Fix issues reported by ansible-lint

2023-12-13 02:43:15 +01:00 · 2023-12-13 02:43:15 +01:00 · 2e100d290f
commit 2e100d290f
parent a90840b1dc
59 changed files with 315 additions and 244 deletions
--- a/_ansible/.ansible-lint
+++ b/_ansible/.ansible-lint
@ -0,0 +1,2 @@
 skip_list:
  - var-naming[no-role-prefix]
--- a/_ansible/roles/acme-dns/tasks/main.yml
+++ b/_ansible/roles/acme-dns/tasks/main.yml
@ -4,8 +4,8 @@
    - acme-dns
    - certificates
  block:
-    - import_tasks: steps/create-service-directory.yml
+    - name: Import prepare tasks for common service
-    - import_tasks: steps/template-docker-compose.yml
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
    - name: Setting the service config path
      ansible.builtin.set_fact:
@ -23,5 +23,5 @@
        dest: "{{ (config_path, 'config.cfg') | path_join }}"
        mode: "0600"
-    - import_tasks: steps/template-site-config.yml
+    - name: Import start tasks for common service
-    - import_tasks: steps/start-service.yml
+      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/_ansible/roles/acme-dns/vars/main.yml
+++ b/_ansible/roles/acme-dns/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "acme.serguzim.me"
+  domain: acme.serguzim.me
  name: acme-dns
  port: 80
  nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
@ -12,7 +13,6 @@ svc:
    pass: "{{ vault_acmedns.db.pass }}"
    db: acme_dns
 compose:
  watchtower: true
  monitoring: true
@ -24,4 +24,4 @@ compose:
      app:
        ports:
          - "53:53"
-          - "53:53/udp"
+          - 53:53/udp
--- a/_ansible/roles/authentik/tasks/main.yml
+++ b/_ansible/roles/authentik/tasks/main.yml
@ -4,4 +4,5 @@
    - authentik
    - authentication
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/authentik/vars/main.yml
+++ b/_ansible/roles/authentik/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "auth.serguzim.me"
+  domain: auth.serguzim.me
  name: authentik
  port: 9000
  image_tag: 2023.8
@ -32,7 +33,7 @@ svc_env:
 compose:
  watchtower: false
-  image: "ghcr.io/goauthentik/server:{{ svc.image_tag }}"
+  image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
  env: true
  file:
    services:
@ -41,7 +42,7 @@ compose:
        depends_on:
          - redis
      worker:
-        image: "ghcr.io/goauthentik/server:{{ svc.image_tag }}"
+        image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
        restart: always
        command: worker
        user: root
@ -53,7 +54,6 @@ compose:
          - redis
        networks:
          default:
      redis:
        image: redis:alpine
        restart: always
--- a/_ansible/roles/caddy/tasks/main.yml
+++ b/_ansible/roles/caddy/tasks/main.yml
@ -5,7 +5,10 @@
    - reverse_proxy
    - webserver
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
-    - import_tasks: clean-sites.yml
+    - name: Import tasks for cleaning sites
-    - import_tasks: reload-caddy.yml
+      ansible.builtin.import_tasks: tasks/clean-sites.yml
    - name: Import tasks to reload caddy
      ansible.builtin.import_tasks: tasks/reload-caddy.yml
--- a/_ansible/roles/coder/tasks/main.yml
+++ b/_ansible/roles/coder/tasks/main.yml
@ -3,4 +3,5 @@
  tags:
    - coder
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/coder/vars/main.yml
+++ b/_ansible/roles/coder/vars/main.yml
@ -1,8 +1,9 @@
 ---
 svc:
-  domain: "coder.serguzim.me"
+  domain: coder.serguzim.me
  additional_domains:
    - "*.coder.serguzim.me"
-  caddy_extra: "import acmedns"
+  caddy_extra: import acmedns
  name: coder
  port: 7080
  db:
@ -13,12 +14,12 @@ svc:
 svc_env:
  CODER_ADDRESS: "0.0.0.0:7080"
-  CODER_ACCESS_URL: "https://{{ svc.domain }}"
+  CODER_ACCESS_URL: https://{{ svc.domain }}
  CODER_WILDCARD_ACCESS_URL: "*.{{ svc.domain }}"
-  CODER_PG_CONNECTION_URL: "postgres://{{ vault_coder.db.user }}:{{ vault_coder.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/coder?sslmode=verify-full"
+  CODER_PG_CONNECTION_URL: postgres://{{ vault_coder.db.user }}:{{ vault_coder.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/coder?sslmode=verify-full
-  CODER_OIDC_ISSUER_URL: "https://auth.serguzim.me/application/o/coder-serguzim-me/"
+  CODER_OIDC_ISSUER_URL: https://auth.serguzim.me/application/o/coder-serguzim-me/
  CODER_OIDC_CLIENT_ID: "{{ vault_coder.oidc_client.id }}"
  CODER_OIDC_CLIENT_SECRET: "{{ vault_coder.oidc_client.secret }}"
--- a/_ansible/roles/faas/tasks/main.yml
+++ b/_ansible/roles/faas/tasks/main.yml
@ -3,4 +3,5 @@
  tags:
    - faas
  block:
-    - import_tasks: steps/template-site-config.yml
+    - name: Import tasks to template the site and functions for the reverse proxy
      ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
--- a/_ansible/roles/faas/vars/main.yml
+++ b/_ansible/roles/faas/vars/main.yml
@ -1,3 +1,4 @@
 ---
 svc:
  name: faas
  domain: faas.serguzim.me
--- a/_ansible/roles/forgejo-runner/tasks/main.yml
+++ b/_ansible/roles/forgejo-runner/tasks/main.yml
@ -6,31 +6,35 @@
    - ci
    - forgejo-runner
  block:
-    - import_tasks: steps/create-service-directory.yml
+    - name: Import tasks to create service directory
-    - import_tasks: steps/template-docker-compose.yml
+      ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
    - name: Import tasks to template docker compose file
      ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml
    - name: Copy the config
      ansible.builtin.copy:
        src: config.yml
        dest: "{{ (service_path, 'config.yml') | path_join }}"
-        mode: '0755'
+        mode: "0755"
    - name: Check if service.env already exists
      ansible.builtin.stat:
        path: "{{ (service_path, 'service.env') | path_join }}"
      register: svc_env_file
-    - import_tasks: prompt-registration-token.yml
+    - name: Import tasks to prompt for the registration token
-      when: not svc_env_file.stat.exists or
+      ansible.builtin.import_tasks: tasks/prompt-registration-token.yml
-        force_forgejo_runner_registration | default(False)
+      when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False)
-    - import_tasks: steps/template-service-env.yml
+    - name: Import tasks create a service.env file
-
+      ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
-    - import_tasks: steps/start-service.yml
+    - name: Import start tasks for common service
      ansible.builtin.import_tasks: tasks/start-common-service.yml
    - name: Register runner
      ansible.builtin.command:
-        cmd: docker compose run --rm -it app sh -c 'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}'
+        cmd: docker compose run --rm -it app sh -c
          'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}'
        chdir: "{{ service_path }}"
-      when: not svc_env_file.stat.exists or
+      when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False)
-        force_forgejo_runner_registration | default(False)
+      changed_when: true # "when" checks enough. We are sure to change something here.
--- a/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml
+++ b/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml
@ -1,11 +1,10 @@
 ---
 - name: Input forgejo-runner registration token
  ansible.builtin.pause:
-    prompt: "Enter a secret"
+    prompt: Enter a secret
-    echo: no
+    echo: false
  register: promt_registration_token
 - name: Put registration token into env vars
  ansible.builtin.set_fact:
-    svc_env: "{{ svc_env | combine({
+    svc_env: "{{ svc_env | combine({'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input}, recursive=True) }}"
        'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input
      }, recursive=True) }}"
--- a/_ansible/roles/forgejo-runner/vars/main.yml
+++ b/_ansible/roles/forgejo-runner/vars/main.yml
@ -1,8 +1,9 @@
 ---
 svc:
  name: forgejo-runner
 svc_env:
-  FORGEJO_INSTANCE_URL: "https://git.serguzim.me/"
+  FORGEJO_INSTANCE_URL: https://git.serguzim.me/
  FORGEJO_RUNNER_REGISTRATION_TOKEN:
  DOCKER_HOST: tcp://docker-in-docker:2375
@ -17,7 +18,7 @@ compose:
    services:
      app:
        hostname: "{{ ansible_facts.hostname }}"
-        command: "forgejo-runner --config /config/config.yml daemon"
+        command: forgejo-runner --config /config/config.yml daemon
        depends_on:
          - docker-in-docker
        links:
@ -25,7 +26,7 @@ compose:
      docker-in-docker:
        image: docker:dind
        privileged: true
-        command: "dockerd -H tcp://0.0.0.0:2375 --tls=false"
+        command: dockerd -H tcp://0.0.0.0:2375 --tls=false
        networks:
          default:
    volumes:
--- a/_ansible/roles/forgejo/tasks/main.yml
+++ b/_ansible/roles/forgejo/tasks/main.yml
@ -4,4 +4,5 @@
    - forgejo
    - git
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/forgejo/vars/main.yml
+++ b/_ansible/roles/forgejo/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "git.serguzim.me"
+  domain: git.serguzim.me
  name: forgejo
  port: 3000
