Linting

.ansible-lint

@@ -66,9 +66,9 @@ warn_list:
   # - role-name
   # - yaml[document-start]  # you can also use sub-rule matches
 
-skip_list:
-  - fqcn[action-core]
-  - fqcn[action]
+# skip_list:
+  # - fqcn[action-core]
+  # - fqcn[action]
 
 # Some rules can transform files to fix (or make it easier to fix) identified
 # errors. `ansible-lint --write` will reformat YAML files and run these transforms.

roles/docker_services/tasks/main.yml

@@ -1,19 +1,19 @@
 # vim: ft=yaml.ansible
 ---
 - name: Add Docker PGP key
-  apt_key:
+  ansible.builtin.apt_key:
     keyserver: keyserver.ubuntu.com
     id: '0x8D81803C0EBFCD88'
     state: present
 
 - name: Add Docker apt repository
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: 'deb [arch=arm64] https://download.docker.com/linux/ubuntu focal stable'
     state: present
     update_cache: true
 
 - name: Install Docker
-  apt:
+  ansible.builtin.apt:
     name: "{{ pkgs }}"
     state: present
   vars:
@@ -22,13 +22,13 @@
       - docker-compose-plugin
 
 - name: Create docker-compose symlink
-  file:
+  ansible.builtin.file:
     name: /usr/local/bin/docker-compose
     src: /usr/libexec/docker/cli-plugins/docker-compose
     state: link
 
 - name: Install Python bindings for Docker
-  pip:
+  ansible.builtin.pip:
     name: "{{ pkgs }}"
     state: present
     executable: pip3
@@ -38,7 +38,7 @@
       - docker-compose
 
 - name: Set up Docker services
-  import_tasks: services.yml
+  ansible.builtin.import_tasks: services.yml
   tags:
     - services
     - reboot

roles/docker_services/tasks/services.yml

@@ -1,7 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 - name: Copy Docker daemon config file
-  template:
+  ansible.builtin.template:
     src: daemon.json.j2
     dest: /etc/docker/daemon.json
     owner: root
@@ -9,7 +9,7 @@
   register: daemon_config
 
 - name: Disable and (re)start Docker daemon
-  service:
+  ansible.builtin.service:
     name: "{{ item }}"
     enabled: false
     state: "{{ 'restarted' if daemon_config.changed else 'started' }}"
@@ -18,14 +18,14 @@
     - docker.service
 
 - name: Create base directory for Docker volumes
-  file:
+  ansible.builtin.file:
     name: "{{ base_volume }}"
     owner: "{{ ansible_user }}"
     mode: u=rwx,g=rx,o=rx
     state: directory
 
 - name: Create Docker network for services
-  docker_network:
+  community.docker.docker_network:
     name: services
     ipam_config:
       - subnet: 172.16.0.0/16
@@ -33,11 +33,11 @@
     state: present
 
 - name: Deploy services
-  include_tasks: services/{{ item.key }}.yml
+  ansible.builtin.include_tasks: services/{{ item.key }}.yml
   loop: "{{ services | dict2items }}"
   when: single_service is not defined
 
 - name: Deploy single service
-  include_tasks: services/{{ single_service }}.yml
+  ansible.builtin.include_tasks: services/{{ single_service }}.yml
   when: single_service is defined and
         single_service in services

roles/docker_services/tasks/services/caddy.yml

@@ -1,7 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 - name: Create Caddy volume directories
-  file:
+  ansible.builtin.file:
     name: "{{ services.caddy.volume }}/{{ dir }}"
     owner: root
     mode: u=rwx,g=rx,o=rx
@@ -13,14 +13,14 @@
     loop_var: dir
 
 - name: Copy Caddyfile
-  template:
+  ansible.builtin.template:
     src: Caddyfile.j2
     dest: "{{ services.caddy.volume }}/Caddyfile"
     owner: root
     mode: u=rw,g=r,o=r
 
