diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 82bb83999d1343eeb85afd4b31c24ab250386fa7..bbb0e32e2aa339c7aebafed5983d6e33fda4b68b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -72,7 +72,7 @@ repos:
- id: shellcheck
- repo: https://github.com/ansible/ansible-lint.git
- rev: v5.2.1
+ rev: v6.0.2
hooks:
- id: ansible-lint
diff --git a/Ansible/roles/debian_bootstrap/tasks/main.yaml b/Ansible/roles/debian_bootstrap/tasks/main.yaml
index 2254a852ee43918326550a7877f680e04ed9c8ec..a83275cc1e2e5d4fe1f96981f08bae924aea804a 100644
--- a/Ansible/roles/debian_bootstrap/tasks/main.yaml
+++ b/Ansible/roles/debian_bootstrap/tasks/main.yaml
@@ -1,15 +1,16 @@
---
- name: Update APT sources
- raw: apt-get update
+ ansible.builtin.raw: apt-get update
changed_when: false
- name: APT install Python
- raw: DEBIAN_FRONTEND=noninteractive apt-get install -qy python3
+ ansible.builtin.raw: |-
+ DEBIAN_FRONTEND=noninteractive apt-get install -qy python3
register: debian_bootstrap_install_python3
changed_when: "'Unpacking' in debian_bootstrap_install_python3.stdout"
- name: Install requirements for more complete facts
- apt:
+ ansible.builtin.apt:
name:
- iproute2
- lsb-release
@@ -18,4 +19,4 @@
cache_valid_time: 3600
- name: Gather facts
- setup:
+ ansible.builtin.setup:
diff --git a/Ansible/roles/debian_server/handlers/main.yml b/Ansible/roles/debian_server/handlers/main.yml
index 2fb481c6ecdd6bc53d8057aedfb82ed27ecb039b..877bd83b8af8c3c818de34df2985fdc8bec53313 100644
--- a/Ansible/roles/debian_server/handlers/main.yml
+++ b/Ansible/roles/debian_server/handlers/main.yml
@@ -4,19 +4,19 @@
daemon_reload: true
- name: Rebuild initramfs
- command:
+ ansible.builtin.command:
cmd: update-initramfs -u
- name: Update GRUB
- command:
+ ansible.builtin.command:
cmd: update-grub
- name: Restart the SSH daemon
- service:
+ ansible.builtin.service:
name: ssh
state: restarted
- name: Restart Docker
- service:
+ ansible.builtin.service:
name: docker
state: restarted
diff --git a/Ansible/roles/debian_server/tasks/btrfs.yml b/Ansible/roles/debian_server/tasks/btrfs.yml
index cc7952bd65fc590099be08527e04d5ca7d1f8bf7..2b782eed5c185080af2d62103471bdfad65ed37c 100644
--- a/Ansible/roles/debian_server/tasks/btrfs.yml
+++ b/Ansible/roles/debian_server/tasks/btrfs.yml
@@ -1,6 +1,6 @@
---
- name: Install btrfs packages
- apt:
+ ansible.builtin.apt:
cache_valid_time: 3600
name:
- btrfs-progs
@@ -8,7 +8,7 @@
state: present
- name: Copy btrfs backup script
- copy:
+ ansible.builtin.copy:
dest: /usr/local/sbin/btrfs-backup
group: root
mode: preserve
diff --git a/Ansible/roles/debian_server/tasks/docker.yml b/Ansible/roles/debian_server/tasks/docker.yml
index f5f82d11caac4b6ef3626428e43cd259a5d5ac9c..ca4a3817fb759787e8467f38000633e14b66f26b 100644
--- a/Ansible/roles/debian_server/tasks/docker.yml
+++ b/Ansible/roles/debian_server/tasks/docker.yml
@@ -5,7 +5,7 @@
- name: Disable cgroup2 for Docker
# yamllint disable-line rule:line-length
when: ansible_facts.packages['docker.io'][0]["version"] is version('20.10', operator='<=')
- lineinfile:
+ ansible.builtin.lineinfile:
backup: true
line: |-