  caddy_extra: header /attachments/* Access-Control-Allow-Origin *
@ -10,26 +11,26 @@ svc:
  ssh_port_alt: 3022
 svc_env:
-  FORGEJO__database__DB_TYPE: "postgres"
+  FORGEJO__database__DB_TYPE: postgres
  FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
-  FORGEJO__database__NAME: "forgejo"
+  FORGEJO__database__NAME: forgejo
  FORGEJO__database__USER: "{{ vault_forgejo.db.user }}"
  FORGEJO__database__PASSWD: "{{ vault_forgejo.db.pass }}"
-  FORGEJO__database__SSL_MODE: "verify-full"
+  FORGEJO__database__SSL_MODE: verify-full
  FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true
  FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: true
-  FORGEJO__repository__DEFAULT_BRANCH: "main"
+  FORGEJO__repository__DEFAULT_BRANCH: main
  FORGEJO__cors__ENABLED: true
-  FORGEJO__cors__SCHEME: "https"
+  FORGEJO__cors__SCHEME: https
-  FORGEJO__ui__DEFAULT_THEME: "arc-green"
+  FORGEJO__ui__DEFAULT_THEME: arc-green
  FORGEJO__server__DOMAIN: "{{ svc.domain }}"
  FORGEJO__server__SSH_DOMAIN: "{{ svc.domain }}"
  FORGEJO__server__SSH_PORT: "{{ svc.ssh_port }}"
-  FORGEJO__server__ROOT_URL: "https://{{ svc.domain }}"
+  FORGEJO__server__ROOT_URL: https://{{ svc.domain }}
  FORGEJO__server__OFFLINE_MODE: true
  FORGEJO__server__LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}"
  FORGEJO__server__LFS_START_SERVER: true
@ -44,16 +45,16 @@ svc_env:
  FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true
  FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: false
  FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: true
-  FORGEJO__service__NO_REPLY_ADDRESS: "discard.msrg.cc"
+  FORGEJO__service__NO_REPLY_ADDRESS: discard.msrg.cc
  FORGEJO__webhook__DELIVER_TIMEOUT: 60
  FORGEJO__mailer__ENABLED: true
-  FORGEJO__mailer__PROTOCOL: "smtp+starttls"
+  FORGEJO__mailer__PROTOCOL: smtp+starttls
-  FORGEJO__mailer__SMTP_ADDR: "mail.serguzim.me"
+  FORGEJO__mailer__SMTP_ADDR: mail.serguzim.me
  FORGEJO__mailer__SMTP_PORT: 587
-  FORGEJO__mailer__FROM: "Forgejo <git@serguzim.me>"
+  FORGEJO__mailer__FROM: Forgejo <git@serguzim.me>
-  FORGEJO__mailer__USER: "git@serguzim.me"
+  FORGEJO__mailer__USER: git@serguzim.me
  FORGEJO__mailer__PASSWD: "{{ vault_forgejo.mailer_passwd }}"
  FORGEJO__mailer__SEND_AS_PLAIN_TEXT: true
@ -66,12 +67,12 @@ svc_env:
  FORGEJO__actions__ENABLED: true
-  FORGEJO__storage__STORAGE_TYPE: "minio"
+  FORGEJO__storage__STORAGE_TYPE: minio
-  FORGEJO__storage__MINIO_ENDPOINT: "s3.serguzim.me"
+  FORGEJO__storage__MINIO_ENDPOINT: s3.serguzim.me
  FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ vault_forgejo.minio.access_key_id }}"
  FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ vault_forgejo.minio.secret_access_key }}"
-  FORGEJO__storage__MINIO_BUCKET: "forgejo"
+  FORGEJO__storage__MINIO_BUCKET: forgejo
-  FORGEJO__storage__MINIO_LOCATION: "de-contabo-1"
+  FORGEJO__storage__MINIO_LOCATION: de-contabo-1
  FORGEJO__storage__MINIO_USE_SSL: true
  FORGEJO__other__SHOW_FOOTER_VERSION: true
@ -93,4 +94,3 @@ compose:
          - "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}"
    volumes:
      data:
--- a/_ansible/roles/harbor/tasks/main.yml
+++ b/_ansible/roles/harbor/tasks/main.yml
@ -4,8 +4,11 @@
    - harbor
    - registry
  block:
-    - import_tasks: steps/create-service-directory.yml
+    - name: Import prepare tasks for common service
-    - import_tasks: steps/template-site-config.yml
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
    - name: Import tasks to template the site for the reverse proxy
      ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
    - name: Template config
      ansible.builtin.template:
@ -17,12 +20,13 @@
      ansible.builtin.unarchive:
        src: https://github.com/goharbor/harbor/releases/download/v{{ svc.harbor_version }}/harbor-online-installer-v{{ svc.harbor_version }}.tgz
        dest: "{{ service_path }}"
-        remote_src: yes
+        remote_src: true
    - name: Run the harbor prepare command
      ansible.builtin.command:
        cmd: "{{ service_path }}/harbor/prepare"
        chdir: "{{ service_path }}"
        creates: "{{ (service_path, 'docker-compose.yml') | path_join }}"
      environment:
        HARBOR_BUNDLE_DIR: "{{ service_path }}"
@ -33,3 +37,4 @@
      environment:
        HARBOR_BUNDLE_DIR: "{{ service_path }}"
      become: true
      changed_when: true # TODO find way to recognize need to run install command
--- a/_ansible/roles/harbor/vars/main.yml
+++ b/_ansible/roles/harbor/vars/main.yml