 - name: Deploy Caddy Docker container
-  docker_container:
+  community.docker.docker_container:
     name: caddy
     image: caddy:{{ services.caddy.version }}
     restart_policy: always

roles/docker_services/tasks/services/emby.yml

@@ -1,7 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 - name: Create Emby volume directories
-  file:
+  ansible.builtin.file:
     name: "{{ services.emby.volume }}/{{ dir }}"
     owner: "{{ ansible_user }}"
     mode: u=rwx,g=rx,o=rx
@@ -14,7 +14,7 @@
     loop_var: dir
 
 - name: Deploy Emby Docker container
-  docker_container:
+  community.docker.docker_container:
     name: emby_app
     image: emby/embyserver_arm64v8:{{ services.emby.version }}
     restart_policy: always

roles/docker_services/tasks/services/monerod.yml

@@ -1,12 +1,12 @@
 # vim: ft=yaml.ansible
 ---
 - name: Create Docker volume for Monero blockchain data
-  docker_volume:
+  community.docker.docker_volume:
     volume_name: monerod-node-blockchain
     state: present
 
 - name: Deploy Monero node Docker container
-  docker_container:
+  community.docker.docker_container:
     name: monerod_node
     image: sethsimmons/simple-monerod:{{ services.monerod.version }}
     restart_policy: always

roles/docker_services/tasks/services/nextcloud.yml

@@ -1,14 +1,14 @@
 # vim: ft=yaml.ansible
 ---
 - name: Create Nextcloud apache2 directory
-  file:
+  ansible.builtin.file:
     name: "{{ services.nextcloud.volume }}/apache2"
     owner: root
     mode: u=rwx,g=rx,o=rx
     state: directory
 
 - name: Create Nextcloud app directory
-  file:
+  ansible.builtin.file:
     name: "{{ services.nextcloud.volume }}/app"
     owner: root
     group: '33'
@@ -16,14 +16,14 @@
     state: directory
 
 - name: Create Nextcloud PostgreSQL directory
-  file:
+  ansible.builtin.file:
     name: "{{ services.nextcloud.volume }}/postgres"
     owner: '70'
     mode: u=rwx,go=
     state: directory
 
 - name: Copy Apache2 config files
-  copy:
+  ansible.builtin.copy:
     src: nextcloud/apache2/{{ file }}
     dest: "{{ services.nextcloud.volume }}/apache2/{{ file }}"
     owner: root
@@ -35,7 +35,7 @@
     loop_var: file
 
 - name: Deploy Nextcloud with Docker Compose
-  docker_compose:
+  community.docker.docker_compose:
     project_name: nextcloud
     pull: true
     definition:

roles/docker_services/tasks/services/postfix.yml

@@ -1,19 +1,19 @@
 # vim: ft=yaml.ansible
 ---
 - name: Create Docker network for Postfix
-  docker_network:
+  community.docker.docker_network:
     name: postfix
     state: present
 
 - name: Create Postfix volume directories
-  file:
+  ansible.builtin.file:
     name: "{{ services.postfix.volume }}/dkim"
     owner: root
     mode: u=rwx,g=rx,o=rx
     state: directory
 
 - name: Deploy Postfix Docker container
-  docker_container:
+  community.docker.docker_container:
     name: postfix
     image: boky/postfix:{{ services.postfix.version }}
     restart_policy: always

roles/docker_services/tasks/services/restic.yml

@@ -1,7 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 - name: Deploy Restic with Docker Compose
-  docker_compose:
+  community.docker.docker_compose:
     project_name: restic
     pull: true
     definition:

roles/docker_services/tasks/services/snowflake.yml

@@ -1,7 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 - name: Deploy snowflake-proxy Docker container
-  docker_container:
+  community.docker.docker_container:
     name: snowflake-proxy
     image: thetorproject/snowflake-proxy:{{ services.snowflake.version }}
     restart_policy: always

roles/docker_services/tasks/services/watchtower.yml

@@ -1,12 +1,12 @@
 # vim: ft=yaml.ansible
 ---
 - name: Create Docker network for Watchtower
-  docker_network:
+  community.docker.docker_network:
     name: watchtower
     state: present
 