GRUB_CMDLINE_LINUX_DEFAULT="quiet systemd.unified_cgroup_hierarchy=0"
@@ -14,7 +14,7 @@
- Update GRUB
- name: Copy the script to start stopped container after a restart
- copy:
+ ansible.builtin.copy:
dest: /usr/share/docker.io/restart-containers
mode: preserve
src: docker-restart
@@ -23,13 +23,13 @@
loop:
- service
- socket
- file:
+ ansible.builtin.file:
path: /etc/systemd/system/docker.{{ item }}.d
mode: 0o0755
state: directory
- name: Restart stopped containers after a restart
- copy:
+ ansible.builtin.copy:
content: |
[Service]
ExecStartPost=/usr/share/docker.io/restart-containers
@@ -39,7 +39,7 @@
- Systemd daemon reload
- name: Allow access from the toolbox container
- copy:
+ ansible.builtin.copy:
content: |
[Socket]
SocketGroup=nimrod
diff --git a/Ansible/roles/debian_server/tasks/main.yml b/Ansible/roles/debian_server/tasks/main.yml
index e227a3eab34c75a5bd7f22cd70301674656ef017..665a8162a013b5508469878699f104467671433c 100644
--- a/Ansible/roles/debian_server/tasks/main.yml
+++ b/Ansible/roles/debian_server/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: Verify assertions
- assert:
+ ansible.builtin.assert:
that:
- ansible_facts.distribution == "Debian"
- ansible_facts.distribution_major_version|int >= 10
@@ -10,14 +10,14 @@
loop:
- deb
- deb-src
- apt_repository:
+ ansible.builtin.apt_repository:
# yamllint disable-line rule:line-length
repo: '{{ item }} http://deb.debian.org/debian {{ ansible_facts.distribution_release }}-backports main contrib non-free'
state: present
update_cache: true
- name: Set normal priority for the backports repo
- copy:
+ ansible.builtin.copy:
content: |
Package: *
Pin: release o=Debian Backports
@@ -28,7 +28,7 @@
owner: root
- name: Install packages
- apt:
+ ansible.builtin.apt:
cache_valid_time: 3600
name:
- amd64-microcode
@@ -78,7 +78,7 @@
state: present
- name: Disable swap
- lineinfile:
+ ansible.builtin.lineinfile:
backup: true
path: /etc/fstab
regexp: swap
diff --git a/Ansible/roles/debian_server/tasks/tasks/sshd_config.yaml b/Ansible/roles/debian_server/tasks/tasks/sshd_config.yaml
new file mode 120000
index 0000000000000000000000000000000000000000..1f713de04575f74c64c6bc2b2d1f8e02d62051fc
--- /dev/null
+++ b/Ansible/roles/debian_server/tasks/tasks/sshd_config.yaml
@@ -0,0 +1 @@
+../../../../tasks/sshd_config.yaml
\ No newline at end of file
diff --git a/Ansible/roles/debian_server/tasks/toolbox.yml b/Ansible/roles/debian_server/tasks/toolbox.yml
index 0e2611a3ed850b7575391d32b25a72e2bfe9a185..7cf3e7aebe89b6d3bb08efc6281209d2d8ef0127 100644
--- a/Ansible/roles/debian_server/tasks/toolbox.yml
+++ b/Ansible/roles/debian_server/tasks/toolbox.yml
@@ -3,7 +3,7 @@
loop:
- /etc/subgid
- /etc/subuid
- copy:
+ ansible.builtin.copy:
content: |
nimrod:100000:65536
dest: |-
@@ -24,13 +24,13 @@
when: ansible_facts.distribution_release in toolbox_podman_repo_base_url_mapping
block:
- name: Add the Podman repo key
- apt_key:
+ ansible.builtin.apt_key:
state: present
url: |-
{{ toolbox_podman_repo_base_url }}/Release.key
- name: Add the Podman repo
- apt_repository:
+ ansible.builtin.apt_repository:
repo: |-
deb {{ toolbox_podman_repo_base_url }} /
