Runned ansible-lint on this

2022-07-05 00:07:18 +02:00 · 2022-07-05 00:07:18 +02:00 · a73d5892e4
parent a0ac6e7293
commit a73d5892e4
103 changed files with 436 additions and 464 deletions
--- a/plays/backup.yml
+++ b/plays/backup.yml
@ -2,6 +2,6 @@
 ---
 - hosts: backups
  vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
+    borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
  roles:
    - borgbackup-server
--- a/plays/bird.yml
+++ b/plays/bird.yml
@ -2,6 +2,6 @@
 ---
 - hosts: bird
  vars:
-    bird: '{{ glob_bird | default({}) | combine(loc_bird | default({})) }}'
+    bird: "{{ glob_bird | default({}) | combine(loc_bird | default({})) }}"
  roles:
    - bird2
--- a/plays/borgbackup_client.yml
+++ b/plays/borgbackup_client.yml
@ -1,12 +1,9 @@
 #!/usr/bin/env ansible-playbook
 ---
-
- hosts: server
-  roles:
-    - ssh_known_hosts
+- import_playbook: ssh_known_hosts.yml

 - hosts: server
  vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
+    borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
  roles:
    - borgbackup-client
--- a/plays/certbot.yml
+++ b/plays/certbot.yml
@ -3,7 +3,7 @@
 - hosts: certbot !zamok.adm.crans.org
  vars:
    service: "{{ glob_service_certbot | default({}) | combine(loc_service_certbot | default({})) }}"
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
  roles:
    - service
    - certbot
--- a/plays/dns-authoritative.yml
+++ b/plays/dns-authoritative.yml
@ -3,6 +3,6 @@
 # Deploy authoritative DNS server
 - hosts: dns_authoritative
  vars:
-    bind: '{{ glob_bind | default({}) | combine(loc_bind | default({}), recursive=True) }}'
+    bind: "{{ glob_bind | default({}) | combine(loc_bind | default({}), recursive=True) }}"
  roles:
    - bind-authoritative
--- a/plays/dovecot.yml
+++ b/plays/dovecot.yml
@ -3,9 +3,9 @@
 # Deploy dovecot server
 - hosts: dovecot
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    ldap: '{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}'
-    dovecot: '{{ glob_dovecot | default({}) | combine(loc_dovecot | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    ldap: "{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}"
+    dovecot: "{{ glob_dovecot | default({}) | combine(loc_dovecot | default({})) }}"
  roles:
    - certbot
    - dovecot
--- a/plays/freeradius.yml
+++ b/plays/freeradius.yml
@ -10,8 +10,8 @@
 # Deploy radius server
 - hosts: radius
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    freeradius: "{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}"
  roles:
    - certbot
    - freeradius
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@ -3,7 +3,7 @@
 # Deploy Gitlab CI
 - hosts: gitlab_runner
  vars:
-    docker: '{{ glob_docker | default({}) | combine(loc_docker | default({})) }}'
+    docker: "{{ glob_docker | default({}) | combine(loc_docker | default({})) }}"
  roles:
    - docker
    - gitlab-runner
@ -11,12 +11,12 @@
 # Install Gitlab
 - hosts: gitlab
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}'
-    irker: '{{ glob_irker | default({}) | combine(loc_irker | default({})) }}'
-    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    gitlab: "{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}"
+    irker: "{{ glob_irker | default({}) | combine(loc_irker | default({})) }}"
+    mirror: "{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    reverseproxy: "{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}"
  roles:
    - certbot
    - gitlab
--- a/plays/horde.yml
+++ b/plays/horde.yml
@ -3,6 +3,6 @@
 # Moi j'aime le ocaml et lui il installe horde
 - hosts: horde
  vars:
-    horde: '{{ glob_horde | default({}) | combine(loc_horde | default({})) }}'
+    horde: "{{ glob_horde | default({}) | combine(loc_horde | default({})) }}"
  roles:
    - horde
--- a/plays/irc.yml
+++ b/plays/irc.yml
@ -2,14 +2,14 @@
 ---
 - hosts: thelounge
  vars:
-    thelounge: '{{ glob_thelounge | default({}) | combine(loc_thelounge | default({})) }}'
+    thelounge: "{{ glob_thelounge | default({}) | combine(loc_thelounge | default({})) }}"
  roles:
    - thelounge

 - hosts: thelounge,!adh_server
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
  roles:
    - certbot
    - nginx
--- a/plays/jitsi.yml
+++ b/plays/jitsi.yml
@ -2,9 +2,9 @@
 ---
 - hosts: jitsi
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    jitsi: '{{ glob_jitsi | default({}) | combine(loc_jitsi | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    jitsi: "{{ glob_jitsi | default({}) | combine(loc_jitsi | default({})) }}"
  roles:
    - certbot
    - nginx
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@ -3,10 +3,10 @@
 # Deploy Mailman3
 - hosts: mailman
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    opendkim: '{{ glob_opendkim | combine(loc_opendkim | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    mailman3: "{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    opendkim: "{{ glob_opendkim | combine(loc_opendkim | default({})) }}"
  roles:
    - certbot
    - nginx
--- a/plays/mirror.yml
+++ b/plays/mirror.yml
@ -2,9 +2,9 @@
 ---
 - hosts: mirror_backend
  vars:
-    ftpsync: '{{ glob_ftpsync | default({}) | combine(loc_ftpsync | default({})) }}'
-    rsync_mirror: '{{ glob_rsync_mirror | default({}) | combine(loc_rsync_mirror | default({})) }}'
-    apt_mirror: '{{ glob_apt_mirror | default({}) | combine(loc_apt_mirror | default({})) }}'
+    ftpsync: "{{ glob_ftpsync | default({}) | combine(loc_ftpsync | default({})) }}"
+    rsync_mirror: "{{ glob_rsync_mirror | default({}) | combine(loc_rsync_mirror | default({})) }}"
+    apt_mirror: "{{ glob_apt_mirror | default({}) | combine(loc_apt_mirror | default({})) }}"
  roles:
    - ftpsync
    - rsync-mirror
@ -12,12 +12,12 @@

 - hosts: mirror_frontend
  vars:
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
  roles:
    - nginx

 - hosts: rsyncd
  vars:
-    rsyncd: '{{ glob_rsyncd | default({}) | combine(loc_rsyncd | default({})) }}'
+    rsyncd: "{{ glob_rsyncd | default({}) | combine(loc_rsyncd | default({})) }}"
  roles:
    - rsyncd
--- a/plays/moinmoin.yml
+++ b/plays/moinmoin.yml
@ -2,15 +2,15 @@
 ---
 - hosts: certbot:&wiki
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
  roles:
    - certbot

 # Deploy MoinMoin Wiki
 - hosts: wiki
  vars:
-    moinmoin: '{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    moinmoin: "{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
  roles:
    - moinmoin
    - nginx
--- a/plays/monitoring.yml
+++ b/plays/monitoring.yml
@ -1,6 +1,5 @@
 #!/usr/bin/env ansible-playbook
 ---
-
 # Deploy Prometheus on monitoring server
 - hosts: prometheus
  vars:
@ -54,7 +53,7 @@
 # Monitor logs with mtail
 - hosts: mtail
  vars:
-    mtail: '{{ glob_mtail | default({}) | combine(loc_mtail | default({})) }}'
+    mtail: "{{ glob_mtail | default({}) | combine(loc_mtail | default({})) }}"
  roles:
    - mtail