@ -1,3 +1,4 @@
 ---
 svc_ports:
  http: 20080
  https: 20443
@ -5,7 +6,8 @@ svc_ports:
 svc:
  name: harbor
-  domain: "registry.serguzim.me"
+  no_compose: true # TODO remove when fixing "var-naming[no-role-prefix]"
  domain: registry.serguzim.me
  caddy_extra: |
    reverse_proxy /metrics host.docker.internal:{{ svc_ports.metrics }}
    reverse_proxy host.docker.internal:{{ svc_ports.https }} {
@ -75,9 +77,9 @@ svc_yml:
      max_idle_conns: 2
      max_open_conns: 0
  proxy:
-    http_proxy: null
+    http_proxy:
-    https_proxy: null
+    https_proxy:
-    no_proxy: null
+    no_proxy:
    components:
      - core
      - jobservice
--- a/_ansible/roles/healthcheck/tasks/main.yml
+++ b/_ansible/roles/healthcheck/tasks/main.yml
@ -3,38 +3,40 @@
  tags:
    - healthcheck
  block:
-    - import_tasks: steps/create-service-directory.yml
+    - name: Import tasks to create service directory
      ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
    - name: Copy the docker-compose file
      ansible.builtin.copy:
        src: docker-compose.yml
        dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
-        mode: '0644'
+        mode: "0644"
    - name: Copy the Dockerfile
      ansible.builtin.copy:
        src: Dockerfile
        dest: "{{ (service_path, 'Dockerfile') | path_join }}"
-        mode: '0644'
+        mode: "0644"
    - name: Copy the data files
      ansible.builtin.copy:
        src: data
        dest: "{{ service_path }}"
-        mode: '0755'
+        mode: "0755"
    - name: Copy the system service
      ansible.builtin.copy:
        src: healthcheck@.service
-        dest: "/etc/systemd/system/healthcheck@.service"
+        dest: /etc/systemd/system/healthcheck@.service
-        mode: '0644'
+        mode: "0644"
      become: true
    - name: Copy the system timer
      ansible.builtin.copy:
        src: healthcheck@.timer
-        dest: "/etc/systemd/system/healthcheck@.timer"
+        dest: /etc/systemd/system/healthcheck@.timer
-        mode: '0644'
+        mode: "0644"
      become: true
-    - import_tasks: steps/template-service-env.yml
+    - name: Import tasks create a service.env file
      ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
    - name: Build service
      ansible.builtin.command:
@ -43,4 +45,4 @@
      when:
        - "'local-dev' != inventory_hostname"
      register: cmd_result
-      changed_when: True
+      changed_when: true
--- a/_ansible/roles/healthcheck/vars/main.yml
+++ b/_ansible/roles/healthcheck/vars/main.yml
@ -1,13 +1,14 @@
 ---
 svc:
  name: healthcheck
 svc_env:
-  USER_AGENT: "healthcheck-bot for serguzim.net"
+  USER_AGENT: healthcheck-bot for serguzim.net
  HTTP_HC_UID: "{{ vault_healthcheck.hc_uid.http }}"
-  MATRIX_SERVER: "https://matrix.msrg.cc"
+  MATRIX_SERVER: https://matrix.msrg.cc
-  MATRIX_SERVER_FEDTESTER: "msrg.cc"
+  MATRIX_SERVER_FEDTESTER: msrg.cc
  MATRIX_HC_UID: "{{ vault_healthcheck.hc_uid.matrix }}"
  MATRIX_TOKEN: "{{ vault_healthcheck.matrix.token }}"
  MATRIX_ROOM: "{{ vault_healthcheck.matrix.room }}"
--- a/_ansible/roles/homebox/tasks/main.yml
+++ b/_ansible/roles/homebox/tasks/main.yml
@ -4,4 +4,5 @@
    - homebox
    - inventory
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/homebox/vars/main.yml
+++ b/_ansible/roles/homebox/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "inventory.serguzim.me"
+  domain: inventory.serguzim.me
  name: homebox
  port: 7745
@ -21,4 +22,3 @@ compose:
  file:
    volumes:
      data:
--- a/_ansible/roles/influxdb/tasks/main.yml
+++ b/_ansible/roles/influxdb/tasks/main.yml
@ -4,8 +4,8 @@
    - influxdb
    - sensors
  block:
-    - import_tasks: steps/create-service-directory.yml
+    - name: Import prepare tasks for common service
-    - import_tasks: steps/template-docker-compose.yml
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
    - name: Template config
      ansible.builtin.template:
@ -13,5 +13,5 @@
        dest: "{{ (service_path, 'influxdb.yml') | path_join }}"
        mode: "0600"
-    - import_tasks: steps/template-site-config.yml
+    - name: Import start tasks for common service
-    - import_tasks: steps/start-service.yml
+      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/_ansible/roles/influxdb/vars/main.yml
+++ b/_ansible/roles/influxdb/vars/main.yml
@ -1,8 +1,9 @@
 ---
 svc:
-  domain: "tick.serguzim.me"
+  domain: tick.serguzim.me
  name: influxdb
  port: 8086
-  data_dir: "/var/lib/influxdb2"