state: present
@@ -38,7 +38,7 @@
- name: Install newer libseccomp2 from the backports repository
when: ansible_facts.distribution_release == "buster"
- apt:
+ ansible.builtin.apt:
cache_valid_time: 3600
default_release: buster-backports
name:
@@ -47,7 +47,7 @@
update_cache: true
- name: APT install prerequisites
- apt:
+ ansible.builtin.apt:
cache_valid_time: 3600
install_recommends: false
name:
@@ -61,7 +61,7 @@
- name: Install Toolbx from toolbox-build
# yamllint disable-line rule:line-length
when: ansible_facts.distribution_release is in toolbox_distros_without_apt_package
- unarchive:
+ ansible.builtin.unarchive:
dest: /usr/local/
remote_src: true
# yamllint disable-line rule:line-length
@@ -70,7 +70,7 @@
- name: APT install Toolbx
# yamllint disable-line rule:line-length
when: ansible_facts.distribution_release is not in toolbox_distros_without_apt_package
- apt:
+ ansible.builtin.apt:
cache_valid_time: 3600
name:
- podman-toolbox
diff --git a/Ansible/roles/debian_server/tasks/web.yml b/Ansible/roles/debian_server/tasks/web.yml
index 3341ded21f613fa07f49099b1253bb030a7b2ee0..1030c59a4923cf067fab5ac8205b50b3b4c63ee3 100644
--- a/Ansible/roles/debian_server/tasks/web.yml
+++ b/Ansible/roles/debian_server/tasks/web.yml
@@ -1,6 +1,6 @@
---
- name: Create my www directory
- file:
+ ansible.builtin.file:
group: www-data
mode: 0o0755
owner: www-data
@@ -8,7 +8,7 @@
state: directory
- name: Create an SSL directory under /var
- file:
+ ansible.builtin.file:
group: root
mode: 0o0755
owner: root
@@ -22,18 +22,18 @@
# valid) certificate, don't overwrite it.
- name: Create private SSL key
- command:
+ ansible.builtin.command:
cmd: openssl genrsa -out /var/ssl/site.key 4096
creates: /var/ssl/site.key
- name: Make sure the private key is accessible
- file:
+ ansible.builtin.file:
mode: 0o0444
path: /var/ssl/site.key
state: file
- name: Create SSL certificate
- command:
+ ansible.builtin.command:
cmd: >-
openssl
req
diff --git a/Ansible/roles/kodi/handlers/main.yml b/Ansible/roles/kodi/handlers/main.yml
index 63b8267a1ab927da7487e6320238c931160d1285..3637936443a44406a9d90ec78574a079aec0f559 100644
--- a/Ansible/roles/kodi/handlers/main.yml
+++ b/Ansible/roles/kodi/handlers/main.yml
@@ -1,10 +1,10 @@
---
- name: Restart Xorg
- service:
+ ansible.builtin.service:
name: xorg.service
state: restarted
- name: Restart Kodi
- service:
+ ansible.builtin.service:
name: kodi.service
state: restarted
diff --git a/Ansible/roles/kodi/tasks/main.yml b/Ansible/roles/kodi/tasks/main.yml
index bd5ef327605a0d4f227321e3ba0e7b0077271ee9..2325e8cb5ff50db50c927558c3b3cb30696f295c 100644
--- a/Ansible/roles/kodi/tasks/main.yml
+++ b/Ansible/roles/kodi/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: APT install
- apt:
+ ansible.builtin.apt:
cache_valid_time: 3600
install_recommends: false
name:
@@ -19,7 +19,7 @@
update_cache: true
- name: Configure boot splash
- copy:
+ ansible.builtin.copy:
backup: true
content: |
[Daemon]
@@ -30,7 +30,7 @@
- Rebuild initramfs
- name: Enable boot splash
- lineinfile:
+ ansible.builtin.lineinfile:
backup: true
