Fix issues reported by ansible-lint (var prefixes)

playbooks/roles/acme_dns/tasks/main.yml

@@ -13,18 +13,18 @@
 
     - name: Setting the service config path
       ansible.builtin.set_fact:
-        config_path: "{{ (service_path, 'config') | path_join }}"
+        acme_dns_config_path: "{{ (service_path, 'config') | path_join }}"
 
     - name: Create a service-config directory
       ansible.builtin.file:
-        path: "{{ config_path }}"
+        path: "{{ acme_dns_config_path }}"
         state: directory
         mode: "0700"
 
     - name: Template config
       ansible.builtin.template:
         src: config.cfg.j2
-        dest: "{{ (config_path, 'config.cfg') | path_join }}"
+        dest: "{{ (acme_dns_config_path, 'config.cfg') | path_join }}"
         mode: "0600"
       notify: Restart service {{ role_name }}
 

playbooks/roles/backup/tasks/hooks.yml

@@ -1,16 +1,16 @@
 ---
 - name: Set hooks path
   ansible.builtin.set_fact:
-    hooks_path: "{{ (service_path, 'hooks') | path_join }}"
+    backup_hooks_path: "{{ (service_path, 'hooks') | path_join }}"
 - name: Create hooks directory
   ansible.builtin.file:
-    path: "{{ hooks_path }}"
+    path: "{{ backup_hooks_path }}"
     state: directory
     mode: "0755"
 - name: Copy the hooks
   ansible.builtin.copy:
     src: hooks/
-    dest: "{{ hooks_path }}"
+    dest: "{{ backup_hooks_path }}"
     mode: "0755"
 - name: Create the from directories
   ansible.builtin.file:

playbooks/roles/backup/tasks/recovery.yml

@@ -1,13 +1,13 @@
 - name: Set recovery path
   ansible.builtin.set_fact:
-    recovery_path: "{{ (service_path, 'recovery') | path_join }}"
+    backup_recovery_path: "{{ (service_path, 'recovery') | path_join }}"
 - name: Create recovery directory
   ansible.builtin.file:
-    path: "{{ recovery_path }}"
+    path: "{{ backup_recovery_path }}"
     state: directory
     mode: "0755"
 - name: Copy the recovery
   ansible.builtin.copy:
     src: recovery/
-    dest: "{{ recovery_path }}"
+    dest: "{{ backup_recovery_path }}"
     mode: "0755"

playbooks/roles/caddy/tasks/main.yml

@@ -19,25 +19,25 @@
 
     - name: Set caddy config path
       ansible.builtin.set_fact:
-        config_path: "{{ (service_path, 'config') | path_join }}"
+        caddy_config_path: "{{ (service_path, 'config') | path_join }}"
 
     - name: Create config directory
       ansible.builtin.file:
-        path: "{{ config_path }}"
+        path: "{{ caddy_config_path }}"
         state: directory
         mode: "0755"
 
     - name: Template caddyfile
       ansible.builtin.template:
         src: Caddyfile.j2
-        dest: "{{ (config_path, 'Caddyfile') | path_join }}"
+        dest: "{{ (caddy_config_path, 'Caddyfile') | path_join }}"
         mode: "0644"
       notify: Reload caddy
 
     - name: Copy snippets file
       ansible.builtin.copy:
         src: snippets
-        dest: "{{ (config_path, 'snippets') | path_join }}"
+        dest: "{{ (caddy_config_path, 'snippets') | path_join }}"
         mode: "0644"
       notify: Reload caddy
 

playbooks/roles/forgejo_runner/defaults/main.yml

@@ -1,7 +1,6 @@
 ---
 forgejo_runner_env:
   FORGEJO_INSTANCE_URL: https://git.serguzim.me/
-  FORGEJO_RUNNER_REGISTRATION_TOKEN:
   DOCKER_HOST: tcp://docker-in-docker:2375
 
 forgejo_runner_compose:

playbooks/roles/forgejo_runner/tasks/main.yml

@@ -21,21 +21,14 @@
     - name: Check if .env already exists
       ansible.builtin.stat:
         path: "{{ (service_path, '.env') | path_join }}"
-      register: env_file
-
-    - name: Import tasks to prompt for the registration token
-      ansible.builtin.import_tasks: tasks/prompt-registration-token.yml
-      when: not env_file.stat.exists or force_forgejo_runner_registration | default(False)
+      register: forgejo_runner_env_file
 