+  data_dir: /var/lib/influxdb2
 svc_yml:
  assets-path: ""
@ -10,7 +11,7 @@ svc_yml:
  e2e-testing: false
  engine-path: "{{ (svc.data_dir, 'engine') | path_join }}"
  feature-flags: {}
-  http-bind-address: 0.0.0.0:{{ svc.port }}
+  http-bind-address: "0.0.0.0:{{ svc.port }}"
  influxql-max-select-buckets: 0
  influxql-max-select-point: 0
  influxql-max-select-series: 0
@ -42,7 +43,7 @@ svc_yml:
  storage-shard-precreator-check-interval: 10m0s
  storage-tsm-use-madv-willneed: false
  storage-validate-keys: false
-  storage-wal-fsync-delay: 0s
+  storage-wal-fsync-delay: "0s"
  store: bolt
  testing-always-allow-setup: false
  tls-cert: ""
@ -55,7 +56,7 @@ svc_yml:
  vault-capath: ""
  vault-client-cert: ""
  vault-client-key: ""
-  vault-client-timeout: 0s
+  vault-client-timeout: "0s"
  vault-max-retries: 0
  vault-skip-verify: false
  vault-tls-server-name: ""
--- a/_ansible/roles/jellyfin/tasks/main.yml
+++ b/_ansible/roles/jellyfin/tasks/main.yml
@ -4,4 +4,5 @@
    - jellyfin
    - media
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/jellyfin/vars/main.yml
+++ b/_ansible/roles/jellyfin/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "media.serguzim.me"
+  domain: media.serguzim.me
  name: jellyfin
  port: 8096
  db:
@ -7,7 +8,7 @@ svc:
    port: "{{ postgres.port }}"
 svc_env:
-  JELLYFIN_PublishedServerUrl: "https://{{ svc. domain }}"
+  JELLYFIN_PublishedServerUrl: https://{{ svc.domain }}
 compose:
  watchtower: true
@ -25,4 +26,3 @@ compose:
      config:
      cache:
      media:
--- a/_ansible/roles/mailcow/tasks/main.yml
+++ b/_ansible/roles/mailcow/tasks/main.yml
@ -4,4 +4,5 @@
    - mailcow
    - email
  block:
-    - import_tasks: steps/template-site-config.yml
+    - name: Import tasks to template the site for the reverse proxy
      ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
--- a/_ansible/roles/mailcow/vars/main.yml
+++ b/_ansible/roles/mailcow/vars/main.yml
@ -1,3 +1,4 @@
 ---
 svc:
  name: mailcow
  domain: mail.serguzim.me
--- a/_ansible/roles/minecraft-2/tasks/main.yml
+++ b/_ansible/roles/minecraft-2/tasks/main.yml
@ -5,4 +5,5 @@
    - minecraft
    - games
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/minecraft-2/vars/main.yml
+++ b/_ansible/roles/minecraft-2/vars/main.yml
@ -1,3 +1,4 @@
 ---
 svc:
  name: minecraft-2
@ -63,6 +64,6 @@ compose:
    services:
      app:
        ports:
-          - "25565:25565"
+          - 25565:25565
    volumes:
      data:
--- a/_ansible/roles/minio/tasks/main.yml
+++ b/_ansible/roles/minio/tasks/main.yml
@ -4,4 +4,5 @@
    - minio
    - storage
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/minio/vars/main.yml
+++ b/_ansible/roles/minio/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "s3.serguzim.me"
+  domain: s3.serguzim.me
  name: minio
  port: 9000
  caddy_extra: |
@ -13,9 +14,9 @@ svc:
      port: 9001
 svc_env:
-  MINIO_SERVER_URL: "https://{{ svc.domain }}/"
+  MINIO_SERVER_URL: https://{{ svc.domain }}/
-  MINIO_BROWSER_REDIRECT_URL: "https://console.{{ svc.domain }}"
+  MINIO_BROWSER_REDIRECT_URL: https://console.{{ svc.domain }}
-  MINIO_VOLUMES: "/data"
+  MINIO_VOLUMES: /data
  MINIO_ROOT_USER: "{{ vault_minio.user }}"
  MINIO_ROOT_PASSWORD: "{{ vault_minio.pass }}"
--- a/_ansible/roles/synapse/tasks/main.yml
+++ b/_ansible/roles/synapse/tasks/main.yml
@ -4,11 +4,13 @@
    - synapse
    - matrix
  block:
-    - import_tasks: prepare-common-service.yml
+    - name: Import prepare tasks for common service
      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
    - name: Set synapse config path
      ansible.builtin.set_fact:
        config_path: "{{ (service_path, svc.config_path) | path_join }}"
    - name: Create config directory
      ansible.builtin.file:
        path: "{{ config_path }}"
@ -25,12 +27,13 @@
      ansible.builtin.copy:
        src: msrg.cc.log.config
        dest: "{{ (config_path, 'msrg.cc.log.config') | path_join }}"
-        mode: '0644'
+        mode: "0644"
    - name: Copy the signing key
      ansible.builtin.copy:
        content: "{{ vault_synapse.signing_key }}"
        dest: "{{ (config_path, 'msrg.cc.signing.key') | path_join }}"
-        mode: '0644'
+        mode: "0644"
-    - import_tasks: start-common-service.yml
+    - name: Import start tasks for common service
      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/_ansible/roles/synapse/vars/main.yml
+++ b/_ansible/roles/synapse/vars/main.yml
@ -1,6 +1,7 @@
 ---
 svc:
  name: synapse
