Update ansible-lint.

Address a great bunch of warnings.

.pre-commit-config.yaml

@@ -72,7 +72,7 @@ repos:
       - id: shellcheck
 
   - repo: https://github.com/ansible/ansible-lint.git
-    rev: v5.2.1
+    rev: v6.0.2
     hooks:
       - id: ansible-lint
 

Ansible/roles/debian_bootstrap/tasks/main.yaml

 ---
 - name: Update APT sources
-  raw: apt-get update
+  ansible.builtin.raw: apt-get update
   changed_when: false
 
 - name: APT install Python
-  raw: DEBIAN_FRONTEND=noninteractive apt-get install -qy python3
+  ansible.builtin.raw: |-
+    DEBIAN_FRONTEND=noninteractive apt-get install -qy python3
   register: debian_bootstrap_install_python3
   changed_when: "'Unpacking' in debian_bootstrap_install_python3.stdout"
 
 - name: Install requirements for more complete facts
-  apt:
+  ansible.builtin.apt:
     name:
       - iproute2
       - lsb-release
@@ -18,4 +19,4 @@
     cache_valid_time: 3600
 
 - name: Gather facts
-  setup:
+  ansible.builtin.setup:

Ansible/roles/debian_server/handlers/main.yml

@@ -4,19 +4,19 @@
     daemon_reload: true
 
 - name: Rebuild initramfs
-  command:
+  ansible.builtin.command:
     cmd: update-initramfs -u
 
 - name: Update GRUB
-  command:
+  ansible.builtin.command:
     cmd: update-grub
 
 - name: Restart the SSH daemon
-  service:
+  ansible.builtin.service:
     name: ssh
     state: restarted
 
 - name: Restart Docker
-  service:
+  ansible.builtin.service:
     name: docker
     state: restarted

Ansible/roles/debian_server/tasks/btrfs.yml

 ---
 - name: Install btrfs packages
-  apt:
+  ansible.builtin.apt:
     cache_valid_time: 3600
     name:
       - btrfs-progs
@@ -8,7 +8,7 @@
     state: present
 
 - name: Copy btrfs backup script
-  copy:
+  ansible.builtin.copy:
     dest: /usr/local/sbin/btrfs-backup
     group: root
     mode: preserve

Ansible/roles/debian_server/tasks/docker.yml

@@ -5,7 +5,7 @@
 - name: Disable cgroup2 for Docker
   # yamllint disable-line rule:line-length
   when: ansible_facts.packages['docker.io'][0]["version"] is version('20.10', operator='<=')
-  lineinfile:
+  ansible.builtin.lineinfile:
     backup: true
     line: |-
       GRUB_CMDLINE_LINUX_DEFAULT="quiet systemd.unified_cgroup_hierarchy=0"
@@ -14,7 +14,7 @@
     - Update GRUB
 
 - name: Copy the script to start stopped container after a restart
-  copy:
+  ansible.builtin.copy:
     dest: /usr/share/docker.io/restart-containers
     mode: preserve
     src: docker-restart
@@ -23,13 +23,13 @@
   loop:
     - service
     - socket
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/docker.{{ item }}.d
     mode: 0o0755
     state: directory
 
 - name: Restart stopped containers after a restart
-  copy:
+  ansible.builtin.copy:
     content: |
       [Service]
       ExecStartPost=/usr/share/docker.io/restart-containers
@@ -39,7 +39,7 @@
     - Systemd daemon reload
 
 - name: Allow access from the toolbox container
-  copy:
+  ansible.builtin.copy:
     content: |
       [Socket]
       SocketGroup=nimrod

Ansible/roles/debian_server/tasks/main.yml

 ---
 - name: Verify assertions
-  assert:
+  ansible.builtin.assert:
     that:
       - ansible_facts.distribution == "Debian"
       - ansible_facts.distribution_major_version|int >= 10
@@ -10,14 +10,14 @@
   loop:
     - deb
     - deb-src
-  apt_repository:
+  ansible.builtin.apt_repository:
     # yamllint disable-line rule:line-length
     repo: '{{ item }} http://deb.debian.org/debian {{ ansible_facts.distribution_release }}-backports main contrib non-free'
     state: present
     update_cache: true
 