     - name: Import tasks create a .env file
       ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
+
+    - name: Import tasks to prompt for the registration token
+      ansible.builtin.import_tasks: tasks/prompt-registration-token.yml
+      when: not forgejo_runner_env_file.stat.exists or force_forgejo_runner_registration | default(False)
+
     - name: Import start tasks for common service
       ansible.builtin.import_tasks: tasks/start-common-service.yml
-
-    - name: Register runner
-      ansible.builtin.command:
-        cmd: docker compose run --rm -it app sh -c
-          'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}'
-        chdir: "{{ service_path }}"
-      when: not env_file.stat.exists or force_forgejo_runner_registration | default(False)
-      changed_when: true # "when" checks enough. We are sure to change something here.

playbooks/roles/forgejo_runner/tasks/prompt-registration-token.yml

@@ -3,8 +3,11 @@
   ansible.builtin.pause:
     prompt: Enter a secret
     echo: false
-  register: promt_registration_token
+  register: forgejo_runner_promt_registration_token
 
-- name: Put registration token into env vars
-  ansible.builtin.set_fact:
-    forgejo_runner_env: "{{ forgejo_runner_env | combine({'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input}, recursive=True) }}"
+- name: Register runner
+  ansible.builtin.command:
+    cmd: docker compose run --rm -it app sh -c
+      'forgejo-runner register --no-interactive --token {{ forgejo_runner_promt_registration_token.user_input }} --instance ${FORGEJO_INSTANCE_URL}'
+    chdir: "{{ service_path }}"
+  changed_when: true

playbooks/roles/healthcheck/tasks/main.yml

@@ -24,5 +24,4 @@
         chdir: "{{ service_path }}"
       when:
         - "'local-dev' != inventory_hostname"
-      register: cmd_result
       changed_when: true

playbooks/roles/healthcheck/tasks/systemd.yml

@@ -16,7 +16,7 @@
   ansible.builtin.shell:  # noqa: command-instead-of-module
     executable: /usr/bin/bash
     cmd: "set -o pipefail && systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'"
-  register: systemd_timers_result
+  register: healthcheck_systemd_timers_result
   changed_when: false
 
 - name: Generate systemd timer names
@@ -28,7 +28,7 @@
     name: "{{ item }}"
     state: stopped
     enabled: false
-  loop: "{{ systemd_timers_result.stdout_lines | difference(healthcheck_systemd_timers) }}"
+  loop: "{{ healthcheck_systemd_timers_result.stdout_lines | difference(healthcheck_systemd_timers) }}"
   become: true
 
 - name: Enable the system timer

playbooks/roles/lego/tasks/config.yml

@@ -1,19 +1,19 @@
 ---
 - name: Set config path
   ansible.builtin.set_fact:
-    config_path: "{{ (service_path, 'config') | path_join }}"
+    lego_config_path: "{{ (service_path, 'config') | path_join }}"
 - name: Create config directory
   ansible.builtin.file:
-    path: "{{ config_path }}"
+    path: "{{ lego_config_path }}"
     state: directory
     mode: "0755"
 - name: Create the acme-dns-accounts
   ansible.builtin.copy:
-    dest: "{{ (config_path, 'acme-dns-accounts.json') | path_join }}"
+    dest: "{{ (lego_config_path, 'acme-dns-accounts.json') | path_join }}"
     content: '{{ vault_acmedns_registered | acmedns_to_lego | to_json }}'
     mode: "0644"
 - name: Copy the hook script
   ansible.builtin.copy:
     src: "hook.sh"
-    dest: "{{ (config_path, 'hook.sh') | path_join }}"
+    dest: "{{ (lego_config_path, 'hook.sh') | path_join }}"
     mode: "0755"

playbooks/roles/lego/tasks/hooks.yml

@@ -1,14 +1,14 @@
 ---
 - name: Set hooks path
   ansible.builtin.set_fact:
-    hooks_path: "{{ (service_path, 'hooks') | path_join }}"
+    lego_hooks_path: "{{ (service_path, 'hooks') | path_join }}"
 - name: Create hooks directory
   ansible.builtin.file:
-    path: "{{ hooks_path }}"
+    path: "{{ lego_hooks_path }}"
     state: directory
     mode: "0755"
 - name: Copy the additional hooks
   ansible.builtin.copy:
     src: hooks/
-    dest: "{{ hooks_path }}"
+    dest: "{{ lego_hooks_path }}"
     mode: "0755"

playbooks/roles/lego/tasks/main.yml

@@ -38,5 +38,5 @@
         chdir: "{{ service_path }}"
       become: true
       loop: "{{ lego_host_certificates }}"
-      register: cmd_result
-      changed_when: cmd_result.stderr | regex_search('Server responded with a certificate.')
+      register: lego_cmd_result
+      changed_when: lego_cmd_result.stderr | regex_search('Server responded with a certificate.')