# yamllint disable-line rule:line-length
line: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash systemd.unified_cgroup_hierarchy=0"
@@ -39,7 +39,7 @@
- Update GRUB
- name: Create library mountpoint
- file:
+ ansible.builtin.file:
mode: 0o0755
path: /srv/library
state: directory
@@ -76,7 +76,7 @@
- transmission
loop_control:
index_var: idx
- user:
+ ansible.builtin.user:
create_home: true
home: /var/lib/{{ item }}
name: '{{ item }}'
@@ -90,7 +90,7 @@
- Restart Kodi
- name: Configure rootless Xorg
- copy:
+ ansible.builtin.copy:
backup: true
content: |
allowed_users=anybody
@@ -103,7 +103,7 @@
with_items: &services
- xorg.service
- kodi.service
- copy:
+ ansible.builtin.copy:
dest: /etc/systemd/system/
mode: preserve
src: '{{ item }}'
@@ -113,7 +113,7 @@
- name: Enable services
with_items: *services
- service:
+ ansible.builtin.service:
daemon-reload: true
enabled: true
name: '{{ item }}'
diff --git a/Ansible/roles/openbsd_bootstrap/tasks/main.yaml b/Ansible/roles/openbsd_bootstrap/tasks/main.yaml
index 4ecb807331ef7dbd318c14303a5e0d244f919979..8e9e1aa37bae0fb16eca6f996c6df0f6c52f5084 100644
--- a/Ansible/roles/openbsd_bootstrap/tasks/main.yaml
+++ b/Ansible/roles/openbsd_bootstrap/tasks/main.yaml
@@ -1,15 +1,15 @@
---
- name: Install Python3
- raw: pkg_add -Iz py3-pip
+ ansible.builtin.raw: pkg_add -Iz py3-pip
register: openbsd_pkg_add_python
failed_when: "'error' in openbsd_pkg_add_python.stdout|lower"
changed_when: "'extracting' in openbsd_pkg_add_python.stdout"
- name: Gather facts
- setup:
+ ansible.builtin.setup:
- name: Configure doas
- copy:
+ ansible.builtin.copy:
content: |
permit nopass keepenv root
permit nopass keepenv nimrod
diff --git a/Ansible/roles/openwrt_bootstrap/tasks/main.yaml b/Ansible/roles/openwrt_bootstrap/tasks/main.yaml
index 6f3324cda513d8c6908d3249d34b65551bf3d784..a3abba17e62d19e244b71506d604e4f6c717b7b1 100644
--- a/Ansible/roles/openwrt_bootstrap/tasks/main.yaml
+++ b/Ansible/roles/openwrt_bootstrap/tasks/main.yaml
@@ -1,9 +1,9 @@
---
- name: Install Python3
- raw: opkg install python3
+ ansible.builtin.raw: opkg install python3
register: opkg_install_python3
changed_when: |
'installing' in opkg_install_python3.stdout
- name: Gather facts
- setup:
+ ansible.builtin.setup:
diff --git a/Ansible/roles/router/handlers/main.yaml b/Ansible/roles/router/handlers/main.yaml
index a9f4fea419edf77c785a9437dd264755c608bd79..1c4e07e42b92d01473f2a6b23bccf838056abcf5 100644
--- a/Ansible/roles/router/handlers/main.yaml
+++ b/Ansible/roles/router/handlers/main.yaml
@@ -1,92 +1,92 @@
---
- name: Setup network interfaces
- command:
+ ansible.builtin.command:
cmd: /bin/sh /etc/netstart
- name: Reload PF
- command:
+ ansible.builtin.command:
cmd: pfctl -f /etc/pf.conf
- name: Rebuild mail aliases
- command:
+ ansible.builtin.command:
cmd: newaliases
- name: Restart HAProxy
- service:
+ ansible.builtin.service:
name: haproxy
state: restarted
- name: Restart NSD
- service:
+ ansible.builtin.service:
name: nsd
state: restarted
- name: Restart Unbound
- service:
+ ansible.builtin.service:
name: unbound
state: restarted
- name: Restart the FTP proxy
- service:
+ ansible.builtin.service:
name: ftpproxy
state: restarted
- name: Restart the DHCP daemon
- service:
+ ansible.builtin.service:
name: dhcpd
state: restarted
- name: Restart the SMTP daemon
- service:
+ ansible.builtin.service:
name: smtpd
state: restarted
- name: Restart the spam deferral daemon
- service:
+ ansible.builtin.service:
name: spamd
state: restarted
- name: Restart the BGP daemon
- service:
+ ansible.builtin.service:
name: bgpd
state: restarted
- name: Restart the NTP daemon
- service:
+ ansible.builtin.service:
name: ntpd
state: restarted
- name: Restart the HTTP daemon
- service:
+ ansible.builtin.service:
name: httpd
state: restarted
- name: Message about restarting the machine
- debug:
+ ansible.builtin.debug:
msg: The {{ ansible_facts.hostname }} needs to be restarted
verbosity: 0
- name: Stop the audio server
- service:
+ ansible.builtin.service:
name: sndiod
state: stopped
- name: Restart the SSH daemon
- service:
+ ansible.builtin.service:
name: sshd
state: restarted
- name: Restart the filebeat daemon
- service:
+ ansible.builtin.service:
name: filebeat
state: restarted
- name: Restart the metricbeat daemon
- service:
+ ansible.builtin.service:
name: metricbeat
state: restarted
- name: Restart the packetbeat daemon
- service:
+ ansible.builtin.service:
name: packetbeat
state: restarted
diff --git a/Ansible/roles/router/tasks/main.yaml b/Ansible/roles/router/tasks/main.yaml
index 8c0f305dd8a1c45b1ce6b5762ef487d8417359a3..255ba18f7305797ece7fcbffbd5f143308f84f4c 100644
--- a/Ansible/roles/router/tasks/main.yaml
+++ b/Ansible/roles/router/tasks/main.yaml
@@ -11,7 +11,7 @@
- pf
- name: Set hosts entries
- copy:
+ ansible.builtin.copy:
dest: /etc/hosts
mode: preserve
src: hosts
@@ -30,7 +30,7 @@
regexp: ' 8021/tcp' # noqa 203
- line: 'bittorrent 51413/tcp' # noqa 203
regexp: ' 51413/tcp' # noqa 203
- lineinfile:
+ ansible.builtin.lineinfile:
backup: true
line: '{{ item.line }}'
path: /etc/services
@@ -41,7 +41,7 @@
- pf
- name: Generate the Unbound root anchor file
- command:
+ ansible.builtin.command:
cmd: /usr/sbin/unbound-anchor -a /var/unbound/db/root.key
creates: /var/unbound/db/root.key
tags:
@@ -50,7 +50,7 @@
- unbound
- name: Set DNS resolving
- copy:
+ ansible.builtin.copy:
content: |-
search shore.co.il
nameserver 127.0.0.1
@@ -82,7 +82,7 @@
authname 'ns_nimadar@014' authkey '{{ bezeqint_password }}' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 62.219.131.121
- copy:
+ ansible.builtin.copy:
content: '{{ item.value }}'
dest: /etc/hostname.{{ item.key }}
owner: root
@@ -96,7 +96,7 @@
- network
- name: Configure the Unbound DNS resolver
- file:
+ ansible.builtin.file:
path: /var/unbound/etc/unbound.conf.d
mode: 0o0755
state: directory
@@ -106,7 +106,7 @@
- network
- name: Configure Ubnound DNS resolver
- lineinfile:
+ ansible.builtin.lineinfile:
insertafter: EOF
line: >-
include: "/var/unbound/etc/unbound.conf.d/*.conf"
@@ -122,7 +122,7 @@
- name: Configure the Unbound DNS resolver
loop:
- shore.co.il.conf
- copy:
+ ansible.builtin.copy:
dest: '/var/unbound/etc/unbound.conf.d/{{ item }}'
mode: preserve
src: 'unbound/{{ item }}'
@@ -136,7 +136,7 @@