 - name: Set normal priority for the backports repo
-  copy:
+  ansible.builtin.copy:
     content: |
       Package: *
       Pin: release  o=Debian Backports
@@ -28,7 +28,7 @@
     owner: root
 
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     cache_valid_time: 3600
     name:
       - amd64-microcode
@@ -78,7 +78,7 @@
     state: present
 
 - name: Disable swap
-  lineinfile:
+  ansible.builtin.lineinfile:
     backup: true
     path: /etc/fstab
     regexp: swap

Ansible/roles/debian_server/tasks/tasks/sshd_config.yaml

+../../../../tasks/sshd_config.yaml
\ No newline at end of file

Ansible/roles/debian_server/tasks/toolbox.yml

@@ -3,7 +3,7 @@
   loop:
     - /etc/subgid
     - /etc/subuid
-  copy:
+  ansible.builtin.copy:
     content: |
       nimrod:100000:65536
     dest: |-
@@ -24,13 +24,13 @@
   when: ansible_facts.distribution_release in toolbox_podman_repo_base_url_mapping
   block:
     - name: Add the Podman repo key
-      apt_key:
+      ansible.builtin.apt_key:
         state: present
         url: |-
           {{ toolbox_podman_repo_base_url }}/Release.key
 
     - name: Add the Podman repo
-      apt_repository:
+      ansible.builtin.apt_repository:
         repo: |-
           deb {{ toolbox_podman_repo_base_url }} /
         state: present
@@ -38,7 +38,7 @@
 
     - name: Install newer libseccomp2 from the backports repository
       when: ansible_facts.distribution_release == "buster"
-      apt:
+      ansible.builtin.apt:
         cache_valid_time: 3600
         default_release: buster-backports
         name:
@@ -47,7 +47,7 @@
         update_cache: true
 
 - name: APT install prerequisites
-  apt:
+  ansible.builtin.apt:
     cache_valid_time: 3600
     install_recommends: false
     name:
@@ -61,7 +61,7 @@
 - name: Install Toolbx from toolbox-build
   # yamllint disable-line rule:line-length
   when: ansible_facts.distribution_release is in toolbox_distros_without_apt_package
-  unarchive:
+  ansible.builtin.unarchive:
     dest: /usr/local/
     remote_src: true
     # yamllint disable-line rule:line-length
@@ -70,7 +70,7 @@
 - name: APT install Toolbx
   # yamllint disable-line rule:line-length
   when: ansible_facts.distribution_release is not in toolbox_distros_without_apt_package
-  apt:
+  ansible.builtin.apt:
     cache_valid_time: 3600
     name:
       - podman-toolbox

Ansible/roles/debian_server/tasks/web.yml

 ---
 - name: Create my www directory
-  file:
+  ansible.builtin.file:
     group: www-data
     mode: 0o0755
     owner: www-data
@@ -8,7 +8,7 @@
     state: directory
 
 - name: Create an SSL directory under /var
-  file:
+  ansible.builtin.file:
     group: root
     mode: 0o0755
     owner: root
@@ -22,18 +22,18 @@
 # valid) certificate, don't overwrite it.
 
 - name: Create private SSL key
-  command:
+  ansible.builtin.command:
     cmd: openssl genrsa -out /var/ssl/site.key 4096
     creates: /var/ssl/site.key
 
 - name: Make sure the private key is accessible
-  file:
+  ansible.builtin.file:
     mode: 0o0444
     path: /var/ssl/site.key
     state: file
 
 - name: Create SSL certificate
-  command:
+  ansible.builtin.command:
     cmd: >-
       openssl
       req

Ansible/roles/kodi/handlers/main.yml

 ---
 - name: Restart Xorg
-  service:
+  ansible.builtin.service:
     name: xorg.service
     state: restarted
 
 - name: Restart Kodi
-  service:
+  ansible.builtin.service:
     name: kodi.service
     state: restarted