 - name: Deploy Watchtower Docker container
-  docker_container:
+  community.docker.docker_container:
     name: watchtower
     image: containrrr/watchtower:{{ services.watchtower.version }}
     restart_policy: always

roles/docker_services/tasks/services/wireguard.yml

@@ -1,19 +1,19 @@
 # vim: ft=yaml.ansible
 ---
 - name: Create Wireguard volume directory
-  file:
+  ansible.builtin.file:
     name: "{{ services.wireguard.volume }}"
     owner: root
     mode: u=rwx,g=rx,o=rx
     state: directory
 
 - name: Create Docker network for Wireguard
-  docker_network:
+  community.docker.docker_network:
     name: wireguard
     state: present
 
 - name: Deploy Wireguard Docker container
-  docker_container:
+  community.docker.docker_container:
     name: wireguard
     image: linuxserver/wireguard:{{ services.wireguard.version }}
     restart_policy: always

roles/os_config/handlers/main.yml

@@ -1,7 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 - name: Create .env for apt-update-push
-  template:
+  ansible.builtin.template:
     src: env.j2
     dest: /home/{{ ansible_user }}/apt-update-push/.env
     owner: root
@@ -9,28 +9,28 @@
   listen: apt-update-push
 
 - name: Install apt-update-push
-  command: /home/{{ ansible_user }}/apt-update-push/install.sh
+  ansible.builtin.command: /home/{{ ansible_user }}/apt-update-push/install.sh
   listen: apt-update-push
 
 - name: Change GPIO_PIN
-  lineinfile:
+  ansible.builtin.lineinfile:
     regexp: '^GPIO_PIN = '
     line: GPIO_PIN = 14
     dest: /home/{{ ansible_user }}/pi-fan-controller/fancontrol.py
   listen: pi-fan-controller
 
 - name: Install requirements for pi-fan-controller
-  pip:
+  ansible.builtin.pip:
     requirements: /home/{{ ansible_user }}/pi-fan-controller/requirements.txt
     executable: pip3
   listen: pi-fan-controller
 
 - name: Install pi-fan-controller
-  command: /home/{{ ansible_user }}/pi-fan-controller/script/install
+  ansible.builtin.command: /home/{{ ansible_user }}/pi-fan-controller/script/install
   listen: pi-fan-controller
 
 - name: Restart sshd
-  service:
+  ansible.builtin.service:
     name: sshd
     state: restarted
   listen: sshd

roles/os_config/tasks/base.yml

@@ -1,20 +1,20 @@
 # vim: ft=yaml.ansible
 ---
 - name: Set hostname
-  hostname:
+  ansible.builtin.hostname:
     name: "{{ hostname }}"
 
 - name: Set timezone
-  timezone:
+  community.general.timezone:
     name: "{{ timezone }}"
 
 - name: Upgrade system packages
-  apt:
+  ansible.builtin.apt:
     update_cache: true
     upgrade: full
 
 - name: Install packages via apt
-  apt:
+  ansible.builtin.apt:
     name: "{{ pkgs }}"
     state: present
   vars:
@@ -29,7 +29,7 @@
       - unattended-upgrades
 
 - name: Clone apt-update-push
-  git:
+  ansible.builtin.git:
     dest: /home/{{ ansible_user }}/apt-update-push
     repo: https://github.com/samsapti/apt-update-push.git
     clone: true
@@ -40,7 +40,7 @@
   notify: apt-update-push
 
 - name: Clone pi-fan-controller
-  git:
+  ansible.builtin.git:
     dest: /home/{{ ansible_user }}/pi-fan-controller
     repo: https://github.com/Howchoo/pi-fan-controller.git
     clone: true

roles/os_config/tasks/disks.yml

@@ -1,7 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 - name: (Create and) open LUKS containers
-  luks_device:
+  community.crypto.luks_device:
     uuid: "{{ item.disk.uuid }}"
     passphrase: "{{ item.disk.luks_pw }}"
     name: "{{ item.name }}"
@@ -14,7 +14,7 @@
       name: "{{ ssd_name }}"
 