playbooks/roles/lego/tasks/systemd.yml

@@ -16,7 +16,7 @@
   ansible.builtin.shell:
     executable: /usr/bin/bash
     cmd: "set -o pipefail && systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
-  register: systemd_timers_result
+  register: lego_systemd_timers_result
   changed_when: false
 
 - name: Generate systemd timer names
@@ -28,7 +28,7 @@
     name: "{{ item }}"
     state: stopped
     enabled: false
-  loop: "{{ systemd_timers_result.stdout_lines | difference(lego_systemd_timers) }}"
+  loop: "{{ lego_systemd_timers_result.stdout_lines | difference(lego_systemd_timers) }}"
   become: true
 
 - name: Enable the system timers

playbooks/roles/lgtm_stack/tasks/grafana.yml

@@ -1,15 +1,15 @@
 - name: Set grafana datasources path
   ansible.builtin.set_fact:
-    datasources_path: "{{ (service_path, 'datasources') | path_join }}"
+    lgtm_stack_datasources_path: "{{ (service_path, 'datasources') | path_join }}"
 
 - name: Create datasources directory
   ansible.builtin.file:
-    path: "{{ datasources_path }}"
+    path: "{{ lgtm_stack_datasources_path }}"
     state: directory
     mode: "0755"
 
 - name: Create default datasources
   ansible.builtin.copy:
-    dest: "{{ (datasources_path, 'default.yaml') | path_join }}"
+    dest: "{{ (lgtm_stack_datasources_path, 'default.yaml') | path_join }}"
     content: '{{ lgtm_stack_grafana_datasources | to_nice_yaml }}'
     mode: "0644"

playbooks/roles/postgresql/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart postgresql
+  ansible.builtin.systemd_service:
+    name: postgresql.service
+    state: restarted
+  become: true

playbooks/roles/postgresql/tasks/main.yml

@@ -58,14 +58,8 @@
       - contype: hostssl
         address: "::/0"
   become: true
-  register: pg_hba_reg
-
-- name: Restart postgresql on pg_hba change
-  ansible.builtin.systemd_service:
-    state: restarted
-    name: postgresql
-  when: pg_hba_reg.changed # noqa: no-handler TODO can we add a handler here?
-  become: true
+  notify:
+    - Restart postgresql
 
 - name: Start postgresql
   ansible.builtin.systemd_service:
@@ -80,11 +74,11 @@
     name: "{{ item.name }}"
     value: "{{ item.value }}"
   loop: "{{ postgresql_set_vars | dict2items(key_name='name', value_name='value') }}"
-  register: set
+  register: postgresql_set
 
 - name: Restart postgresql
   ansible.builtin.systemd_service:
     state: restarted
     name: postgresql
-  when: set.results | postgresql_restart_required
+  when: postgresql_set.results | postgresql_restart_required
   become: true

playbooks/roles/software/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Restart tailscaled
+  ansible.builtin.systemd_service:
+    name: tailscaled.service
+    state: restarted
+  become: true
+
+- name: Restart tailscaled
+  ansible.builtin.systemd_service:
+    name: systemd-resolved.service
+    state: restarted
+  become: true

playbooks/roles/software/tasks/main.yml

@@ -8,9 +8,10 @@
 - name: Install wanted software
   ansible.builtin.apt:
     pkg:
-      - jq
       - bzip2
+      - jq
       - rclone
+      - zsh
     state: present
     update_cache: true
   become: true

playbooks/roles/software/tasks/restic.yml

@@ -1,23 +1,23 @@
 - name: Check if autorestic is installed
   ansible.builtin.stat:
     path: /usr/local/bin/autorestic
-  register: autorestic_status
+  register: software_autorestic_status
 
 - name: Install autorestic
   ansible.builtin.shell:
     executable: /usr/bin/bash
     cmd: set -o pipefail && wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
-  when: not autorestic_status.stat.exists
+  when: not software_autorestic_status.stat.exists
   changed_when: true
   become: true
 