-  domain: "matrix.msrg.cc"
+  domain: matrix.msrg.cc
  docker_host: synapse-admin
  port: 80
  caddy_extra: |
@ -11,7 +12,7 @@ svc:
        reverse_proxy synapse:8008
    }
  extra_svcs:
-    - domain: "msrg.cc:8008"
+    - domain: msrg.cc:8008
      additional_domains:
        - matrix.msrg.cc:8448
        - matrix.msrg.cc:8008
@ -30,7 +31,7 @@ svc_env:
  REACT_APP_SERVER: https://matrix.msrg.cc
 svc_yml:
-  server_name: "msrg.cc"
+  server_name: msrg.cc
  pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
  public_baseurl: https://matrix.msrg.cc/
  allow_public_rooms_without_auth: true
@ -48,13 +49,13 @@ svc_yml:
            - metrics
          compress: false
-  admin_contact: "mailto:{{ admin_email }}"
+  admin_contact: mailto:{{ admin_email }}
  acme:
    enabled: false
  database:
-   name: "psycopg2"
+    name: psycopg2
    args:
      user: "{{ svc.db.user }}"
      password: "{{ svc.db.pass }}"
@ -64,7 +65,7 @@ svc_yml:
      cp_max: 10
  log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}"
-  media_store_path: "/media_store"
+  media_store_path: /media_store
  max_upload_size: 500M
  enable_registration: false
  enable_metrics: true
@ -75,19 +76,19 @@ svc_yml:
  signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}"
  trusted_key_servers:
-    - server_name: "matrix.org"
+    - server_name: matrix.org
  suppress_key_server_warning: true
  oidc_providers:
-    - idp_id: "auth_serguzim_me"
+    - idp_id: auth_serguzim_me
-      idp_name: "auth.serguzim.me"
+      idp_name: auth.serguzim.me
-      issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
+      issuer: https://auth.serguzim.me/application/o/matrix_serguzim_me/
      client_id: "{{ vault_synapse.oidc_client.id }}"
      client_secret: "{{ vault_synapse.oidc_client.secret }}"
      scopes:
-        - "openid"
+        - openid
-        - "profile"
+        - profile
-        - "email"
+        - email
      user_mapping_provider:
        config:
          localpart_template: "{{ '{{ user.preferred_username }}' }}"
@ -96,10 +97,10 @@ svc_yml:
  email:
    smtp_host: mail.serguzim.me
    smtp_port: 587
-    smtp_user: "matrix@serguzim.me"
+    smtp_user: matrix@serguzim.me
    smtp_pass: "{{ vault_synapse.mail.pass }}"
    require_transport_security: true
-    notif_from: "Matrix <matrix@serguzim.me>"
+    notif_from: Matrix <matrix@serguzim.me>
 compose:
  watchtower: true
--- a/_ansible/roles/tandoor/tasks/main.yml
+++ b/_ansible/roles/tandoor/tasks/main.yml
@ -4,4 +4,5 @@
    - tandoor
    - recipies
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/tandoor/vars/main.yml
+++ b/_ansible/roles/tandoor/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "recipes.serguzim.me"
+  domain: recipes.serguzim.me
  name: tandoor
  port: 80
  db:
@ -18,7 +19,7 @@ svc_env:
  TZ: "{{ timezone }}"
  DB_ENGINE: django.db.backends.postgresql
-  DB_OPTIONS: "{\"sslmode\": \"require\"}"
+  DB_OPTIONS: '{"sslmode": "require"}'
  POSTGRES_HOST: "{{ svc.db.host }}"
  POSTGRES_PORT: "{{ svc.db.port }}"
  POSTGRES_DB: "{{ svc.db.database }}"
@ -61,4 +62,3 @@ compose:
      nginx_config:
      staticfiles:
      mediafiles:
--- a/_ansible/roles/telegraf/tasks/main.yml
+++ b/_ansible/roles/telegraf/tasks/main.yml
@ -4,8 +4,8 @@
    - telegraf
    - monitoring
  block:
-    - import_tasks: steps/create-service-directory.yml
+    - name: Import prepare tasks for common service
-    - import_tasks: steps/template-docker-compose.yml
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
    - name: Template config
      ansible.builtin.template:
@ -14,10 +14,10 @@
        mode: "0664"
      register: cmd_result
    - name: Set the docker force-recreate flag
      ansible.builtin.set_fact:
-        docker_force_recreate: "--force-recreate"
+        docker_force_recreate: --force-recreate
-      when: cmd_result.changed
+      when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
-    - import_tasks: steps/start-service.yml
+    - name: Import start tasks for common service
      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/_ansible/roles/telegraf/vars/main.yml
+++ b/_ansible/roles/telegraf/vars/main.yml
@ -1,7 +1,8 @@
 ---
 svc:
  name: telegraf
  influxdb:
-    url: "https://tick.serguzim.me"
+    url: https://tick.serguzim.me
    token: "{{ vault_telegraf.influxdb_token }}"
    organization: serguzim.net
    bucket: metrics
@ -17,9 +18,9 @@ svc:
    pass: "{{ vault_telegraf.db.pass }}"
    host: "{{ postgres.host }}"