--- a/plays/nginx.yml
+++ b/plays/nginx.yml
@ -3,7 +3,7 @@
 # Deploy Nginx
 - hosts: nginx,!adh_server
  vars:
-    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
-    re2o_front: '{{ glob_re2o_front | default({}) | combine(loc_re2o_front | default({})) }}'  # necessary for re2o-front
+    nginx: "{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}"
+    re2o_front: "{{ glob_re2o_front | default({}) | combine(loc_re2o_front | default({})) }}" # necessary for re2o-front
  roles:
    - nginx
--- a/plays/owncloud.yml
+++ b/plays/owncloud.yml
@ -3,7 +3,7 @@
 # Deploy OwnCloud
 - hosts: owncloud.adm.crans.org
  vars:
-    ldap: '{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}'
+    ldap: "{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}"

  roles:
    - owncloud
--- a/plays/postfix.yml
+++ b/plays/postfix.yml
@ -4,7 +4,7 @@
 - hosts: postfix,!mailman
  vars:
    certbot:
-      - dns_rfc2136_server: '172.16.10.147'
+      - dns_rfc2136_server: 172.16.10.147
        dns_rfc2136_name: certbot_challenge.
        dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
        mail: root@crans.org
@ -17,23 +17,9 @@
      mail: root@crans.org
      exemptions: "{{ lookup('re2oapi', 'get_role', 'user-server')[0] }}"
      mynetworks:
-        ipv4:
-          "{{ lookup('re2oapi', 'cidrs', 'serveurs',
-                                         'adherents',
-                                         'wifi-new-pub',
-                                         'fil-new-pub',
-                                         'fil-pub',
-                                         'wifi-new-serveurs',
-                                         'wifi-new-adherents',
-                                         'wifi-new-federez',
-                                         'fil-new-serveurs',
-                                         'fil-new-adherents')
-                                         | flatten }}"
-        ipv6:
-          "{{ lookup('re2oapi', 'prefixv6', 'adherents',
-                                            'fil-new-pub',
-                                            'wifi-new-pub')
-                                            | flatten }}"
+        ipv4: "{{ lookup('re2oapi', 'cidrs', 'serveurs', 'adherents', 'wifi-new-pub', 'fil-new-pub', 'fil-pub', 'wifi-new-serveurs', 'wifi-new-adherents', 'wifi-new-federez',\
+          \ 'fil-new-serveurs', 'fil-new-adherents') | flatten }}"
+        ipv6: "{{ lookup('re2oapi', 'prefixv6', 'adherents', 'fil-new-pub', 'wifi-new-pub') | flatten }}"
  roles:
    - certbot
    - postfix
--- a/plays/postgresql.yml
+++ b/plays/postgresql.yml
@ -3,6 +3,6 @@
 # Deploy postgresql server
 - hosts: postgres
  vars:
-    postgres: '{{ glob_postgres | default({}) | combine(loc_postgres | default({})) }}'
+    postgres: "{{ glob_postgres | default({}) | combine(loc_postgres | default({})) }}"
  roles:
    - postgresql
--- a/plays/proxmox.yml
+++ b/plays/proxmox.yml
@ -2,7 +2,7 @@
 ---
 - hosts: virtu
  vars:
-    debian_images: '{{ glob_debian_images | default({}) | combine(loc_debian_images | default({})) }}'
+    debian_images: "{{ glob_debian_images | default({}) | combine(loc_debian_images | default({})) }}"
    service: "{{ glob_service_proxmox_user | default({}) | combine(loc_service_proxmox_user | default({})) }}"
  roles:
    - proxmox-apt-sources
--- a/plays/reverse-proxy.yml
+++ b/plays/reverse-proxy.yml
@ -2,9 +2,9 @@
 ---
 - hosts: reverseproxy
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    reverseproxy: "{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}"
  roles:
    - certbot
    - nginx
--- a/plays/root.yml
+++ b/plays/root.yml
@ -17,7 +17,7 @@

 - hosts: server,!sssd
  vars:
-    ldap: '{{ glob_ldap | combine(loc_ldap | default({})) }}'
+    ldap: "{{ glob_ldap | combine(loc_ldap | default({})) }}"
  roles:
    - ldap-client

--- a/plays/roundcube.yml
+++ b/plays/roundcube.yml
@ -1,10 +1,9 @@
 #!/usr/bin/env ansible-playbook
 ---
-
 - hosts: roundcube
  vars:
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    roundcube: '{{ glob_roundcube | default({}) | combine(loc_roundcube | default({})) }}'
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    roundcube: "{{ glob_roundcube | default({}) | combine(loc_roundcube | default({})) }}"
  roles:
    - roundcube
    - nginx
--- a/plays/scripts.yml
+++ b/plays/scripts.yml
@ -2,6 +2,6 @@
 ---
 - hosts: server
  vars:
-    crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
+    crans_scripts: "{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}"
  roles:
    - crans-scripts
--- a/plays/slapd.yml
+++ b/plays/slapd.yml
@ -2,7 +2,7 @@
 ---
 - hosts: slapd
  vars:
-    slapd: '{{ glob_slapd | default({}) | combine(loc_slapd | default({})) }}'
+    slapd: "{{ glob_slapd | default({}) | combine(loc_slapd | default({})) }}"
  roles:
    - slapd

--- a/plays/utilities.yml
+++ b/plays/utilities.yml
@ -1,16 +1,17 @@
 #!/usr/bin/env ansible-playbook
 ---
+- import_playbook: ssh_known_hosts.yml
+
 - hosts: server
  vars:
-    root: '{{ glob_root | default({}) | combine(loc_root | default({})) }}'
-    ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
+    root: "{{ glob_root | default({}) | combine(loc_root | default({})) }}"
+    ntp_client: "{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}"
  roles:
    - root
    - common-tools
    - sudo
    - ntp-client
    - root-config
-    - ssh_known_hosts

 - hosts: server,!virtu
  roles:
--- a/plays/vsftpd.yml
+++ b/plays/vsftpd.yml
@ -3,8 +3,8 @@
 # Deploy vsftpd server on the mirrors
 - hosts: vsftpd_mirror
  vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    vsftpd: '{{ glob_vsftpd_mirror | default({}) | combine(loc_vsftpd | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    vsftpd: "{{ glob_vsftpd_mirror | default({}) | combine(loc_vsftpd | default({})) }}"
  roles:
    - certbot
    - vsftpd
@ -12,6 +12,6 @@
 # Deploy vstfpd on the camera serveur
 - hosts: vsftpd_cameras
  vars:
-    vsftpd: '{{ glob_vsftpd_cameras | default({}) | combine(loc_vsftpd | default({})) }}'
+    vsftpd: "{{ glob_vsftpd_cameras | default({}) | combine(loc_vsftpd | default({})) }}"
  roles:
    - vsftpd
--- a/plays/zamok.yml
+++ b/plays/zamok.yml
@ -1,11 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
-
 - import_playbook: nfs_mount.yml

