Remove unneeded quotes

group_vars/all/vars.yml

@@ -6,7 +6,7 @@ hostname: pi
 timezone: Europe/Copenhagen
 
 hdd_name: storage
-hdd_mount_point: "/opt/{{ hdd_name }}"
+hdd_mount_point: /opt/{{ hdd_name }}
 
 ssd_name: pi-ssd
-ssd_mount_point: "/opt/{{ ssd_name }}"
+ssd_mount_point: /opt/{{ ssd_name }}

playbook.yml

@@ -4,13 +4,13 @@
   hosts: all
   gather_facts: true
   become: true
-
   tasks:
     - name: Run OS configuration role
       import_role:
         name: os_config
       tags:
         - os
+
     - name: Run Docker role
       import_role:
         name: docker

roles/docker/defaults/main.yml

@@ -13,26 +13,26 @@ services:
 
   restic:
     repo: /restic
-    version: 1.6
+    version: '1.6'
 
   nextcloud:
-    domain: "cloud.{{ base_domain }}"
+    domain: cloud.{{ base_domain }}
     volume: "{{ base_volume }}/nextcloud"
     version: 25-apache
     postgres_version: 14-alpine
     redis_version: 7-alpine
 
   emby:
-    domain: "watch.{{ base_domain }}"
+    domain: watch.{{ base_domain }}
     volume: "{{ base_volume }}/emby"
     version: latest
 
   monerod:
-    domain: "xmr.{{ base_domain }}"
+    domain: xmr.{{ base_domain }}
     version: latest
 
   wireguard:
-    domain: "wg01.vpn.{{ base_domain }}"
+    domain: wg01.vpn.{{ base_domain }}
     volume: "{{ base_volume }}/wireguard"
     version: arm64v8-alpine
 

roles/docker/tasks/main.yml

@@ -2,7 +2,7 @@
 ---
 - name: Add Docker PGP key
   apt_key:
-    keyserver: keys.openpgp.org
+    keyserver: keyserver.ubuntu.com
     id: '0x8D81803C0EBFCD88'
     state: present
 

roles/docker/tasks/services.yml

@@ -33,11 +33,11 @@
     state: present
 
 - name: Deploy services
-  include_tasks: "services/{{ item.service }}.yml"
+  include_tasks: services/{{ item.key }}.yml
-  loop: "{{ services | dict2items(key_name='service') }}"
+  loop: "{{ services | dict2items }}"
   when: single_service is not defined
 
 - name: Deploy single service
-  include_tasks: "services/{{ single_service }}.yml"
+  include_tasks: services/{{ single_service }}.yml
   when: single_service is defined and
         single_service in services

roles/docker/tasks/services/caddy.yml

@@ -22,14 +22,14 @@
 - name: Deploy Caddy Docker container
   docker_container:
     name: caddy
-    image: "caddy:{{ services.caddy.version }}"
+    image: caddy:{{ services.caddy.version }}
     restart_policy: unless-stopped
     networks:
       - name: services
         ipv4_address: 172.16.0.2
     published_ports:
-      - '80:80/tcp'
+      - 80:80/tcp
-      - '443:443/tcp'
+      - 443:443/tcp
     volumes:
       - "{{ services.caddy.volume }}/Caddyfile:/etc/caddy/Caddyfile:ro"
       - "{{ services.caddy.volume }}/config:/config:rw"

roles/docker/tasks/services/emby.yml

@@ -16,7 +16,7 @@
 - name: Deploy Emby Docker container
   docker_container:
     name: emby_app
-    image: "emby/embyserver_arm64v8:{{ services.emby.version }}"
+    image: emby/embyserver_arm64v8:{{ services.emby.version }}
     restart_policy: unless-stopped
     env:
       UID: '1000'
@@ -30,6 +30,6 @@
       - "{{ services.emby.volume }}/tvshows:/mnt/share1:rw"
       - "{{ services.emby.volume }}/movies:/mnt/share2:rw"
     published_ports:
-      - '8096:8096'
+      - 0.0.0.0:8096:8096/tcp
     devices:
       - /dev/vchiq:/dev/vchiq  # MMAL/OMX on Raspberry Pi

roles/docker/tasks/services/monerod.yml

@@ -8,7 +8,7 @@
 - name: Deploy Monero node Docker container
   docker_container:
     name: monerod_node
-    image: "sethsimmons/simple-monerod:{{ services.monerod.version }}"
+    image: sethsimmons/simple-monerod:{{ services.monerod.version }}
     restart_policy: unless-stopped
     networks:
       - name: services
@@ -17,4 +17,4 @@
     volumes:
       - monerod-node-blockchain:/home/monero/.bitmonero:rw
     published_ports:
-      - '18080:18080'
+      - 18080:18080/tcp