    port: "{{ postgres.port }}"
-    database: "telegraf"
+    database: telegraf
  docker_log:
-    endpoint: "unix:///var/run/docker.sock"
+    endpoint: unix:///var/run/docker.sock
    # from_beginning: false
    # timeout: "5s"
--- a/_ansible/roles/tinytinyrss/tasks/main.yml
+++ b/_ansible/roles/tinytinyrss/tasks/main.yml
@ -5,12 +5,14 @@
    - tt-rss
    - news
  block:
-    - import_tasks: prepare-common-service.yml
+    - name: Import prepare tasks for common service
      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
    - name: Copy the nginx-config
      ansible.builtin.copy:
        src: nginx.conf
        dest: "{{ (service_path, 'nginx.conf') | path_join }}"
-        mode: '0644'
+        mode: "0644"
-    - import_tasks: start-common-service.yml
+    - name: Import start tasks for common service
      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/_ansible/roles/tinytinyrss/vars/main.yml
+++ b/_ansible/roles/tinytinyrss/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "rss.serguzim.me"
+  domain: rss.serguzim.me
  name: tinytinyrss
  port: 80
  db:
@ -39,7 +40,6 @@ compose:
          - app:/var/www/html
        networks:
          default:
      updater:
        image: cthulhoo/ttrss-fpm-pgsql-static
        restart: always
@ -54,4 +54,3 @@ compose:
          default:
    volumes:
      app:
--- a/_ansible/roles/umami/tasks/main.yml
+++ b/_ansible/roles/umami/tasks/main.yml
@ -4,4 +4,5 @@
    - umami
    - analytics
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/umami/vars/main.yml
+++ b/_ansible/roles/umami/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "analytics.serguzim.me"
+  domain: analytics.serguzim.me
  name: umami
  port: 3000
  db:
--- a/_ansible/roles/uptime-kuma/tasks/main.yml
+++ b/_ansible/roles/uptime-kuma/tasks/main.yml
@ -4,4 +4,5 @@
    - uptime-kuma
    - status
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/uptime-kuma/vars/main.yml
+++ b/_ansible/roles/uptime-kuma/vars/main.yml
@ -1,7 +1,8 @@
 ---
 svc:
-  domain: "status.serguzim.me"
+  domain: status.serguzim.me
  additional_domains:
-    - "status.serguzim.net"
+    - status.serguzim.net
  name: uptime-kuma
  port: 3001
@ -13,4 +14,3 @@ compose:
  file:
    volumes:
      data:
--- a/_ansible/roles/watchtower/tasks/main.yml
+++ b/_ansible/roles/watchtower/tasks/main.yml
@ -4,10 +4,11 @@
    - watchtower
    - container
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
    - name: Copy the run-once script
      ansible.builtin.copy:
        src: run-once.sh
        dest: "{{ (service_path, 'run-once.sh') | path_join }}"
-        mode: '0755'
+        mode: "0755"
--- a/_ansible/roles/watchtower/vars/main.yml
+++ b/_ansible/roles/watchtower/vars/main.yml
@ -1,3 +1,4 @@
 ---
 svc:
  name: watchtower
--- a/_ansible/roles/webdis/tasks/main.yml
+++ b/_ansible/roles/webdis/tasks/main.yml
@ -3,12 +3,14 @@
  tags:
    - webdis
  block:
-    - import_tasks: steps/create-service-directory.yml
+    - name: Import prepare tasks for common service
      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
    - name: Copy the config
      ansible.builtin.copy:
        src: webdis.json
        dest: "{{ (service_path, 'webdis.json') | path_join }}"
-        mode: '0755'
+        mode: "0755"
-    - import_tasks: deploy-common-service.yml
+    - name: Import start tasks for common service
      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/_ansible/roles/webdis/vars/main.yml
+++ b/_ansible/roles/webdis/vars/main.yml
@ -1,6 +1,7 @@
 ---
 svc:
  name: webdis
-  domain: "webdis.huck.serguzim.me"
+  domain: webdis.huck.serguzim.me
  port: 7379
 compose:
--- a/_ansible/roles/wiki-js/tasks/main.yml
+++ b/_ansible/roles/wiki-js/tasks/main.yml
@ -3,4 +3,5 @@
  tags:
    - wiki-js
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/wiki-js/vars/main.yml
+++ b/_ansible/roles/wiki-js/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "wiki.serguzim.me"
+  domain: wiki.serguzim.me
  name: wiki-js
  port: 3000
  db:
@ -7,7 +8,7 @@ svc:
    port: "{{ postgres.port }}"
    user: "{{ vault_wiki_js.db.user }}"
    pass: "{{ vault_wiki_js.db.pass }}"
-    name: "wikijs"
+    name: wikijs
 svc_env:
  DB_TYPE: postgres
--- a/_ansible/roles/woodpecker/tasks/main.yml
+++ b/_ansible/roles/woodpecker/tasks/main.yml
@ -4,4 +4,5 @@
    - woodpecker
    - ci
  block:
-    - import_tasks: deploy-common-service.yml
+    - name: Import tasks to deploy common service