 - name: Check if restic is installed
   ansible.builtin.stat:
     path: /usr/local/bin/restic
-  register: restic_status
+  register: software_restic_status
 
 - name: Install restic
   ansible.builtin.command: autorestic install
-  when: not restic_status.stat.exists
+  when: not software_restic_status.stat.exists
   changed_when: true
   become: true

playbooks/roles/software/tasks/systemd-resolved.yml

@@ -14,26 +14,19 @@
     owner: "root"
     group: "root"
   become: true
-  register: systemd_resolved_config
+  notify:
+    - Restart tailscaled
+    - Restart systemd-resolved
 
-- name: Enable systemd-resolved and (re)start
+- name: Enable and systemd-resolved
   ansible.builtin.systemd_service:
     name: systemd-resolved.service
-    state: "{{ 'restarted' if systemd_resolved_config.changed else 'started' }}"
+    state: started
     enabled: true
     daemon_reload: true
   become: true
-  register: systemd_resolved_started
-
-- name: Restart other dns-related services
-  ansible.builtin.systemd_service:
-    name: "{{ item }}.service"
-    state: restarted
-    daemon_reload: true
-  become: true
-  when: systemd_resolved_started.changed # noqa: no-handler TODO can we add a handler here?
-  loop:
-    - tailscaled
+  notify:
+    - Restart tailscaled
 
 - name: Create resolv.conf symlink
   ansible.builtin.file:

playbooks/roles/synapse/tasks/main.yml

@@ -13,17 +13,17 @@
 
     - name: Set synapse config path
       ansible.builtin.set_fact:
-        config_path: "{{ (service_path, svc.config_path) | path_join }}"
+        synapse_config_path: "{{ (service_path, svc.config_path) | path_join }}"
 
     - name: Create config directory
       ansible.builtin.file:
-        path: "{{ config_path }}"
+        path: "{{ synapse_config_path }}"
         state: directory
         mode: "0755"
 
     - name: Create config
       ansible.builtin.copy:
-        dest: "{{ (config_path, 'homeserver.yaml') | path_join }}"
+        dest: "{{ (synapse_config_path, 'homeserver.yaml') | path_join }}"
         content: '{{ synapse_yml | to_nice_yaml }}'
         mode: "0644"
       notify: Restart service {{ role_name }}
@@ -31,14 +31,14 @@
     - name: Copy the log config
       ansible.builtin.copy:
         src: msrg.cc.log.config
-        dest: "{{ (config_path, 'msrg.cc.log.config') | path_join }}"
+        dest: "{{ (synapse_config_path, 'msrg.cc.log.config') | path_join }}"
         mode: "0644"
       notify: Restart service {{ role_name }}
 
     - name: Copy the signing key
       ansible.builtin.copy:
         content: "{{ vault_synapse.signing_key }}"
-        dest: "{{ (config_path, 'msrg.cc.signing.key') | path_join }}"
+        dest: "{{ (synapse_config_path, 'msrg.cc.signing.key') | path_join }}"
         mode: "0644"
       notify: Restart service {{ role_name }}
 

playbooks/tasks/reload-caddy.yml

@@ -1,12 +1,12 @@
 - name: Find existing caddy site configs
   ansible.builtin.find:
-    paths: "{{ caddy_config_path }}"
+    paths: "{{ caddy_site_config_path }}"
     recurse: false
   register: find_result
 - name: Map exisiting/wanted caddy site configs
   ansible.builtin.set_fact:
     caddy_site_configs_have: "{{ find_result.files | map(attribute='path') }}"
-    caddy_site_configs_want: "{{ host_services | services_names() | list_prefix_path_suffix(caddy_config_path, '.conf') }}"
+    caddy_site_configs_want: "{{ host_services | services_names() | list_prefix_path_suffix(caddy_site_config_path, '.conf') }}"
 
 - name: Remove unwanted caddy site configs
   ansible.builtin.file:

playbooks/tasks/steps/template-site-config.yml

@@ -2,6 +2,6 @@
 - name: Template caddy site
   ansible.builtin.template:
     src: caddy_site.conf.j2
-    dest: "{{ (caddy_config_path, role_name + '.conf') | path_join }}"
+    dest: "{{ (caddy_site_config_path, role_name + '.conf') | path_join }}"
     mode: "0644"
   notify: Reload caddy