roles/docker/tasks/services/nextcloud.yml

@@ -17,7 +17,7 @@
 
 - name: Copy Apache2 config files
   copy:
-    src: "nextcloud/apache2/{{ file }}"
+    src: nextcloud/apache2/{{ file }}
     dest: "{{ services.nextcloud.volume }}/apache2/{{ file }}"
     owner: root
     mode: u=rw,g=r,o=r
@@ -36,7 +36,7 @@
 
       services:
         postgres:
-          image: "postgres:{{ services.nextcloud.postgres_version }}"
+          image: postgres:{{ services.nextcloud.postgres_version }}
           restart: unless-stopped
           environment:
             POSTGRES_DB: nextcloud
@@ -46,14 +46,14 @@
             - "{{ services.nextcloud.volume }}/postgres:/var/lib/postgresql/data:rw"
 
         redis:
-          image: "redis:{{ services.nextcloud.redis_version }}"
+          image: redis:{{ services.nextcloud.redis_version }}
           restart: unless-stopped
-          command: "redis-server --requirepass {{ secrets.nextcloud.redis_pw }}"
+          command: redis-server --requirepass {{ secrets.nextcloud.redis_pw }}
           tmpfs:
             - /var/lib/redis
 
         cron:
-          image: "nextcloud:{{ services.nextcloud.version }}"
+          image: nextcloud:{{ services.nextcloud.version }}
           restart: unless-stopped
           entrypoint: /cron.sh
           volumes:
@@ -63,7 +63,7 @@
             - redis
 
         app:
-          image: "nextcloud:{{ services.nextcloud.version }}"
+          image: nextcloud:{{ services.nextcloud.version }}
           restart: unless-stopped
           environment:
             POSTGRES_HOST: postgres

roles/docker/tasks/services/restic.yml

@@ -9,12 +9,12 @@
 
       services:
         backup:
-          image: "mazzolino/restic:{{ services.restic.version }}"
+          image: mazzolino/restic:{{ services.restic.version }}
           restart: unless-stopped
           environment:
             RUN_ON_STARTUP: 'false'
-            BACKUP_CRON: '0 0 3 * * *'
+            BACKUP_CRON: 0 0 3 * * *
-            RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
+            RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}
             RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
             RESTIC_BACKUP_SOURCES: /mnt/volumes
             RESTIC_BACKUP_ARGS: >-
@@ -35,12 +35,12 @@
             - "{{ services.emby.volume }}/programdata:/mnt/volumes/emby/programdata:ro"
 
         prune:
-          image: "mazzolino/restic:{{ services.restic.version }}"
+          image: mazzolino/restic:{{ services.restic.version }}
           restart: unless-stopped
           environment:
             RUN_ON_STARTUP: 'false'
-            PRUNE_CRON: '0 0 4 * * *'
+            PRUNE_CRON: 0 0 4 * * *
-            RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
+            RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}
             RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
             RESTIC_PRUNE_ARGS: >-
               --verbose
@@ -49,12 +49,12 @@
             TZ: "{{ timezone }}"
 
         check:
-          image: "mazzolino/restic:{{ services.restic.version }}"
+          image: mazzolino/restic:{{ services.restic.version }}
           restart: unless-stopped
           environment:
             RUN_ON_STARTUP: 'false'
-            CHECK_CRON: '0 0 5 * * *'
+            CHECK_CRON: 0 0 5 * * *
-            RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
+            RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}
             RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
             RESTIC_CHECK_ARGS: >-
               --verbose

roles/docker/tasks/services/snowflake.yml

@@ -3,6 +3,6 @@
 - name: Deploy snowflake-proxy Docker container
   docker_container:
     name: snowflake-proxy
-    image: "thetorproject/snowflake-proxy:{{ services.snowflake.version }}"
+    image: thetorproject/snowflake-proxy:{{ services.snowflake.version }}
     restart_policy: unless-stopped
     network_mode: host

roles/docker/tasks/services/watchtower.yml

@@ -3,7 +3,7 @@
 - name: Deploy Watchtower Docker container
   docker_container:
     name: watchtower
-    image: "containrrr/watchtower:{{ services.watchtower.version }}"
+    image: containrrr/watchtower:{{ services.watchtower.version }}
     restart_policy: unless-stopped
     env:
       WATCHTOWER_POLL_INTERVAL: '3600'