 - hosts: adh_server
  vars:
-    adh: '{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}'
+    adh: "{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}"
  roles:
    - zamok-tools
    # - postfix
--- a/roles/anope/tasks/main.yml
+++ b/roles/anope/tasks/main.yml
@ -11,8 +11,8 @@

 - name: Deploy Anope configuration
  template:
-    src: "anope/{{ item }}.j2"
-    dest: "/etc/anope/{{ item }}"
+    src: anope/{{ item }}.j2
+    dest: /etc/anope/{{ item }}
    mode: 0640
    owner: root
    group: irc
--- a/roles/apt-mirror/tasks/main.yml
+++ b/roles/apt-mirror/tasks/main.yml
@ -28,7 +28,7 @@
 - name: Copy apt-mirror configurations
  template:
    src: apt/mirror.list.j2
-    dest: "/etc/apt/mirror.list"
+    dest: /etc/apt/mirror.list

 - name: Configure apt-mirror cron
  template:
--- a/roles/belenios/tasks/main.yml
+++ b/roles/belenios/tasks/main.yml
@ -42,8 +42,8 @@
 - name: Start ocsigenserver at boot
  lineinfile:
    path: /etc/default/ocsigenserver
-    regexp: "^LAUNCH_AT_STARTUP="
-    line: "LAUNCH_AT_STARTUP=true"
+    regexp: ^LAUNCH_AT_STARTUP=
+    line: LAUNCH_AT_STARTUP=true
  notify: Restart ocsigenserver

 - name: Clone belenios into /var/local/belenios
@ -69,12 +69,12 @@
    mode: 0755
    state: directory
  loop:
-    - "/etc/ocsigenserver/conf.d"
-    - "/var/lib/belenios"
-    - "/var/lib/belenios/data"
-    - "/var/lib/belenios/upload"
-    - "/var/lib/belenios/spool"
-    - "/var/log/belenios"
+    - /etc/ocsigenserver/conf.d
+    - /var/lib/belenios
+    - /var/lib/belenios/data
+    - /var/lib/belenios/upload
+    - /var/lib/belenios/spool
+    - /var/log/belenios

 - name: Link belenios directories into proper locations
  file:
@ -85,24 +85,24 @@
    mode: 0755
    state: link
  loop:
-    - src: "/var/local/belenios/_run/usr/bin/belenios-tool"
-      path: "/usr/bin/belenios-tool"
+    - src: /var/local/belenios/_run/usr/bin/belenios-tool
+      path: /usr/bin/belenios-tool

-    - src: "/var/local/belenios/_run/usr/lib/belenios"
-      path: "/usr/lib/ocaml/belenios"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-platform"
-      path: "/usr/lib/ocaml/belenios-platform"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-platform-js"
-      path: "/usr/lib/ocaml/belenios-platform-js"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-platform-native"
-      path: "/usr/lib/ocaml/belenios-platform-native"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-server"
-      path: "/usr/lib/ocaml/belenios-server"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-tool"
-      path: "/usr/lib/ocaml/belenios-tool"
+    - src: /var/local/belenios/_run/usr/lib/belenios
+      path: /usr/lib/ocaml/belenios
+    - src: /var/local/belenios/_run/usr/lib/belenios-platform
+      path: /usr/lib/ocaml/belenios-platform
+    - src: /var/local/belenios/_run/usr/lib/belenios-platform-js
+      path: /usr/lib/ocaml/belenios-platform-js
+    - src: /var/local/belenios/_run/usr/lib/belenios-platform-native
+      path: /usr/lib/ocaml/belenios-platform-native
+    - src: /var/local/belenios/_run/usr/lib/belenios-server
+      path: /usr/lib/ocaml/belenios-server
+    - src: /var/local/belenios/_run/usr/lib/belenios-tool
+      path: /usr/lib/ocaml/belenios-tool

-    - src: "/var/local/belenios/_run/usr/share/belenios-server"
-      path: "/usr/share/belenios-server"
+    - src: /var/local/belenios/_run/usr/share/belenios-server
+      path: /usr/share/belenios-server

 - name: Deploy ocsigenserver configuration
  template:
--- a/roles/bird2/handlers/main.yml
+++ b/roles/bird2/handlers/main.yml
@ -1,7 +1,7 @@
 ---
 - name: systemctl status bird.service
  service_facts:
-  listen: 'systemctl reload bird.service'
+  listen: systemctl reload bird.service

 - name: systemctl reload bird.service
  pause:
--- a/roles/bird2/tasks/main.yml
+++ b/roles/bird2/tasks/main.yml
@ -22,4 +22,3 @@
    owner: bird
    group: bird
  notify: systemctl reload bird.service
-
--- a/roles/borgbackup-client/tasks/main.yml
+++ b/roles/borgbackup-client/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Pin borgmatic
  template:
-    src: "apt/{{ item }}.j2"
-    dest: "/etc/apt/{{ item }}"
+    src: apt/{{ item }}.j2
+    dest: /etc/apt/{{ item }}
  loop:
    - sources.list.d/bullseye.list
    - preferences.d/borgmatic-bullseye
@ -13,7 +13,7 @@

 - name: Don't pin borgmatic if we are on bullseye
  file:
-    path: "/etc/apt/{{ item }}"
+    path: /etc/apt/{{ item }}
    state: absent
  loop:
    - sources.list.d/bullseye.list
@ -42,29 +42,29 @@

 - name: Deploy ssh private key
  template:
-    src: "borgmatic/id_ed25519_borg.j2"
-    dest: "/etc/borgmatic/id_ed25519_borg"
+    src: borgmatic/id_ed25519_borg.j2
+    dest: /etc/borgmatic/id_ed25519_borg
    mode: 0600
    owner: root

 - name: Deploy borgmatic config
  template:
-    src: "borgmatic/config.yaml.j2"
-    dest: "/etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml"
+    src: borgmatic/config.yaml.j2
+    dest: /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml
    mode: 0600
    owner: root
    group: root

 - name: Init borg repository
  command:
-    cmd: "/usr/bin/borgmatic init -c /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml -e repokey"
+    cmd: /usr/bin/borgmatic init -c /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml -e repokey
  register: borg_init
  changed_when: '"does not exist" in borg_init.stderr'

 - name: Deploy borg cron
  template:
-    src: "cron.d/borg.j2"
-    dest: "/etc/cron.d/borg{{ borg.path_suffix | default('') }}"
+    src: cron.d/borg.j2
+    dest: /etc/cron.d/borg{{ borg.path_suffix | default('') }}

 - name: Indicate role in motd
  template:
--- a/roles/borgbackup-server/tasks/main.yml
+++ b/roles/borgbackup-server/tasks/main.yml
@ -12,7 +12,7 @@
 - name: Create borgbackup user
  user:
    create_home: true
-    home: '/var/lib/borg/'
+    home: /var/lib/borg/
    system: true
    state: present
    update_password: always
@ -27,8 +27,8 @@

 - name: Deploy authorized_keys
  template:
-    src: "authorized_keys.j2"
-    dest: "/var/lib/borg/.ssh/authorized_keys"
+    src: authorized_keys.j2
+    dest: /var/lib/borg/.ssh/authorized_keys
    mode: 0600
    owner: borg