Ansible/roles/kodi/tasks/main.yml

 ---
 - name: APT install
-  apt:
+  ansible.builtin.apt:
     cache_valid_time: 3600
     install_recommends: false
     name:
@@ -19,7 +19,7 @@
     update_cache: true
 
 - name: Configure boot splash
-  copy:
+  ansible.builtin.copy:
     backup: true
     content: |
       [Daemon]
@@ -30,7 +30,7 @@
     - Rebuild initramfs
 
 - name: Enable boot splash
-  lineinfile:
+  ansible.builtin.lineinfile:
     backup: true
     # yamllint disable-line rule:line-length
     line: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash systemd.unified_cgroup_hierarchy=0"
@@ -39,7 +39,7 @@
     - Update GRUB
 
 - name: Create library mountpoint
-  file:
+  ansible.builtin.file:
     mode: 0o0755
     path: /srv/library
     state: directory
@@ -76,7 +76,7 @@
     - transmission
   loop_control:
     index_var: idx
-  user:
+  ansible.builtin.user:
     create_home: true
     home: /var/lib/{{ item }}
     name: '{{ item }}'
@@ -90,7 +90,7 @@
     - Restart Kodi
 
 - name: Configure rootless Xorg
-  copy:
+  ansible.builtin.copy:
     backup: true
     content: |
       allowed_users=anybody
@@ -103,7 +103,7 @@
   with_items: &services
     - xorg.service
     - kodi.service
-  copy:
+  ansible.builtin.copy:
     dest: /etc/systemd/system/
     mode: preserve
     src: '{{ item }}'
@@ -113,7 +113,7 @@
 
 - name: Enable services
   with_items: *services
-  service:
+  ansible.builtin.service:
     daemon-reload: true
     enabled: true
     name: '{{ item }}'

Ansible/roles/openbsd_bootstrap/tasks/main.yaml

 ---
 - name: Install Python3
-  raw: pkg_add -Iz py3-pip
+  ansible.builtin.raw: pkg_add -Iz py3-pip
   register: openbsd_pkg_add_python
   failed_when: "'error' in openbsd_pkg_add_python.stdout|lower"
   changed_when: "'extracting' in openbsd_pkg_add_python.stdout"
 
 - name: Gather facts
-  setup:
+  ansible.builtin.setup:
 
 - name: Configure doas
-  copy:
+  ansible.builtin.copy:
     content: |
       permit nopass keepenv root
       permit nopass keepenv nimrod

Ansible/roles/openwrt_bootstrap/tasks/main.yaml

 ---
 - name: Install Python3
-  raw: opkg install python3
+  ansible.builtin.raw: opkg install python3
   register: opkg_install_python3
   changed_when: |
     'installing' in opkg_install_python3.stdout
 
 - name: Gather facts
-  setup:
+  ansible.builtin.setup:

Ansible/roles/router/handlers/main.yaml

 ---
 - name: Setup network interfaces
-  command:
+  ansible.builtin.command:
     cmd: /bin/sh /etc/netstart
 
 - name: Reload PF
-  command:
+  ansible.builtin.command:
     cmd: pfctl -f /etc/pf.conf
 
 - name: Rebuild mail aliases
-  command:
+  ansible.builtin.command:
     cmd: newaliases
 
 - name: Restart HAProxy
-  service:
+  ansible.builtin.service:
     name: haproxy
     state: restarted
 
 - name: Restart NSD
-  service:
+  ansible.builtin.service:
     name: nsd
     state: restarted
 
 - name: Restart Unbound
-  service:
+  ansible.builtin.service:
     name: unbound
     state: restarted
 
 - name: Restart the FTP proxy
-  service:
+  ansible.builtin.service:
     name: ftpproxy
     state: restarted
 
 - name: Restart the DHCP daemon
-  service:
+  ansible.builtin.service:
     name: dhcpd
     state: restarted
 
 - name: Restart the SMTP daemon
-  service:
+  ansible.builtin.service:
     name: smtpd
     state: restarted
 