- network
- name: Enable the Unbound DNS resolver
- service:
+ ansible.builtin.service:
enabled: true
name: unbound
state: started
@@ -146,7 +146,7 @@
- network
- name: Configure PF
- copy:
+ ansible.builtin.copy:
dest: /etc/pf.conf
mode: 0o0600
src: pf.conf
@@ -159,7 +159,7 @@
- network
- name: Enable the FTP proxy
- service:
+ ansible.builtin.service:
enabled: true
name: ftpproxy
state: started
@@ -169,7 +169,7 @@
- network
- name: Apply changes (if needed) to properly setup networking
- meta: flush_handlers
+ ansible.builtin.meta: flush_handlers
tags:
- always
@@ -188,21 +188,21 @@
- packages
- name: Allow Bash as a login shell
- lineinfile:
+ ansible.builtin.lineinfile:
line: /usr/local/bin/bash
path: /etc/shells
tags:
- bash
- name: Set Bash as the login shell
- user:
+ ansible.builtin.user:
name: '{{ ansible_facts.env["DOAS_USER"] }}'
shell: /usr/local/bin/bash
tags:
- bash
- name: Set boot configuration
- copy:
+ ansible.builtin.copy:
content: |
stty com1 115200
set tty com1
@@ -215,7 +215,7 @@
- boot
- name: Configure the NSD DNS server
- file:
+ ansible.builtin.file:
path: /var/nsd/etc/nsd.conf.d
mode: 0o0755
state: directory
@@ -232,7 +232,7 @@
- line: >-
ip-address: 62.219.131.121
insertafter: 'server:'
- lineinfile:
+ ansible.builtin.lineinfile:
insertafter: '{{ item.insertafter }}'
line: '{{ item.line }}'
path: /var/nsd/etc/nsd.conf
@@ -249,7 +249,7 @@
- shore.co.il.conf
- nehe.sr.conf
- nehes.co.conf
- copy:
+ ansible.builtin.copy:
dest: '/var/nsd/etc/nsd.conf.d/{{ item }}'
mode: preserve
src: 'nsd/{{ item }}'
@@ -267,7 +267,7 @@
- shore.co.il
- nehe.sr
- nehes.co
- copy:
+ ansible.builtin.copy:
dest: '/var/nsd/zones/{{ item }}'
mode: preserve
src: 'nsd/{{ item }}'
@@ -281,7 +281,7 @@
- network
- name: Enable the NSD DNS server
- service:
+ ansible.builtin.service:
enabled: true
name: nsd
state: started
@@ -291,7 +291,7 @@
- network
- name: Configure the DHCP daemon
- copy:
+ ansible.builtin.copy:
dest: /etc/dhcpd.conf
mode: preserve
src: dhcpd.conf
@@ -304,7 +304,7 @@
- network
- name: Enable the DHCP daemon
- service:
+ ansible.builtin.service:
enabled: true
name: dhcpd
state: started
@@ -315,7 +315,7 @@
- network
- name: Configure HAProxy
- copy:
+ ansible.builtin.copy:
backup: true
dest: /etc/haproxy/haproxy.cfg
mode: preserve
@@ -329,7 +329,7 @@
- network
- name: Enable HAProxy
- service:
+ ansible.builtin.service:
enabled: true
name: haproxy
state: started
@@ -339,7 +339,7 @@
- network
- name: Configure mail relaying
- lineinfile:
+ ansible.builtin.lineinfile:
line: action "outbound" relay host host01.shore.co.il
path: /etc/mail/smtpd.conf
regexp: action "outbound" relay
@@ -351,7 +351,7 @@
- mail
- name: Configure the spam deferral daemon
- copy:
+ ansible.builtin.copy:
dest: /etc/mail/spamd.conf
mode: preserve
src: mail/spamd.conf
@@ -364,7 +364,7 @@
- network
- name: Enable the spam deferral daemon
- lineinfile:
+ ansible.builtin.lineinfile:
line: >-
spamd_flags="-h smtp.shore.co.il -G25:12:864"
path: /etc/rc.conf.local
@@ -379,7 +379,7 @@
loop:
- root
- nimrod
- lineinfile:
+ ansible.builtin.lineinfile:
line: '{{ item }}: {{ item }}@shore.co.il'