--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -11,8 +11,8 @@

 - name: Add dhparam
  template:
-    src: "letsencrypt/dhparam.j2"
-    dest: "/etc/letsencrypt/dhparam"
+    src: letsencrypt/dhparam.j2
+    dest: /etc/letsencrypt/dhparam
    mode: 0600

 - name: Create /etc/letsencrypt/conf.d
@ -22,8 +22,8 @@

 - name: Add Certbot configuration
  template:
-    src: "letsencrypt/conf.d/certname.ini.j2"
-    dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini"
+    src: letsencrypt/conf.d/certname.ini.j2
+    dest: /etc/letsencrypt/conf.d/{{ item.certname }}.ini
    mode: 0644
  loop: "{{ certbot }}"

--- a/roles/common-tools/tasks/main.yml
+++ b/roles/common-tools/tasks/main.yml
@ -4,31 +4,31 @@
    update_cache: true
    install_recommends: false
    name:
-      - acl  # advanced ACL
-      - apt  # better than apt-get
+      - acl # advanced ACL
+      - apt # better than apt-get
      - apt-file
-      - aptitude  # nice to have for Ansible
-      - bash-completion  # because bash
-      - curl  # placeholder
+      - aptitude # nice to have for Ansible
+      - bash-completion # because bash
+      - curl # placeholder
      - debsums
-      - emacs-nox  # for maman
-      - git  # code versioning
-      - htop  # better than top
-      - iotop  # monitor i/o
-      - less  # i like cats
-      - lsb-release  # needed to autodetect Debian version
-      - lsscsi  # to list SCSI devices
-      - molly-guard  # prevent reboot
-      - nano  # for vulcain
-      - needrestart  # ask to restart services after upgrade
-      - resolvconf  # for dns configuration in network interfaces
-      - screen  # Vulcain asked for this
+      - emacs-nox # for maman
+      - git # code versioning
+      - htop # better than top
+      - iotop # monitor i/o
+      - less # i like cats
+      - lsb-release # needed to autodetect Debian version
+      - lsscsi # to list SCSI devices
+      - molly-guard # prevent reboot
+      - nano # for vulcain
+      - needrestart # ask to restart services after upgrade
+      - resolvconf # for dns configuration in network interfaces
+      - screen # Vulcain asked for this
      - sudo
-      - tmux  # better than screen
-      - tree  # create a graphical tree of files
-      - vim  # better than nano
-      - vlock  # virtual console lock
-      - zsh  # to be able to ssh @erdnaxe
+      - tmux # better than screen
+      - tree # create a graphical tree of files
+      - vim # better than nano
+      - vlock # virtual console lock
+      - zsh # to be able to ssh @erdnaxe
  register: apt_result
  retries: 3
  until: apt_result is succeeded
@ -37,9 +37,9 @@
  apt:
    state: absent
    name:
-      - doc-debian  # graphical
-      - debian-faq  # graphical
-      - os-prober  # makes grub-install lag
+      - doc-debian # graphical
+      - debian-faq # graphical
+      - os-prober # makes grub-install lag
      # - oidentd  # kill the monster, https://youtu.be/yhNB0vO7FxI
      - python3-reportbug
      - fish
@ -53,7 +53,7 @@
    path: /usr/bin/screen
    owner: root
    group: utmp
-    mode: '4755'
+    mode: "4755"
  check_mode: false

 - name: Deploy screen tmpfile
--- a/roles/constellation-doc/tasks/main.yml
+++ b/roles/constellation-doc/tasks/main.yml
@ -19,5 +19,5 @@
    mode: u=rwx,g=rwxs,o=rx

 - name: Build HTML documentation
-  command: "sphinx-build -b dirhtml {{ project_path }}/docs/ /var/www/constellation-doc/"
+  command: sphinx-build -b dirhtml {{ project_path }}/docs/ /var/www/constellation-doc/
  become_user: www-data
--- a/roles/constellation-front/tasks/main.yml
+++ b/roles/constellation-front/tasks/main.yml
@ -21,14 +21,14 @@
 - name: Set data directories in development mode
  when: constellation.version != "master"
  set_fact:
-    project_path: "/var/local/constellation"
-    module_path: "/var/local/constellation/constellation"
+    project_path: /var/local/constellation
+    module_path: /var/local/constellation/constellation

 - name: Set data directories in production mode
  when: constellation.version == "master"
  set_fact:
-    project_path: "/usr/local/lib/python3.9/dist-packages/constellation"
-    module_path: "/usr/local/lib/python3.9/dist-packages/constellation"
+    project_path: /usr/local/lib/python3.9/dist-packages/constellation
+    module_path: /usr/local/lib/python3.9/dist-packages/constellation

 - name: Check front dependencies (production)
  when: constellation.version == "master"
@ -50,8 +50,8 @@

 - name: Copy constellation uWSGI app
  template:
-    src: "uwsgi/apps-available/constellation.ini.j2"
-    dest: "/etc/uwsgi/apps-available/constellation.ini"
+    src: uwsgi/apps-available/constellation.ini.j2
+    dest: /etc/uwsgi/apps-available/constellation.ini
    owner: root
    group: root
    mode: 0644
@ -59,8 +59,8 @@

 - name: Activate constellation uWSGI app
  file:
-    src: "../apps-available/constellation.ini"
-    dest: "/etc/uwsgi/apps-enabled/constellation.ini"
+    src: ../apps-available/constellation.ini
+    dest: /etc/uwsgi/apps-enabled/constellation.ini
    owner: root
    group: root
    state: link
@ -82,10 +82,10 @@

 - name: Create static files directory
  file:
-    path: "/var/lib/constellation/{{ item }}"
+    path: /var/lib/constellation/{{ item }}
    state: directory
-    mode: '2775'
-    owner: "www-data"
+    mode: "2775"
+    owner: www-data
    group: "{{ constellation.group }}"
    recurse: true
  loop:
@ -94,11 +94,11 @@

 - name: Symlink static and media directories (dev)
  file:
-    src: "/var/lib/constellation/{{ item }}"
-    dest: "/var/local/constellation/{{ item }}"
+    src: /var/lib/constellation/{{ item }}
+    dest: /var/local/constellation/{{ item }}
    state: link
-    owner: 'www-data'
-    group: '{{ constellation.group }}'
+    owner: www-data
+    group: "{{ constellation.group }}"
  loop:
    - static
    - media
--- a/roles/constellation/tasks/main.yml
+++ b/roles/constellation/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Pin Django from Debian bullseye-backports
  template:
-    src: "apt/sources.list.d/bullseye-backports.list.j2"
-    dest: "/etc/apt/sources.list.d/bullseye-backports.list"
+    src: apt/sources.list.d/bullseye-backports.list.j2
+    dest: /etc/apt/sources.list.d/bullseye-backports.list

 - name: Install constellation dependencies
  apt:
@ -29,26 +29,26 @@
 - name: Set configuration directories in development mode
  when: constellation.version != "main"
  set_fact:
-    module_path: "/var/local/constellation/constellation"
-    project_path: "/var/local/constellation"
+    module_path: /var/local/constellation/constellation
+    project_path: /var/local/constellation