 - name: Restart the spam deferral daemon
-  service:
+  ansible.builtin.service:
     name: spamd
     state: restarted
 
 - name: Restart the BGP daemon
-  service:
+  ansible.builtin.service:
     name: bgpd
     state: restarted
 
 - name: Restart the NTP daemon
-  service:
+  ansible.builtin.service:
     name: ntpd
     state: restarted
 
 - name: Restart the HTTP daemon
-  service:
+  ansible.builtin.service:
     name: httpd
     state: restarted
 
 - name: Message about restarting the machine
-  debug:
+  ansible.builtin.debug:
     msg: The {{ ansible_facts.hostname }} needs to be restarted
     verbosity: 0
 
 - name: Stop the audio server
-  service:
+  ansible.builtin.service:
     name: sndiod
     state: stopped
 
 - name: Restart the SSH daemon
-  service:
+  ansible.builtin.service:
     name: sshd
     state: restarted
 
 - name: Restart the filebeat daemon
-  service:
+  ansible.builtin.service:
     name: filebeat
     state: restarted
 
 - name: Restart the metricbeat daemon
-  service:
+  ansible.builtin.service:
     name: metricbeat
     state: restarted
 
 - name: Restart the packetbeat daemon
-  service:
+  ansible.builtin.service:
     name: packetbeat
     state: restarted

Ansible/roles/router/tasks/main.yaml

@@ -11,7 +11,7 @@
     - pf
 
 - name: Set hosts entries
-  copy:
+  ansible.builtin.copy:
     dest: /etc/hosts
     mode: preserve
     src: hosts
@@ -30,7 +30,7 @@
       regexp: '		8021/tcp'  # noqa 203
     - line: 'bittorrent		51413/tcp'  # noqa 203
       regexp: '		51413/tcp'  # noqa 203
-  lineinfile:
+  ansible.builtin.lineinfile:
     backup: true
     line: '{{ item.line }}'
     path: /etc/services
@@ -41,7 +41,7 @@
     - pf
 
 - name: Generate the Unbound root anchor file
-  command:
+  ansible.builtin.command:
     cmd: /usr/sbin/unbound-anchor -a /var/unbound/db/root.key
     creates: /var/unbound/db/root.key
   tags:
@@ -50,7 +50,7 @@
     - unbound
 
 - name: Set DNS resolving
-  copy:
+  ansible.builtin.copy:
     content: |-
       search shore.co.il
       nameserver 127.0.0.1
@@ -82,7 +82,7 @@
       authname 'ns_nimadar@014' authkey '{{ bezeqint_password }}' up
       dest 0.0.0.1
       !/sbin/route add default -ifp pppoe0 62.219.131.121
-  copy:
+  ansible.builtin.copy:
     content: '{{ item.value }}'
     dest: /etc/hostname.{{ item.key }}
     owner: root
@@ -96,7 +96,7 @@
     - network
 
 - name: Configure the Unbound DNS resolver
-  file:
+  ansible.builtin.file:
     path: /var/unbound/etc/unbound.conf.d
     mode: 0o0755
     state: directory
@@ -106,7 +106,7 @@
     - network
 
 - name: Configure Ubnound DNS resolver
-  lineinfile:
+  ansible.builtin.lineinfile:
     insertafter: EOF
     line: >-
       include: "/var/unbound/etc/unbound.conf.d/*.conf"
@@ -122,7 +122,7 @@
 - name: Configure the Unbound DNS resolver
   loop:
     - shore.co.il.conf
-  copy:
+  ansible.builtin.copy:
     dest: '/var/unbound/etc/unbound.conf.d/{{ item }}'
     mode: preserve
     src: 'unbound/{{ item }}'
@@ -136,7 +136,7 @@
     - network
 
 - name: Enable the Unbound DNS resolver
-  service:
+  ansible.builtin.service:
     enabled: true
     name: unbound
     state: started
@@ -146,7 +146,7 @@
     - network
 
 - name: Configure PF
-  copy:
+  ansible.builtin.copy:
     dest: /etc/pf.conf
     mode: 0o0600
     src: pf.conf
@@ -159,7 +159,7 @@
     - network
 
