurweb git repo check
+- name: Aurweb git repo check
   git: >
     repo={{ aurweb_repository }}
     dest="{{ aurweb_dir }}"
@@ -69,7 +69,7 @@
   register: release
   check_mode: true
 
-- name: install AUR systemd service and timers
+- name: Install AUR systemd service and timers
   template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
   with_items:
     - aurweb-git.service
@@ -91,7 +91,7 @@
     - aurweb-github-mirror.timer
   when: release.changed
 
-- name: stop AUR systemd services and timers
+- name: Stop AUR systemd services and timers
   service: name={{ item }} enabled=yes state=stopped
   with_items:
     - aurweb-git.timer
@@ -105,7 +105,7 @@
     - aurweb-github-mirror.timer
   when: release.changed
 
-- name: clone aurweb repo
+- name: Clone aurweb repo
   git: >
     repo={{ aurweb_repository }}
     dest="{{ aurweb_dir }}"
@@ -116,35 +116,35 @@
   become_user: "{{ aurweb_user }}"
   when: release.changed
 
-- name: create necessary directories
+- name: Create necessary directories
   file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755
   with_items:
     - 'aurblup'
     - 'sessions'
     - 'uploads'
 
-- name: create aurweb conf dir
+- name: Create aurweb conf dir
   file: path={{ aurweb_conf_dir }} state=directory owner=root group=root mode=0755
 
-- name: copy aurweb configuration file
+- name: Copy aurweb configuration file
   copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes owner=root group=root mode=0644
 
 # Note: initdb needs the config
-- name: install custom aurweb configuration
+- name: Install custom aurweb configuration
   template: src=config.j2 dest={{ aurweb_conf_dir }}/config owner=root group=root mode=0644
 
-- name: create aur db
+- name: Create aur db
   mysql_db: name="{{ aurweb_db }}" login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}" encoding=utf8
   register: db_created
   no_log: true
 
-- name: create aur db user
+- name: Create aur db user
   mysql_user: name={{ aurweb_db_user }} password={{ vault_aurweb_db_password }}
               login_host="{{ aurweb_db_host }}" login_password="{{ vault_mariadb_users.root }}"
               priv="{{ aurweb_db }}.*:ALL"
   no_log: true
 
-- name: initialize the database
+- name: Initialize the database
   command: poetry run python -m aurweb.initdb
   args:
     chdir: "{{ aurweb_dir }}"
@@ -152,7 +152,7 @@
   become_user: "{{ aurweb_user }}"
   when: db_created.changed
 
-- name: run migrations
+- name: Run migrations
   command: poetry run alembic upgrade head
   args:
     chdir: "{{ aurweb_dir }}"
@@ -162,7 +162,7 @@
   become_user: "{{ aurweb_user }}"
   when: release.changed or db_created.changed
 
-- name: Check python module availability
+- name: Check python module availability  # noqa no-changed-when
   command: poetry run python3 -c 'import aurweb'
   args:
     chdir: "{{ aurweb_dir }}"
@@ -170,8 +170,6 @@
   become_user: "{{ aurweb_user }}"
   ignore_errors: true
   register: aurweb_installed
-  tags:
-    - skip_ansible_lint
 
 - name: Install python module
   command: poetry install
@@ -183,19 +181,19 @@
   become_user: "{{ aurweb_user }}"
   when: release.changed or aurweb_installed.rc != 0
 
-- name: install custom aurweb-git-auth wrapper script
+- name: Install custom aurweb-git-auth wrapper script
   template: src=aurweb-git-auth.sh.j2 dest=/usr/local/bin/aurweb-git-auth.sh owner=root group=root mode=0755
   when: release.changed
 
-- name: install custom aurweb-git-serve wrapper script
+- name: Install custom aurweb-git-serve wrapper script
   template: src=aurweb-git-serve.sh.j2 dest=/usr/local/bin/aurweb-git-serve.sh owner=root group=root mode=0755
   when: release.changed
 
-- name: install custom aurweb-git-update wrapper script
+- name: Install custom aurweb-git-update wrapper script
   template: src=aurweb-git-update.sh.j2 dest=/usr/local/bin/aurweb-git-update.sh owner=root group=root mode=0755
   when: release.changed
 
-- name: link custom aurweb-git-update wrapper to hooks/update
+- name: Link custom aurweb-git-update wrapper to hooks/update
   file:
     src: /usr/local/bin/aurweb-git-update.sh
     dest: "{{ aurweb_dir }}/aur.git/hooks/update"
@@ -215,36 +213,36 @@
   become: true
   become_user: "{{ aurweb_user }}"
 
-- name: create ssl cert
+- name: Create ssl cert
   include_role:
     name: certificate
   vars:
     domains: ["{{ aurweb_domain }}"]
 
-- name: set up nginx
+- name: Set up nginx
   template: src=nginx.d.conf.j2 dest={{ aurweb_nginx_conf }} owner=root group=root mode=644
-  notify: reload nginx
+  notify: Reload nginx
   tags: ['nginx']
 