 - name: Create filesystems if they do not exist
-  filesystem:
+  community.general.filesystem:
     dev: "{{ item }}"
     fstype: ext4
     state: present
@@ -24,7 +24,7 @@
   when: ansible_mounts | selectattr('device', 'eq', item) | length == 0
 
 - name: Mount filesystems
-  mount:
+  ansible.posix.mount:
     src: "{{ item.dev }}"
     path: "{{ item.path }}"
     fstype: ext4
@@ -47,7 +47,7 @@
   when: ansible_swaptotal_mb == 0
 
 - name: Mount swapfile
-  shell: |
+  ansible.builtin.shell: |
     mkswap {{ ssd_mount_point }}/swapfile
     swapon {{ ssd_mount_point }}/swapfile
   when: ansible_swaptotal_mb == 0

roles/os_config/tasks/firewall.yml

@@ -1,7 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 - name: Allow necessary ports in UFW
-  ufw:
+  community.general.ufw:
     rule: allow
     port: "{{ item.port }}"
     proto: "{{ item.proto | default('tcp') }}"
@@ -15,6 +15,6 @@
       proto: udp
 
 - name: Enable UFW
-  ufw:
+  community.general.ufw:
     state: enabled
     policy: deny

roles/os_config/tasks/main.yml

@@ -1,20 +1,20 @@
 # vim: ft=yaml.ansible
 ---
 - name: Configure system base
-  import_tasks: base.yml
+  ansible.builtin.import_tasks: base.yml
 
 - name: Reboot if needed
-  import_tasks: reboot.yml
+  ansible.builtin.import_tasks: reboot.yml
   tags:
     - reboot
 
 - name: Configure firewall
-  import_tasks: firewall.yml
+  ansible.builtin.import_tasks: firewall.yml
 
 - name: Configure SSH
-  import_tasks: ssh.yml
+  ansible.builtin.import_tasks: ssh.yml
 
 - name: Configure disks
-  import_tasks: disks.yml
+  ansible.builtin.import_tasks: disks.yml
   tags:
     - reboot

roles/os_config/tasks/reboot.yml

@@ -1,19 +1,19 @@
 # vim: ft=yaml.ansible
 ---
 - name: Check if a reboot is needed
-  stat:
+  ansible.builtin.stat:
     path: /var/run/reboot-required
   register: needs_reboot
 
 - name: Reboot host
-  reboot:
+  ansible.builtin.reboot:
     connect_timeout: 120
   when: needs_reboot.stat.exists or
         (force_reboot is defined and force_reboot)
   register: reboot
 
 - name: Re-gather facts
-  setup:
+  ansible.builtin.setup:
     filter:
       - ansible_mounts
       - ansible_swaptotal_mb

roles/os_config/tasks/ssh.yml

@@ -1,27 +1,27 @@
 # vim: ft=yaml.ansible
 ---
 - name: Add public SSH key to default user
-  authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ ansible_user }}"
     key: "{{ ssh_key }}"
     exclusive: true
 
 - name: Allow SSH login with public keys
-  lineinfile:
+  ansible.builtin.lineinfile:
     regexp: '^#?PubkeyAuthentication '
     line: PubkeyAuthentication yes
     dest: /etc/ssh/sshd_config
   notify: sshd
 
 - name: Disallow SSH login with password
-  lineinfile:
+  ansible.builtin.lineinfile:
     regexp: '^#?PasswordAuthentication '
     line: PasswordAuthentication no
     dest: /etc/ssh/sshd_config
   notify: sshd
 
 - name: Disallow root login over SSH
-  lineinfile:
+  ansible.builtin.lineinfile:
     regexp: '^#?PermitRootLogin '
     line: PermitRootLogin no
     dest: /etc/ssh/sshd_config