 - name: Enable the FTP proxy
-  service:
+  ansible.builtin.service:
     enabled: true
     name: ftpproxy
     state: started
@@ -169,7 +169,7 @@
     - network
 
 - name: Apply changes (if needed) to properly setup networking
-  meta: flush_handlers
+  ansible.builtin.meta: flush_handlers
   tags:
     - always
 
@@ -188,21 +188,21 @@
     - packages
 
 - name: Allow Bash as a login shell
-  lineinfile:
+  ansible.builtin.lineinfile:
     line: /usr/local/bin/bash
     path: /etc/shells
   tags:
     - bash
 
 - name: Set Bash as the login shell
-  user:
+  ansible.builtin.user:
     name: '{{ ansible_facts.env["DOAS_USER"] }}'
     shell: /usr/local/bin/bash
   tags:
     - bash
 
 - name: Set boot configuration
-  copy:
+  ansible.builtin.copy:
     content: |
       stty com1 115200
       set tty com1
@@ -215,7 +215,7 @@
     - boot
 
 - name: Configure the NSD DNS server
-  file:
+  ansible.builtin.file:
     path: /var/nsd/etc/nsd.conf.d
     mode: 0o0755
     state: directory
@@ -232,7 +232,7 @@
     - line: >-
         ip-address: 62.219.131.121
       insertafter: 'server:'
-  lineinfile:
+  ansible.builtin.lineinfile:
     insertafter: '{{ item.insertafter }}'
     line: '{{ item.line }}'
     path: /var/nsd/etc/nsd.conf
@@ -249,7 +249,7 @@
     - shore.co.il.conf
     - nehe.sr.conf
     - nehes.co.conf
-  copy:
+  ansible.builtin.copy:
     dest: '/var/nsd/etc/nsd.conf.d/{{ item }}'
     mode: preserve
     src: 'nsd/{{ item }}'
@@ -267,7 +267,7 @@
     - shore.co.il
     - nehe.sr
     - nehes.co
-  copy:
+  ansible.builtin.copy:
     dest: '/var/nsd/zones/{{ item }}'
     mode: preserve
     src: 'nsd/{{ item }}'
@@ -281,7 +281,7 @@
     - network
 
 - name: Enable the NSD DNS server
-  service:
+  ansible.builtin.service:
     enabled: true
     name: nsd
     state: started
@@ -291,7 +291,7 @@
     - network
 
 - name: Configure the DHCP daemon
-  copy:
+  ansible.builtin.copy:
     dest: /etc/dhcpd.conf
     mode: preserve
     src: dhcpd.conf
@@ -304,7 +304,7 @@
     - network
 
 - name: Enable the DHCP daemon
-  service:
+  ansible.builtin.service:
     enabled: true
     name: dhcpd
     state: started
@@ -315,7 +315,7 @@
     - network
 
 - name: Configure HAProxy
-  copy:
+  ansible.builtin.copy:
     backup: true
     dest: /etc/haproxy/haproxy.cfg
     mode: preserve
@@ -329,7 +329,7 @@
     - network
 
 - name: Enable HAProxy
-  service:
+  ansible.builtin.service:
     enabled: true
     name: haproxy
     state: started
@@ -339,7 +339,7 @@
     - network
 
 - name: Configure mail relaying
-  lineinfile:
+  ansible.builtin.lineinfile:
     line: action "outbound" relay host host01.shore.co.il
     path: /etc/mail/smtpd.conf
     regexp: action "outbound" relay
@@ -351,7 +351,7 @@
     - mail
 
 - name: Configure the spam deferral daemon
-  copy:
+  ansible.builtin.copy:
     dest: /etc/mail/spamd.conf
     mode: preserve
     src: mail/spamd.conf
@@ -364,7 +364,7 @@
     - network
 