-- name: make nginx log dir
+- name: Make nginx log dir
   file: path=/var/log/nginx/{{ aurweb_domain }} state=directory owner=root group=root mode=0755
 
-- name: install cgit configuration
+- name: Install cgit configuration
   template: src=cgitrc.j2 dest="{{ aurweb_conf_dir }}/cgitrc" owner=root group=root mode=0644
 
-- name: configure cgit uwsgi service
+- name: Configure cgit uwsgi service
   template: src=cgit.ini.j2 dest=/etc/uwsgi/vassals/cgit.ini owner={{ aurweb_user }} group=http mode=0644
 
-- name: deploy new cgit release
+- name: Deploy new cgit release
   become: true
   become_user: "{{ aurweb_user }}"
   file: path=/etc/uwsgi/vassals/cgit.ini state=touch owner=root group=root mode=0644
   when: cgit.changed
 
-- name: configure smartgit uwsgi service
+- name: Configure smartgit uwsgi service
   template: src=smartgit.ini.j2 dest=/etc/uwsgi/vassals/smartgit.ini owner={{ aurweb_user }} group=http mode=0644
 
-- name: deploy new smartgit release
+- name: Deploy new smartgit release
   become: true
   become_user: "{{ aurweb_user }}"
   file:
@@ -255,63 +253,53 @@
     mode: 0644
   when: git.changed
 
-- name: create git repo dir
+- name: Create git repo dir
   file: path={{ aurweb_git_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
 
-- name: init git directory
+- name: Init git directory  # noqa command-instead-of-module
   command: git init --bare {{ aurweb_git_dir }}
   args:
     creates: "{{ aurweb_git_dir }}/HEAD"
   become: true
   become_user: "{{ aurweb_user }}"
-  tags:
-    - skip_ansible_lint
 
-- name: save hideRefs setting on var
+- name: Save hideRefs setting on var  # noqa command-instead-of-module no-changed-when
   command: git config --local --get-all transfer.hideRefs
   register: git_config
   args:
     chdir: "{{ aurweb_git_dir }}"
   failed_when: git_config.rc == 2  # FIXME: does not work.
-  tags:
-    - skip_ansible_lint
 
-- name: configure git tranfser.hideRefs
+- name: Configure git tranfser.hideRefs  # noqa command-instead-of-module
   command: git config --local transfer.hideRefs '^refs/'
   args:
     chdir: "{{ aurweb_git_dir }}"
   become: true
   become_user: "{{ aurweb_user }}"
   when: git_config.stdout.find('^refs/') == -1
-  tags:
-    - skip_ansible_lint
 
-- name: configure git transfer.hideRefs second
+- name: Configure git transfer.hideRefs second  # noqa command-instead-of-module
   command: git config --local --add transfer.hideRefs '!refs/'
   args:
     chdir: "{{ aurweb_git_dir }}"
   become: true
   become_user: "{{ aurweb_user }}"
   when: git_config.stdout.find('!refs/') == -1
-  tags:
-    - skip_ansible_lint
 
-- name: configure git transfer.hideRefs third
+- name: Configure git transfer.hideRefs third  # noqa command-instead-of-module
   command: git config --local --add transfer.hideRefs '!HEAD'
   args:
     chdir: "{{ aurweb_git_dir }}"
   become: true
   become_user: "{{ aurweb_user }}"
   when: git_config.stdout.find('!HEAD') == -1
-  tags:
-    - skip_ansible_lint
 
-- name: configure sshd
+- name: Configure sshd
   template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
   notify:
-    - restart sshd
+    - Restart sshd
 
-- name: start and enable AUR systemd services and timers
+- name: Start and enable AUR systemd services and timers
   service: name={{ item }} enabled=yes state=started daemon_reload=yes
   with_items:
     - aurweb-git.timer

roles/borg_client/tasks/main.yml

-- name: install borg and tools
+- name: Install borg and tools
   pacman: name=borg state=present
 
-- name: check if borg repository already exists
+- name: Check if borg repository already exists
   command: "{{ item['borg_cmd'] }} list {{ item['host'] }}/{{ item['dir'] }}"
   environment:
     BORG_RELOCATED_REPO_ACCESS_IS_OK: "yes"
@@ -10,59 +10,57 @@
   loop: "{{ backup_hosts }}"
   changed_when: borg_list.stdout | length > 0
 
-- name: init borg repository
+- name: Init borg repository  # noqa ignore-errors
   command: "{{ item['borg_cmd'] }} init -e keyfile {{ item['host'] }}/{{ item['dir'] }}"
   when: borg_list is failed
   environment:
     BORG_PASSPHRASE: ""
   ignore_errors: true  # This can sometimes fail if a backup is in progress :/
   loop: "{{ backup_hosts }}"
-  tags:
-    - skip_ansible_lint
 