 - name: Set configuration directories in production mode
  when: constellation.version == "main"
  set_fact:
-    module_path: "/usr/local/lib/python3.9/dist-packages/constellation"
-    project_path: "/usr/local/lib/python3.9/dist-packages/constellation"
+    module_path: /usr/local/lib/python3.9/dist-packages/constellation
+    project_path: /usr/local/lib/python3.9/dist-packages/constellation

 - name: Create constellation directory
  file:
-    path: "/etc/constellation"
+    path: /etc/constellation
    state: directory
-    mode: '2775'
+    mode: "2775"
    owner: "{{ constellation.owner }}"
    group: "{{ constellation.group }}"

 - name: Set ACL for constellation directory
  acl:
-    path: "/etc/constellation"
+    path: /etc/constellation
    default: true
    entity: nounou
    etype: group
@ -59,9 +59,9 @@
 - name: Clone constellation repository (development)
  when: constellation.version != "main"
  git:
-    repo: 'https://gitlab.adm.crans.org/nounous/constellation.git'
+    repo: https://gitlab.adm.crans.org/nounous/constellation.git
    dest: "{{ project_path }}"
-    umask: '002'
+    umask: "002"
    version: "{{ constellation.version }}"
    recursive: true

@ -91,22 +91,22 @@
 - name: Deploy Constellation settings_local.py
  template:
    src: constellation/settings_local.py.j2
-    dest: "/etc/constellation/settings_local.py"
+    dest: /etc/constellation/settings_local.py
    mode: 0660
    owner: "{{ constellation.settings_local_owner }}"
    group: "{{ constellation.settings_local_group }}"

 - name: Symlink configuration file
  file:
-    src: "/etc/constellation/settings_local.py"
+    src: /etc/constellation/settings_local.py
    dest: "{{ module_path }}/settings_local.py"
    state: link

 - name: Deploy crontab
  when: constellation.crontab
  template:
-    src: "cron.d/constellation.j2"
-    dest: "/etc/cron.d/constellation"
+    src: cron.d/constellation.j2
+    dest: /etc/cron.d/constellation
    owner: root
    group: root
    mode: 0644
--- a/roles/crans-scripts/tasks/main.yml
+++ b/roles/crans-scripts/tasks/main.yml
@ -17,7 +17,6 @@
    state: query
  when: not ansible_check_mode

-
 - name: Clone scripts repository
  git:
    repo: "{{ crans_scripts.remote }}"
@ -25,5 +24,5 @@
    version: "{{ crans_scripts.version }}"
    umask: "002"
  register: git_result
-  changed_when: "git_result.after|default('after') != git_result.before|default('before')"
+  changed_when: git_result.after|default('after') != git_result.before|default('before')
  when: not ansible_check_mode
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@ -15,16 +15,16 @@

 - name: Clone Django CAS project repository
  git:
-    repo: '{{ django_cas.repo }}'
-    dest: '{{ django_cas.path }}'
+    repo: "{{ django_cas.repo }}"
+    dest: "{{ django_cas.path }}"
    force: true
    version: master
-    umask: '002'
+    umask: "002"

 - name: Configure Django CAS
  template:
    src: cas/settings_local.py.j2
-    dest: '{{ django_cas.path }}/cas/settings_local.py'
+    dest: "{{ django_cas.path }}/cas/settings_local.py"
    mode: 0600
    owner: www-data
  notify: Restart uwsgi
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -3,7 +3,7 @@
  apt:
    update_cache: true
    name:
-      - docker.io  # Warning: Docker package stands for an unrelated project
+      - docker.io # Warning: Docker package stands for an unrelated project
    state: present
  register: apt_result
  retries: 3
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@ -14,8 +14,8 @@

 - name: Deploy dovecot configuration
  template:
-    src: "dovecot/{{ item }}.j2"
-    dest: "/etc/dovecot/{{ item }}"
+    src: dovecot/{{ item }}.j2
+    dest: /etc/dovecot/{{ item }}
  loop:
    - conf.d/10-auth.conf
    - conf.d/10-logging.conf
--- a/roles/etherpad/tasks/main.yml
+++ b/roles/etherpad/tasks/main.yml
@ -14,7 +14,7 @@
 - name: Clone EtherPad
  git:
    repo: https://github.com/ether/etherpad-lite.git
-    dest: "/var/www/{{ item.name }}"
+    dest: /var/www/{{ item.name }}
    version: 1.8.4
  loop: "{{ etherpad.instances }}"
  become: true
@ -24,7 +24,7 @@
 - name: Configure EtherPad
  template:
    src: etherpad/settings.json.j2
-    dest: "/var/www/{{ item.name }}/settings.json"
+    dest: /var/www/{{ item.name }}/settings.json
    owner: etherpad
    group: etherpad
    mode: 0600
@ -34,7 +34,7 @@
 - name: Install delete_after_delay module
  npm:
    name: ep_delete_after_delay
-    path: "/var/www/{{ item.name }}/node_modules"
+    path: /var/www/{{ item.name }}/node_modules
    state: "{% if item.temporary.enabled is defined and item.temporary.enabled %}present{% else %}absent{% endif %}"
  loop: "{{ etherpad.instances }}"
  become: true
@ -44,7 +44,7 @@
 - name: Install EtherPad systemd unit
  template:
    src: systemd/system/etherpad-lite.service.j2
-    dest: "/etc/systemd/system/{{ item.name }}.service"
+    dest: /etc/systemd/system/{{ item.name }}.service
  loop: "{{ etherpad.instances }}"
  notify: Restart Etherpad

--- a/roles/framadate/tasks/main.yml
+++ b/roles/framadate/tasks/main.yml
@ -10,7 +10,7 @@
      - php-mbstring
      - php-mysql
      - composer
-      - python3-passlib  # Necessary for htpasswd module
+      - python3-passlib # Necessary for htpasswd module
      - python3-pymysql
      - mariadb-server
  register: apt_result
@ -90,7 +90,7 @@
    login_unix_socket: /var/run/mysqld/mysqld.sock
    name: framadate
    password: "{{ glob_framadate.db_password }}"
-    priv: 'framadate.*:ALL'
+    priv: framadate.*:ALL
    state: present

 - name: Indicate role in motd
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@ -25,11 +25,11 @@

 - name: Deploy freeradius configuration
  template:
-    src: "freeradius/3.0/{{ item }}.j2"
-    dest: "/etc/freeradius/3.0/{{ item }}"
+    src: freeradius/3.0/{{ item }}.j2
+    dest: /etc/freeradius/3.0/{{ item }}
    owner: freerad
    group: freerad
-    mode: '0640'
+    mode: "0640"
  loop:
    - radiusd.conf
    - clients.conf
@ -67,7 +67,7 @@
  file:
    path: /etc/letsencrypt/{{ item }}
    group: freerad
-    mode: '0755'
+    mode: "0755"
    recurse: true
  loop:
    - live
--- a/roles/ftpsync/tasks/main.yml
+++ b/roles/ftpsync/tasks/main.yml
@ -13,7 +13,7 @@
 - name: Add the mirror user
  user:
    name: mirror
-    home: /var/mirror  # unused, should be something empty
+    home: /var/mirror # unused, should be something empty
    shell: /bin/false

