Merge pull request #3 from DO1JLR/x

Fix nginx template copy and linting

.yamllint

@@ -2,7 +2,7 @@
 extends: default
 
 rules:
-  # 150 chars should be enough, but don't fail if a line is longer
+  # 170 chars should be enough, but don't fail if a line is longer
   line-length:
-    max: 150
+    max: 180
     level: warning

handlers/main.yml

@@ -8,7 +8,7 @@
     state: restarted
 
 
-- name: systemctl reload nginx
+- name: Run systemctl reload nginx
   become: true
   ansible.builtin.systemd:
     name: 'nginx.service'

tasks/acme.yml

@@ -1,7 +1,7 @@
 ---
 - name: Copy shell script to enable tls sites
   become: true
-  copy:
+  ansible.builtin.copy:
     src: 'files/acmetool/enable_tls.sh'
     dest: '/etc/acme/hooks/enable_tls.sh'
     owner: root
@@ -10,13 +10,15 @@
 
 - name: Get certificate for default server
   become: true
-  command: acmetool want '{{ inventory_hostname }}'
+  ansible.builtin.command:
+    cmd: "acmetool want '{{ inventory_hostname }}'"
   args:
     creates: '/var/lib/acme/live/{{ inventory_hostname }}'
 
 - name: Get certificates for all configured sites
   become: true
-  command: acmetool want '{{ ([site.name] + (site.altnames | default([]) )) | join(" ") }}'
+  ansible.builtin.command:
+    cmd: acmetool want '{{ ([site.name] + (site.altnames | default([]))) | join(" ") }}' -> acmetool want '{{ ([site.name] + (site.altnames | default([]))) | join(" ") }}'
   args:
     creates: '/var/lib/acme/live/{{ site.name }}/'
   with_items: '{{ nginx_sites }}'

tasks/default_site.yml

@@ -8,7 +8,7 @@
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
 - name: Create default site tls https configuration
   become: true
@@ -19,7 +19,7 @@
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
 - name: Enable default site plain http configuration
   become: true
@@ -28,7 +28,7 @@
     dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http'
     state: link
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
 # Note: Done by acmetool after sucessfully obtaining a suitable certificate
 - name: Enable default site configuration
@@ -38,5 +38,5 @@
     dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
     state: link
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
   when: not nginx__acmetool_enabled

tasks/main.yml

@@ -1,24 +1,24 @@
 ---
-- name: simple versionscheck
+- name: Simple versionscheck
   ansible.builtin.include_tasks: versioncheck.yml
   when: submodules_versioncheck | bool
 
 - name: Install nginx
   ansible.builtin.include_tasks: installation.yml
 
-- name: create nginx user and group
+- name: Create nginx user and group
   ansible.builtin.include_tasks: users.yml
 
 - name: Configure nginx
   ansible.builtin.include_tasks: nginx.yml
 
-- name: start nginx webserver
+- name: Start nginx webserver
   ansible.builtin.systemd:
     name: nginx
     state: started
     enabled: true
 
-- name: configure nginx default site
+- name: Configure nginx default site
   ansible.builtin.include_tasks: default_site.yml
   when: nginx__infrastructure_domain__enabled | bool
 

tasks/nginx.yml

@@ -3,12 +3,12 @@
   become: true
   ansible.builtin.template:
     src: 'templates/nginx/nginx.conf.j2'
-    dest: '/etc/nginx/'
+    dest: '/etc/nginx/nginx.conf'
     owner: root
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
 - name: Create 'private' directory
   become: true
@@ -25,7 +25,7 @@
     path: '/etc/nginx/private/dhparam.pem'
     size: '{{ nginx__dhparam_size | mandatory }}'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
 - name: Create 'sites-available' directory
   become: true
@@ -74,4 +74,4 @@
     mode: 'u=rw,g=r,o=r'
   with_items: '{{ nginx__snippet_files }}'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx

tasks/single_site.yml

@@ -1,5 +1,5 @@
 ---
-- name: Create '{{ site.name }}' site plain http configuration
+- name: "Create site plain http configuration for '{{ site.name }}'"
   become: true
   ansible.builtin.template:
     src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2'
@@ -8,9 +8,9 @@
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
-- name: Create '{{ site.name }}' site tls https configuration
+- name: "Create site tls https configuration for '{{ site.name }}'"
   become: true
   ansible.builtin.template:
     src: 'files/nginx/sites/{{ site.name }}_tls.conf'
@@ -19,9 +19,9 @@
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
-- name: Create '{{ site.name }}' site tls parameter configuration
+- name: "Create site tls parameter configuration for '{{ site.name }}'"
   become: true
   ansible.builtin.template:
     src: 'files/nginx/snippets/tls_parameters.snippet.conf'
@@ -30,9 +30,9 @@
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
-- name: Create '{{ site.name }}' site tls certificate configuration
+- name: "Create site tls certificate configuration '{{ site.name }}'"
   become: true
   ansible.builtin.template:
     src: 'files/nginx/snippets/tls_certificate.snippet.conf'
@@ -41,9 +41,9 @@
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
-- name: Create '{{ site.name }}' site logging configuration
+- name: "Create site logging configuration '{{ site.name }}'"
   become: true
   ansible.builtin.template:
     src: 'templates/nginx/snippets/logging.snippet.conf.j2'
@@ -52,9 +52,9 @@
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
-- name: Enable '{{ site.name }}' site plain http configuration
+- name: "Enable site plain http configuration '{{ site.name }}'"
   become: true
   ansible.builtin.file:
     src: '/etc/nginx/sites-available/{{ site.name }}_http'
@@ -62,15 +62,15 @@
     state: link
   when: site.http_plain_template | default(True)
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
 
 # Note: done by acmetool after sucessfully obtaining a suitable certificate
-- name: Enable '{{ site.name }}' site tls configuration
+- name: "Enable site tls configuration '{{ site.name }}'"
   become: true
   ansible.builtin.file:
     src: '/etc/nginx/sites-available/{{ site.name }}_tls'
     dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
     state: link
   notify:
-    - systemctl reload nginx
+    - Run systemctl reload nginx
   when: not nginx__acmetool_enabled

tasks/users.yml

@@ -1,12 +1,12 @@
 ---
-- name: "create {{ nginx__group }} Group"
+- name: "Create Group {{ nginx__group }}"
   become: true
   ansible.builtin.group:
     name: "{{ nginx__group }}"
     system: true
     state: 'present'
 
-- name: "create {{ nginx__user }} user"
+- name: "Create user {{ nginx__user }}"
   become: true
   ansible.builtin.user:
     name: "{{ nginx__user }}"

tasks/versioncheck.yml

@@ -8,37 +8,38 @@
     path: '/etc/.ansible-version'
     state: directory
     mode: 0755
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
 
-- name: check playbook version
+- name: Check playbook version
   become: true
   ansible.builtin.slurp:
     src: "/etc/.ansible-version/{{ playbook_version_path }}"
   register: playbook_version
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
   ignore_errors: true
   failed_when: false
 
 - name: Print remote role version
   ansible.builtin.debug:
     msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
 
 - name: Print locale role version
   ansible.builtin.debug:
-    msg: "Local role version: '{{ playbook_version_number|string }}'."
+    msg: "Local role version: '{{ playbook_version_number | string }}'."
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
 
 - name: Check if your version is outdated
   ansible.builtin.fail:
     msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
   when:
-    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
+    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
 
-- name: write new version to remote disk
+- name: Write new version to remote disk
   become: true
   ansible.builtin.copy:
     content: "{{ playbook_version_number }}"
     dest: "/etc/.ansible-version/{{ playbook_version_path }}"
     mode: '0644'
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
+  tags: skip_ansible_lint_template-instead-of-copy