roles/docker/tasks/services/wireguard.yml

@@ -10,7 +10,7 @@
 - name: Deploy Wireguard Docker container
   docker_container:
     name: wireguard
-    image: "linuxserver/wireguard:{{ services.wireguard.version }}"
+    image: linuxserver/wireguard:{{ services.wireguard.version }}
     restart_policy: unless-stopped
     env:
       SERVERURL: "{{ services.wireguard.domain }}"
@@ -22,7 +22,7 @@
       - "{{ services.wireguard.volume }}:/config:rw"
       - /lib/modules:/lib/modules:rw
     published_ports:
-      - '51820:51820/udp'
+      - 51820:51820/udp
     capabilities:
       - net_admin
       - sys_module

roles/os_config/handlers/main.yml

@@ -3,30 +3,30 @@
 - name: Create .env for apt-update-push
   template:
     src: env.j2
-    dest: "/home/{{ ansible_user }}/apt-update-push/.env"
+    dest: /home/{{ ansible_user }}/apt-update-push/.env
     owner: root
     mode: u=rw,go=
   listen: apt-update-push
 
 - name: Install apt-update-push
-  command: "/home/{{ ansible_user }}/apt-update-push/install.sh"
+  command: /home/{{ ansible_user }}/apt-update-push/install.sh
   listen: apt-update-push
 
 - name: Change GPIO_PIN
   lineinfile:
     regexp: '^GPIO_PIN = '
     line: GPIO_PIN = 14
-    dest: "/home/{{ ansible_user }}/pi-fan-controller/fancontrol.py"
+    dest: /home/{{ ansible_user }}/pi-fan-controller/fancontrol.py
   listen: pi-fan-controller
 
 - name: Install requirements for pi-fan-controller
   pip:
-    requirements: "/home/{{ ansible_user }}/pi-fan-controller/requirements.txt"
+    requirements: /home/{{ ansible_user }}/pi-fan-controller/requirements.txt
     executable: pip3
   listen: pi-fan-controller
 
 - name: Install pi-fan-controller
-  command: "/home/{{ ansible_user }}/pi-fan-controller/script/install"
+  command: /home/{{ ansible_user }}/pi-fan-controller/script/install
   listen: pi-fan-controller
 
 - name: Restart sshd

roles/os_config/tasks/base.yml

@@ -30,7 +30,7 @@
 
 - name: Clone apt-update-push
   git:
-    dest: "/home/{{ ansible_user }}/apt-update-push"
+    dest: /home/{{ ansible_user }}/apt-update-push
     repo: https://github.com/samsapti/apt-update-push.git
     clone: true
     update: true
@@ -41,7 +41,7 @@
 
 - name: Clone pi-fan-controller
   git:
-    dest: "/home/{{ ansible_user }}/pi-fan-controller"
+    dest: /home/{{ ansible_user }}/pi-fan-controller
     repo: https://github.com/Howchoo/pi-fan-controller.git
     clone: true
     update: false

roles/os_config/tasks/disks.yml

@@ -19,8 +19,8 @@
     fstype: ext4
     state: present
   loop:
-    - "/dev/mapper/{{ hdd_name }}"
+    - /dev/mapper/{{ hdd_name }}
-    - "/dev/mapper/{{ ssd_name }}"
+    - /dev/mapper/{{ ssd_name }}
   when: ansible_mounts | selectattr('device', 'eq', item) | length == 0
 
 - name: Mount filesystems
@@ -31,9 +31,9 @@
     fstab: /tmp/fstab.ansible
     state: mounted
   loop:
-    - dev: "/dev/mapper/{{ hdd_name }}"
+    - dev: /dev/mapper/{{ hdd_name }}
       path: "{{ hdd_mount_point }}"
-    - dev: "/dev/mapper/{{ ssd_name }}"
+    - dev: /dev/mapper/{{ ssd_name }}
       path: "{{ ssd_mount_point }}"
   when: ansible_mounts | selectattr('device', 'eq', item.dev) | length == 0
 

roles/os_config/tasks/firewall.yml

@@ -6,12 +6,12 @@
     port: "{{ item.port }}"
     proto: "{{ item.proto | default('tcp') }}"
   loop:
-    - port: 22     # SSH
+    - port: '22'     # SSH
-    - port: 80     # HTTP
+    - port: '80'     # HTTP
-    - port: 443    # HTTPS
+    - port: '443'    # HTTPS
-    - port: 18080  # monerod P2P
+    - port: '18080'  # monerod P2P
-    - port: 18089  # monerod RPC
+    - port: '18089'  # monerod RPC
-    - port: 51820  # Wireguard
+    - port: '51820'  # Wireguard
       proto: udp
 
 - name: Enable UFW