 - name: Create /etc/ftpsync directory
@ -24,7 +24,7 @@
    mode: 0755
    state: directory
  loop:
-    - "/etc/ftpsync"
+    - /etc/ftpsync
    - "{{ ftpsync.root }}/.html"

 - name: Create root directory
@ -35,11 +35,10 @@
    mode: 0755
    state: directory

-
 - name: Copy ftpsync configurations
  template:
    src: ftpsync.conf.j2
-    dest: "/etc/ftpsync/ftpsync-{{ item.name }}.conf"
+    dest: /etc/ftpsync/ftpsync-{{ item.name }}.conf
  loop: "{{ ftpsync.targets }}"

 - name: Configure ftpsync cron
@ -55,7 +54,7 @@

 - name: Copy configuration files
  template:
-    src: "html/{{ item }}.j2"
+    src: html/{{ item }}.j2
    dest: "{{ ftpsync.root }}/.html/{{ item }}"
    mode: 0644
  loop:
--- a/roles/galene/tasks/main.yml
+++ b/roles/galene/tasks/main.yml
@ -35,7 +35,7 @@

 - name: Build galene
  when: git_result.changed
-  shell: "go build -ldflags='-s -w'"
+  shell: go build -ldflags='-s -w'
  args:
    chdir: /var/local/galene
  environment:
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@ -60,7 +60,7 @@
    - section: auth.anonymous
      option: hide_version
      value: "true"
-    - section: auth.basic  # Only LDAP auth
+    - section: auth.basic # Only LDAP auth
      option: enabled
      value: "false"
    - section: auth.ldap
--- a/roles/horde/handlers/main.yml
+++ b/roles/horde/handlers/main.yml
@ -1,5 +1,4 @@
 ---
-
 - name: Restart nginx
  service:
    name: nginx.service
--- a/roles/horde/tasks/main.yml
+++ b/roles/horde/tasks/main.yml
@ -3,8 +3,8 @@
 - name: Install horde APT dependencies
  apt:
    update_cache: true
-    name: '{{ item }}'
-  loop:  # Install dependencies in the right order.
+    name: "{{ item }}"
+  loop: # Install dependencies in the right order.
    - nginx
    - php-fpm
    - php-horde-webmail
@ -16,8 +16,8 @@

 - name: Configure horde
  template:
-    src: '{{ item }}.j2'
-    dest: '/etc/{{ item }}'
+    src: "{{ item }}.j2"
+    dest: /etc/{{ item }}
    owner: www-data
    group: www-data
    mode: 0640
@ -27,8 +27,8 @@

 - name: Enable horde plugins
  template:
-    src: 'horde/{{ item }}/conf.php.j2'
-    dest: '/etc/horde/{{ item }}/conf.php'
+    src: horde/{{ item }}/conf.php.j2
+    dest: /etc/horde/{{ item }}/conf.php
    owner: www-data
    group: www-data
    mode: 0640
@ -44,8 +44,8 @@

 - name: Configure nginx site
  template:
-    src: '{{ item }}.j2'
-    dest: '/etc/{{ item }}'
+    src: "{{ item }}.j2"
+    dest: /etc/{{ item }}
    owner: root
    group: root
    mode: 0644
@ -57,8 +57,8 @@

 - name: Enable nginx site
  file:
-    src: '/etc/nginx/sites-available/{{ item }}'
-    dest: '/etc/nginx/sites-enabled/{{ item }}'
+    src: /etc/nginx/sites-available/{{ item }}
+    dest: /etc/nginx/sites-enabled/{{ item }}
    state: link
  loop:
    - webmail
--- a/roles/inspircd/tasks/main.yml
+++ b/roles/inspircd/tasks/main.yml
@ -1,22 +1,22 @@
 ---
 - name: Deploy InspIRCd configuration
  template:
-    src: "inspircd/{{ item.dest }}.j2"
-    dest: "/etc/inspircd/{{ item.dest }}"
+    src: inspircd/{{ item.dest }}.j2
+    dest: /etc/inspircd/{{ item.dest }}
    mode: "{{ item.mode }}"
    owner: irc
    group: irc
  loop:
-    - {dest: inspircd.conf, mode: "0644"}
-    - {dest: links.conf, mode: "0600"}
-    - {dest: power.conf, mode: "0600"}
-    - {dest: opers.conf, mode: "0600"}
-    - {dest: modules.conf, mode: "0600"}
-    - {dest: inspircd.motd, mode: "0644"}
+    - { dest: inspircd.conf, mode: "0644" }
+    - { dest: links.conf, mode: "0600" }
+    - { dest: power.conf, mode: "0600" }
+    - { dest: opers.conf, mode: "0600" }
+    - { dest: modules.conf, mode: "0600" }
+    - { dest: inspircd.motd, mode: "0644" }
  notify: Reload InspIRCd

 - name: Deploy certificate refresh CRON
  template:
-    src: "cron.monthly/irc-certs.j2"
-    dest: "/etc/cron.monthly/irc-certs"
+    src: cron.monthly/irc-certs.j2
+    dest: /etc/cron.monthly/irc-certs
    mode: 0755
--- a/roles/irker/tasks/main.yml
+++ b/roles/irker/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Pin irker from Debian Bullseye
  template:
-    src: "apt/{{ item }}.j2"
-    dest: "/etc/apt/{{ item }}"
+    src: apt/{{ item }}.j2
+    dest: /etc/apt/{{ item }}
  loop:
    - sources.list.d/bullseye.list
    - preferences.d/irker-bullseye
@ -13,7 +13,7 @@

 - name: Don't pin irker if we are on bullseye
  file:
-    path: "/etc/apt/{{ item }}"
+    path: /etc/apt/{{ item }}
    state: absent
  loop:
    - sources.list.d/bullseye.list
@ -36,8 +36,8 @@
 - name: Setup Irker parameters
  lineinfile:
    path: /etc/default/irker
-    regexp: "^IRKER_OPTIONS="
-    line: 'IRKER_OPTIONS="-n {{ irker.name }} -d warning"'
+    regexp: ^IRKER_OPTIONS=
+    line: IRKER_OPTIONS="-n {{ irker.name }} -d warning"
    create: true
    owner: root
    group: root
--- a/roles/isc-dhcp-server/handlers/main.yml
+++ b/roles/isc-dhcp-server/handlers/main.yml
@ -1,11 +1,11 @@
 ---
 - name: check isc-dhcp-server
  service_facts:
-  listen: 'restart isc-dhcp-server'
+  listen: restart isc-dhcp-server

 - name: restart dhcp server
  systemd:
    name: isc-dhcp-server
    state: restarted
-  listen: 'restart isc-dhcp-server'
+  listen: restart isc-dhcp-server
  when: not ansible_check_mode and ansible_facts.services['isc-dhcp-server']['state'] == 'running'
--- a/roles/jitsi/tasks/main.yml
+++ b/roles/jitsi/tasks/main.yml
@ -13,8 +13,8 @@
 - name: Define host
  lineinfile:
    path: /etc/hosts
-    regexp: "^{{ item }}"
-    line: '{{ item }} {{ jitsi.hostname }}'
+    regexp: ^{{ item }}
+    line: "{{ item }} {{ jitsi.hostname }}"
  loop: "{{ jitsi.ip }}"