      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/_ansible/roles/woodpecker/vars/main.yml
+++ b/_ansible/roles/woodpecker/vars/main.yml
@ -1,5 +1,6 @@
 ---
 svc:
-  domain: "ci.serguzim.me"
+  domain: ci.serguzim.me
  name: woodpecker
  port: 8000
  extra_svcs:
@ -15,8 +16,8 @@ svc:
 svc_env:
  WOODPECKER_OPEN: true
-  WOODPECKER_HOST: "https://{{ svc.domain }}"
+  WOODPECKER_HOST: https://{{ svc.domain }}
-  WOODPECKER_ADMIN: "serguzim"
+  WOODPECKER_ADMIN: serguzim
  WOODPECKER_AGENT_SECRET: "{{ vault_woodpecker.agent_secret }}"
  WOODPECKER_PROMETHEUS_AUTH_TOKEN: "{{ vault_metrics_token }}"
@ -24,12 +25,12 @@ svc_env:
  WOODPECKER_GRPC_SECURE: true
  WOODPECKER_GITEA: true
-  WOODPECKER_GITEA_URL: "https://git.serguzim.me"
+  WOODPECKER_GITEA_URL: https://git.serguzim.me
  WOODPECKER_GITEA_CLIENT: "{{ vault_woodpecker.gitea.client }}"
  WOODPECKER_GITEA_SECRET: "{{ vault_woodpecker.gitea.secret }}"
-  WOODPECKER_DATABASE_DRIVER: "postgres"
+  WOODPECKER_DATABASE_DRIVER: postgres
-  WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full"
+  WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full
 compose:
  watchtower: true
--- a/_ansible/tasks/deploy-common-service.yml
+++ b/_ansible/tasks/deploy-common-service.yml
@ -1,2 +1,5 @@
- import_tasks: prepare-common-service.yml
+---
- import_tasks: start-common-service.yml
+- name: Import prepare tasks for common service
  ansible.builtin.import_tasks: tasks/prepare-common-service.yml
 - name: Import start tasks for common service
  ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/_ansible/tasks/prepare-common-service.yml
+++ b/_ansible/tasks/prepare-common-service.yml
@ -1,4 +1,11 @@
- import_tasks: steps/create-service-directory.yml
+---
- import_tasks: steps/template-docker-compose.yml
+- name: Import tasks to create service directory
- import_tasks: steps/template-service-env.yml
+  ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
-  when: compose.env|default(False) == True
+
 - name: Import tasks to template docker compose file
  ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml
  when: not no_compose|default(False) # TODO remove when fixing "var-naming[no-role-prefix]"
 - name: Import tasks create a service.env file
  ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
  when: compose.env|default(False)
--- a/_ansible/tasks/start-common-service.yml
+++ b/_ansible/tasks/start-common-service.yml
@ -1,3 +1,6 @@
- include_tasks: steps/template-site-config.yml
+---
 - name: Import tasks to template the site for the reverse proxy
  ansible.builtin.include_tasks: tasks/steps/template-site-config.yml
  when: svc.domain is defined
- import_tasks: steps/start-service.yml
+- name: Import tasks to start the service
  ansible.builtin.import_tasks: tasks/steps/start-service.yml
--- a/_ansible/tasks/steps/create-service-directory.yml
+++ b/_ansible/tasks/steps/create-service-directory.yml
@ -1,3 +1,4 @@
 ---
 - name: Set common facts
  ansible.builtin.set_fact:
    service_path: "{{ (services_path, svc.name) | path_join }}"
--- a/_ansible/tasks/steps/start-service.yml
+++ b/_ansible/tasks/steps/start-service.yml
@ -1,3 +1,4 @@
 ---
 - name: Build service
  ansible.builtin.command:
    cmd: docker compose build --pull
@ -7,7 +8,7 @@
    - docker_update is defined
    - docker_update
  register: cmd_result
-  changed_when: True
+  changed_when: true
 - name: Pull service
  ansible.builtin.command:
@ -18,7 +19,7 @@
    - docker_update is defined
    - docker_update
  register: cmd_result
-  changed_when: True
+  changed_when: true
 - name: Start service
  ansible.builtin.command:
@ -26,4 +27,4 @@
    chdir: "{{ service_path }}"
  when: "'local-dev' != inventory_hostname"
  register: cmd_result
-  changed_when: "cmd_result.stderr | regex_search('Started$')"
+  changed_when: cmd_result.stderr | regex_search('Started$')
--- a/_ansible/tasks/steps/template-docker-compose.yml
+++ b/_ansible/tasks/steps/template-docker-compose.yml
@ -1,3 +1,4 @@
 ---
 - name: Template docker-compose
  ansible.builtin.template:
    src: docker-compose.yml.j2
--- a/_ansible/tasks/steps/template-service-env.yml
+++ b/_ansible/tasks/steps/template-service-env.yml
@ -1,3 +1,4 @@
 ---
 - name: Template service.env file
  ansible.builtin.template:
    src: service.env.j2
--- a/_ansible/tasks/steps/template-site-config.yml
+++ b/_ansible/tasks/steps/template-site-config.yml
@ -1,3 +1,4 @@
 ---
 - name: Template caddy site
  ansible.builtin.template:
    src: caddy_site.conf.j2