 
-- name: install convenience scripts
+- name: Install convenience scripts
   template: src=borg.j2 dest=/usr/local/bin/borg{{ item['suffix'] }} owner=root group=root mode=0755
   loop: "{{ backup_hosts }}"
 
-- name: install borg backup scripts
+- name: Install borg backup scripts
   template: src=borg-backup.sh.j2 dest=/usr/local/bin/borg-backup{{ item['suffix'] }}.sh owner=root group=root mode=0755
   loop: "{{ backup_hosts }}"
 
-- name: install postgres backup script
+- name: Install postgres backup script
   template: src=backup-postgres.sh.j2 dest=/usr/local/bin/backup-postgres.sh owner=root group=root mode=0755
   when: postgres_backup_dir is defined
 
-- name: check whether postgres user exists
+- name: Check whether postgres user exists
   command: getent passwd postgres
   register: check_postgres_user
   ignore_errors: true
   changed_when: check_postgres_user.stdout | length > 0
 
-- name: make postgres backup directory
+- name: Make postgres backup directory
   file: path={{ postgres_backup_dir }} owner=root group=root mode=0755 state=directory
   when: check_postgres_user is succeeded and postgres_backup_dir is defined
 
-- name: install mysql backup script
+- name: Install mysql backup script
   template: src=backup-mysql.sh.j2 dest=/usr/local/bin/backup-mysql.sh owner=root group=root mode=0755
   when: mysql_backup_dir is defined
 
-- name: install mysql backup config
+- name: Install mysql backup config
   template: src=backup-my.cnf.j2 dest={{ mysql_backup_defaults }} owner=root group=root mode=0644
   when: mysql_backup_defaults is defined
 
-- name: create mysql backup directory
+- name: Create mysql backup directory
   file: path={{ mysql_backup_dir }} state=directory owner=root group=root mode=0755
   when: mysql_backup_dir is defined
 
-- name: install systemd services for backup
+- name: Install systemd services for backup
   template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
   with_items:
     - borg-backup.service
     - borg-backup-offsite.service
 
-- name: install systemd timer for backup
+- name: Install systemd timer for backup
   copy: src=borg-backup.timer dest=/etc/systemd/system/borg-backup.timer owner=root group=root mode=0644
 
-- name: activate systemd timer for backup
+- name: Activate systemd timer for backup
   systemd: name=borg-backup.timer enabled=yes state=started daemon-reload=yes

roles/borg_server/tasks/main.yml

-- name: install borg
+- name: Install borg
   pacman: name=borg state=present
 
-- name: create borg user
+- name: Create borg user
   user:
     name: borg
     home: "{{ backup_dir }}"
 
-- name: create borg user home
+- name: Create borg user home
   file:
     path: "{{ backup_dir }}"
     state: directory
@@ -14,7 +14,7 @@
     group: borg
     mode: 0700
 
-- name: create the root backup directory at {{ backup_dir }}
+- name: Create the root backup directory at {{ backup_dir }}
   file:
     path: "{{ backup_dir }}/{{ item }}"
     state: directory
@@ -23,14 +23,14 @@
     mode: 0700
   with_items: "{{ backup_clients }}"
 
-- name: fetch ssh keys from each borg client machine
+- name: Fetch ssh keys from each borg client machine
   command: cat /root/.ssh/id_rsa.pub
   register: ssh_keys
   delegate_to: "{{ item }}"
   with_items: "{{ backup_clients }}"
   changed_when: ssh_keys.stdout | length > 0
 
-- name: allow certain clients to connect
+- name: Allow certain clients to connect
   authorized_key:
     user: borg
     key: "{{ item.stdout }}"

roles/bugbot/tasks/main.yml

-- name: install bugbot utilities
+- name: Install bugbot utilities
   pacman: name=python-irc,python-beautifulsoup4,python-lxml state=present
 
-- name: receive valid signing keys
+- name: Receive valid signing keys
   command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }}
   with_items: '{{ bugbot_pgp_emails }}'
   register: gpg
   changed_when: "gpg.rc == 0"
 
-- name: clone bugbot source
+- name: Clone bugbot source
   git:
     repo: https://gitlab.archlinux.org/archlinux/bugbot.git
     dest: /srv/bugbot
@@ -16,11 +16,11 @@
     gpg_whitelist: '{{ bugbot_pgp_keys }}'
     version: '{{ bugbot_version }}'
 
-- name: install env file
+- name: Install env file
   template: src=bugbot.j2 dest=/srv/bugbot/env owner=root group=root mode=0600
 
-- name: install bugbot systemd service
+- name: Install bugbot systemd service
   copy: src=bugbot.service dest=/etc/systemd/system/bugbot.service owner=root group=root mode=0644
 
-- name: start and enable bugbot service
+- name: Start and enable bugbot service
   systemd: name=bugbot.service enabled=yes state=started daemon_reload=yes