 - name: Import public key of Jitsi repository
@ -39,19 +39,19 @@
    - name: jitsi-meet-prosody
      question: jitsi-videobridge/jvb-hostname
      value: "{{ jitsi.hostname }}"
-      vtype: "string"
+      vtype: string
    - name: jitsi-meet-web-config
      question: jitsi-meet/cert-choice
-      value: "I want to use my own certificate"
-      vtype: "select"
+      value: I want to use my own certificate
+      vtype: select
    - name: jitsi-meet-web-config
      question: jitsi-meet/cert-path-crt
-      value: "/etc/letsencrypt/live/{{ certbot[0].certname }}/fullchain.pem"
-      vtype: "string"
+      value: /etc/letsencrypt/live/{{ certbot[0].certname }}/fullchain.pem
+      vtype: string
    - name: jitsi-meet-web-config
      question: jitsi-meet/cert-path-key
-      value: "/etc/letsencrypt/live/{{ certbot[0].certname }}/privkey.pem"
-      vtype: "string"
+      value: /etc/letsencrypt/live/{{ certbot[0].certname }}/privkey.pem
+      vtype: string

 - name: Install Jitsi-meet
  apt:
@ -65,7 +65,7 @@

 - name: Apply Jitsi configuration
  lineinfile:
-    path: "/etc/jitsi/meet/{{ jitsi.hostname }}-config.js"
+    path: /etc/jitsi/meet/{{ jitsi.hostname }}-config.js
    regexp: "{{ item }}"
    line: "    {{ item }}: true,"
  loop: "{{ jitsi.configuration }}"
--- a/roles/keepalived/handlers/main.yml
+++ b/roles/keepalived/handlers/main.yml
@ -1,5 +1,4 @@
 ---
-
 - name: Reload keepalived.service
  service:
    name: keepalived.service
--- a/roles/ldap-client/handlers/main.yml
+++ b/roles/ldap-client/handlers/main.yml
@ -12,5 +12,5 @@
  service:
    name: nscd
    state: restarted
-  ignore_errors: true  # Sometimes service do not exist
+  ignore_errors: true # Sometimes service do not exist
  listen: Restart nslcd service
--- a/roles/linx/tasks/main.yml
+++ b/roles/linx/tasks/main.yml
@ -18,14 +18,14 @@

 - name: Deploy configuration file
  template:
-    src: "linx/server.conf.j2"
-    dest: "/etc/linx/server.conf"
+    src: linx/server.conf.j2
+    dest: /etc/linx/server.conf
    mode: 0644

 - name: Install linx systemd unit
  template:
-    src: "systemd/system/linx-server.service.j2"
-    dest: "/etc/systemd/system/linx-server.service"
+    src: systemd/system/linx-server.service.j2
+    dest: /etc/systemd/system/linx-server.service
    mode: 0644
  notify: Restart linx-server

--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@ -4,9 +4,9 @@
    update_cache: true
    name:
      - mailman3-full
-      - python3-ipython  # Prettier shell
-      - python3-pip  # CAS
-      - python3-lxml  # CAS
+      - python3-ipython # Prettier shell
+      - python3-pip # CAS
+      - python3-lxml # CAS
      - sassc
    install_recommends: false
  register: apt_result
@ -25,8 +25,8 @@
 # sudo -u postgres createdb -O mailman3 mailman3
 - name: Configure mailman3
  template:
-    src: "mailman3/{{ item }}.j2"
-    dest: "/etc/mailman3/{{ item }}"
+    src: mailman3/{{ item }}.j2
+    dest: /etc/mailman3/{{ item }}
    mode: 0640
    owner: root
    group: list
@ -83,17 +83,17 @@
  blockinfile:
    path: /usr/lib/python3/dist-packages/mailman/commands/cli_notify.py
    marker: "{mark}"
-    marker_begin: '    # XXX This should be a template.'
-    marker_end: '    msg = OwnerNotification(mlist, subject, text, mlist.administrators)'
-    block: "    text = _(\"\"\"La liste {} a {} requêtes de modération en attente.\n\n{}\n\nVous pouvez gérer ces demandes via votre interface web :\nhttps://{{ mailman3.web_domains[0] }}/postorius/lists/{}/held_messages\n\"\"\").format(mlist.fqdn_listname, count, detail, mlist.fqdn_listname)"
+    marker_begin: "    # XXX This should be a template."
+    marker_end: "    msg = OwnerNotification(mlist, subject, text, mlist.administrators)"
+    block: "    text = _(\"\"\"La liste {} a {} requêtes de modération en attente.\n\n{}\n\nVous pouvez gérer ces demandes via votre interface web :\nhttps://{{ mailman3.web_domains[0]\
+      \ }}/postorius/lists/{}/held_messages\n\"\"\").format(mlist.fqdn_listname, count, detail, mlist.fqdn_listname)"

 - name: Send owner notifications from listname-bounces@domain
  lineinfile:
    path: /usr/lib/python3/dist-packages/mailman/email/message.py
-    regexp: '        sender ='
+    regexp: "        sender ="
    line: '        sender = f"{mlist.list_name}-bounces@{mlist.domain.mail_host}"'

-
 # When notifying moderators of a new incoming message, add link to moderation page
 - name: Patch moderation requests messages
  template:
--- a/roles/matrix-synapse/tasks/main.yml
+++ b/roles/matrix-synapse/tasks/main.yml
@ -15,8 +15,8 @@

 - name: Configure matrix-synapse
  template:
-    src: "matrix-synapse/conf.d/{{ item }}.j2"
-    dest: "/etc/matrix-synapse/conf.d/{{ item }}"
+    src: matrix-synapse/conf.d/{{ item }}.j2
+    dest: /etc/matrix-synapse/conf.d/{{ item }}
    mode: 0640
    owner: matrix-synapse
    group: nogroup
--- a/roles/moinmoin-gendoc/tasks/main.yml
+++ b/roles/moinmoin-gendoc/tasks/main.yml
@ -9,12 +9,11 @@

 - name: get dmidecode facts
  dmidecode_facts: {}
-
 - name: get ssh fingerprints
  sshfp: {}
  register: sshfp

- name: "Create wiki page documenting {{ ansible_hostname }} (physical)"
+- name: Create wiki page documenting {{ ansible_hostname }} (physical)
  when: ansible_system_vendor != 'QEMU'
  moinmoin_page:
    url: "{{ moinmoin_base_url }}/Serveur{{ ansible_hostname|title|replace('-', '') }}/CaracteristiquesTechniques"
@ -25,7 +24,7 @@
  connection: local
  become: false

- name: "Create wiki page documenting {{ ansible_hostname }} (virtual)"
+- name: Create wiki page documenting {{ ansible_hostname }} (virtual)
  when: ansible_system_vendor == 'QEMU'
  moinmoin_page:
    url: "{{ moinmoin_base_url }}/Virtuels/Serveur{{ ansible_hostname|title|replace('-', '') }}/CaracteristiquesTechniques"
--- a/roles/moinmoin/tasks/main.yml
+++ b/roles/moinmoin/tasks/main.yml
@ -5,7 +5,7 @@
    name:
      - python-lxml
      - python-moinmoin
-      - python-markdown  # markdown parser
+      - python-markdown # markdown parser
      - python-netaddr
      - uwsgi
      - uwsgi-plugin-python
--- a/roles/mtail/tasks/main.yml
+++ b/roles/mtail/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Pin mtail
  template:
-    src: "apt/{{ item }}.j2"
-    dest: "/etc/apt/{{ item }}"
+    src: apt/{{ item }}.j2
+    dest: /etc/apt/{{ item }}
  loop:
    - sources.list.d/bullseye.list
    - preferences.d/mtail-bullseye
@ -27,15 +27,15 @@