path: /etc/mail/aliases
state: present
@@ -391,7 +391,7 @@
- network
- name: Configure the BGP daemon
- copy:
+ ansible.builtin.copy:
dest: /etc/bgpd.conf
mode: 0o0600
src: bgpd.conf
@@ -405,7 +405,7 @@
- network
- name: Enable the BDP daemon
- service:
+ ansible.builtin.service:
enabled: true
name: bgpd
state: started
@@ -417,7 +417,7 @@
- network
- name: Configure the NTP daemon
- copy:
+ ansible.builtin.copy:
content: |
server 0.pool.ntp.org
server 1.pool.ntp.org
@@ -433,7 +433,7 @@
- ntp
- name: Enable the NTP daemon
- service:
+ ansible.builtin.service:
enabled: true
name: ntpd
state: started
@@ -460,7 +460,7 @@
name: idk
special_time: daily
state: absent
- cron:
+ ansible.builtin.cron:
job: '{{ item.job }}'
name: '{{ item.name }}'
special_time: '{{ item.special_time }}'
@@ -474,7 +474,7 @@
- dns
- name: Disable the audio server
- service:
+ ansible.builtin.service:
enabled: false
name: sndiod
state: stopped
@@ -484,14 +484,14 @@
- sndiod
- name: Configure the SSH daemon
- include_tasks:
+ ansible.builtin.include_tasks:
file: '{{ playbook_dir }}/tasks/sshd_config.yaml'
tags:
- always
# yamllint disable-line rule:line-length
- name: Configure the daily Cron job (skip email if there's nothing to report, report on pending system patches).
- copy:
+ ansible.builtin.copy:
content: |
VERBOSESTATUS=0
syspatch -c
@@ -534,7 +534,7 @@
- name: Enable beats
loop: *beats
- service:
+ ansible.builtin.service:
enabled: true
name: '{{ item }}'
state: started
diff --git a/Ansible/tasks/renew-cert.yaml b/Ansible/tasks/renew-cert.yaml
index 67ebeb9618925f3f90a273efdf5a46e8007b3a8c..53ae59e75dbe3c3dd2066b158974dc3d489132b7 100644
--- a/Ansible/tasks/renew-cert.yaml
+++ b/Ansible/tasks/renew-cert.yaml
@@ -1,6 +1,6 @@
---
- name: Validate assertions
- assert:
+ ansible.builtin.assert:
that:
- domains is iterable
- host is string
@@ -103,7 +103,7 @@
register: acme_challenge
- name: Debug {{ host }} challenge
- debug:
+ ansible.builtin.debug:
var: acme_challenge
verbosity: 1
@@ -113,7 +113,7 @@
- name: Create ACME challenge directory on {{ host }}
delegate_to: &delegate_to '{{ delegate_host|default(host) }}'
- file:
+ ansible.builtin.file:
mode: 0o0755
path: /var/www/www.shore.co.il/.well-known/acme-challenge
state: directory
@@ -122,7 +122,7 @@
delegate_to: *delegate_to
with_dict: |
{{ acme_challenge['challenge_data'] }}
- copy:
+ ansible.builtin.copy:
content: |-
{{ item.value['http-01']['resource_value'] }}
# yamllint disable-line rule:line-length
@@ -155,7 +155,7 @@
- src: *cert_src
dest: /var/ssl/{{ filename|default('site') }}.crt
mode: 0o0444
- copy:
+ ansible.builtin.copy:
src: |-
{{ item.src }}
dest: |-
diff --git a/Ansible/tasks/sshd_config.yaml b/Ansible/tasks/sshd_config.yaml
index c0435d0676a89ba3f93f992097aed41fc48ffe3c..79e71ae4f249778d0cf82cbd4ea4811ad7262ded 100644
--- a/Ansible/tasks/sshd_config.yaml
+++ b/Ansible/tasks/sshd_config.yaml
@@ -19,7 +19,7 @@
PubkeyAcceptedKeyTypes: >-
-ssh-rsa,
ssh-rsa-cert-v01@openssh.com
- lineinfile:
+ ansible.builtin.lineinfile:
backup: true
line: '{{ item.key }} {{ item.value|replace(" ", "") }}'
path: /etc/ssh/sshd_config