 - name: Enable the spam deferral daemon
-  lineinfile:
+  ansible.builtin.lineinfile:
     line: >-
       spamd_flags="-h smtp.shore.co.il -G25:12:864"
     path: /etc/rc.conf.local
@@ -379,7 +379,7 @@
   loop:
     - root
     - nimrod
-  lineinfile:
+  ansible.builtin.lineinfile:
     line: '{{ item }}: {{ item }}@shore.co.il'
     path: /etc/mail/aliases
     state: present
@@ -391,7 +391,7 @@
     - network
 
 - name: Configure the BGP daemon
-  copy:
+  ansible.builtin.copy:
     dest: /etc/bgpd.conf
     mode: 0o0600
     src: bgpd.conf
@@ -405,7 +405,7 @@
     - network
 
 - name: Enable the BDP daemon
-  service:
+  ansible.builtin.service:
     enabled: true
     name: bgpd
     state: started
@@ -417,7 +417,7 @@
     - network
 
 - name: Configure the NTP daemon
-  copy:
+  ansible.builtin.copy:
     content: |
       server 0.pool.ntp.org
       server 1.pool.ntp.org
@@ -433,7 +433,7 @@
     - ntp
 
 - name: Enable the NTP daemon
-  service:
+  ansible.builtin.service:
     enabled: true
     name: ntpd
     state: started
@@ -460,7 +460,7 @@
       name: idk
       special_time: daily
       state: absent
-  cron:
+  ansible.builtin.cron:
     job: '{{ item.job }}'
     name: '{{ item.name }}'
     special_time: '{{ item.special_time }}'
@@ -474,7 +474,7 @@
     - dns
 
 - name: Disable the audio server
-  service:
+  ansible.builtin.service:
     enabled: false
     name: sndiod
     state: stopped
@@ -484,14 +484,14 @@
     - sndiod
 
 - name: Configure the SSH daemon
-  include_tasks:
+  ansible.builtin.include_tasks:
     file: '{{ playbook_dir }}/tasks/sshd_config.yaml'
   tags:
     - always
 
 # yamllint disable-line rule:line-length
 - name: Configure the daily Cron job (skip email if there's nothing to report, report on pending system patches).
-  copy:
+  ansible.builtin.copy:
     content: |
       VERBOSESTATUS=0
       syspatch -c
@@ -534,7 +534,7 @@
 
 - name: Enable beats
   loop: *beats
-  service:
+  ansible.builtin.service:
     enabled: true
     name: '{{ item }}'
     state: started

Ansible/tasks/renew-cert.yaml

 ---
 - name: Validate assertions
-  assert:
+  ansible.builtin.assert:
     that:
       - domains is iterable
       - host is string
@@ -103,7 +103,7 @@
   register: acme_challenge
 
 - name: Debug {{ host }} challenge
-  debug:
+  ansible.builtin.debug:
     var: acme_challenge
     verbosity: 1
 
@@ -113,7 +113,7 @@
 
     - name: Create ACME challenge directory on {{ host }}
       delegate_to: &delegate_to '{{ delegate_host|default(host) }}'
-      file:
+      ansible.builtin.file:
         mode: 0o0755
         path: /var/www/www.shore.co.il/.well-known/acme-challenge
         state: directory
@@ -122,7 +122,7 @@
       delegate_to: *delegate_to
       with_dict: |
           {{ acme_challenge['challenge_data'] }}
-      copy:
+      ansible.builtin.copy:
         content: |-
             {{ item.value['http-01']['resource_value'] }}
         # yamllint disable-line rule:line-length
@@ -155,7 +155,7 @@
     - src: *cert_src
       dest: /var/ssl/{{ filename|default('site') }}.crt
       mode: 0o0444
-  copy:
+  ansible.builtin.copy:
     src: |-
         {{ item.src }}
     dest: |-

Ansible/tasks/sshd_config.yaml

@@ -19,7 +19,7 @@
     PubkeyAcceptedKeyTypes: >-
       -ssh-rsa,
       ssh-rsa-cert-v01@openssh.com
-  lineinfile:
+  ansible.builtin.lineinfile:
     backup: true
     line: '{{ item.key }} {{ item.value|replace(" ", "") }}'
     path: /etc/ssh/sshd_config