 - name: Copy mtail configurations
  template:
-    src: "mtail/{{ item }}.j2"
-    dest: "/etc/mtail/{{ item }}"
+    src: mtail/{{ item }}.j2
+    dest: /etc/mtail/{{ item }}
    mode: 0644
  loop: "{{ mtail.config }}"
  notify: Restart mtail

 - name: Drop unusued configuration
  file:
-    path: "/etc/mtail/{{ item }}"
+    path: /etc/mtail/{{ item }}
    state: absent
  loop: "{{ mtail.remove }}"
  notify: Restart mtail
--- a/roles/network-interfaces/tasks/main.yml
+++ b/roles/network-interfaces/tasks/main.yml
@ -21,8 +21,8 @@

 - name: Deploy interfaces config
  template:
-    src: "network/interfaces.d/ifalias.j2"
-    dest: "/etc/network/interfaces.d/{{ '%02d' | format(item.id) }}-{{ item.name | replace('_', '-') }}"
+    src: network/interfaces.d/ifalias.j2
+    dest: /etc/network/interfaces.d/{{ '%02d' | format(item.id) }}-{{ item.name | replace('_', '-') }}
    mode: 0644
  when: item.name in interfaces
  loop: "{{ network_interfaces.vlan }}"
--- a/roles/nfs-mount/tasks/main.yml
+++ b/roles/nfs-mount/tasks/main.yml
@ -21,7 +21,7 @@
 - name: Deploy nfs systemd mount
  template:
    src: systemd/system/nfs.mount.j2
-    dest: "/etc/systemd/system/{{ item.name }}.mount"
+    dest: /etc/systemd/system/{{ item.name }}.mount
    mode: 0644
  loop: "{{ nfs_mount.mounts }}"

--- a/roles/nftables/tasks/main.yml
+++ b/roles/nftables/tasks/main.yml
@ -11,9 +11,9 @@
 - name: Deploy the configuration files
  template:
    src: "{{ item }}"
-    dest: "/etc/unbound/{{ item }}"
-    owner: "unbound"
-    group: "unbound"
+    dest: /etc/unbound/{{ item }}
+    owner: unbound
+    group: unbound
    mode: 0600
  loop:
    - unbound.conf
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -9,16 +9,16 @@

 - name: Copy proxypass snippets
  template:
-    src: "nginx/snippets/options-proxypass.conf.j2"
-    dest: "/etc/nginx/snippets/options-proxypass.conf"
+    src: nginx/snippets/options-proxypass.conf.j2
+    dest: /etc/nginx/snippets/options-proxypass.conf
    owner: root
    group: root
    mode: 0644

 - name: Copy SSL snippets
  template:
-    src: "nginx/snippets/options-ssl.conf.j2"
-    dest: "/etc/nginx/snippets/options-ssl.{{ item.name }}.conf"
+    src: nginx/snippets/options-ssl.conf.j2
+    dest: /etc/nginx/snippets/options-ssl.{{ item.name }}.conf
    owner: root
    group: root
    mode: 0644
@ -26,14 +26,14 @@

 - name: Disable default site
  file:
-    dest: "/etc/nginx/sites-enabled/default"
+    dest: /etc/nginx/sites-enabled/default
    state: absent

 - name: Copy reverse proxy sites
  when: reverseproxy is defined
  template:
-    src: "nginx/sites-available/{{ item }}.j2"
-    dest: "/etc/nginx/sites-available/{{ item }}"
+    src: nginx/sites-available/{{ item }}.j2
+    dest: /etc/nginx/sites-available/{{ item }}
    owner: root
    group: root
    mode: 0644
@ -46,8 +46,8 @@
 - name: Activate reverse proxy sites
  when: reverseproxy is defined
  file:
-    src: "/etc/nginx/sites-available/{{ item }}"
-    dest: "/etc/nginx/sites-enabled/{{ item }}"
+    src: /etc/nginx/sites-available/{{ item }}
+    dest: /etc/nginx/sites-enabled/{{ item }}
    owner: root
    group: root
    state: link
@ -61,8 +61,8 @@
 - name: Copy service nginx configuration
  when: nginx.servers is defined and nginx.servers|length > 0
  template:
-    src: "nginx/sites-available/service.j2"
-    dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
+    src: nginx/sites-available/service.j2
+    dest: /etc/nginx/sites-available/{{ nginx.service_name }}
    owner: root
    group: root
    mode: 0644
@ -71,8 +71,8 @@
 - name: Activate local nginx service site
  when: nginx.servers is defined and nginx.servers|length > 0
  file:
-    src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
-    dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
+    src: /etc/nginx/sites-available/{{ nginx.service_name }}
+    dest: /etc/nginx/sites-enabled/{{ nginx.service_name }}
    owner: root
    group: root
    state: link
@ -123,6 +123,6 @@
    path: "{{ item }}"
    state: absent
  loop:
-    - "/etc/nginx/snippets/options-ssl.conf"
-    - "/var/www/custom_401.html"
-    - "/var/www/robots.txt"
+    - /etc/nginx/snippets/options-ssl.conf
+    - /var/www/custom_401.html
+    - /var/www/robots.txt
--- a/roles/ntp-server/tasks/main.yml
+++ b/roles/ntp-server/tasks/main.yml
@ -10,7 +10,7 @@
 - name: Configure NTP daemon
  lineinfile:
    path: /etc/default/ntp
-    regexp: '^NTPD_OPTS'
+    regexp: ^NTPD_OPTS
    line: NTPD_OPTS='-g -x'
  check_mode: false

--- a/roles/opendkim/tasks/main.yml
+++ b/roles/opendkim/tasks/main.yml
@ -11,7 +11,7 @@

 - name: Ensure opendkim directories are here
  file:
-    path: "/etc/opendkim/keys/{{ opendkim.domain }}"
+    path: /etc/opendkim/keys/{{ opendkim.domain }}
    state: directory
    mode: 0750
    owner: opendkim
@ -40,11 +40,11 @@

 - name: Deploy opendkim key
  template:
-    src: "opendkim/keys/key.{{ item }}.j2"
-    dest: "/etc/opendkim/keys/{{ opendkim.domain }}/{{ opendkim.selector }}.{{ item }}"
+    src: opendkim/keys/key.{{ item }}.j2
+    dest: /etc/opendkim/keys/{{ opendkim.domain }}/{{ opendkim.selector }}.{{ item }}
    mode: 0600
    owner: opendkim
    group: opendkim
  loop:
-    - "private"
-    - "txt"
+    - private
+    - txt
--- a/roles/openssh/tasks/main.yml
+++ b/roles/openssh/tasks/main.yml
@ -3,7 +3,7 @@
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ^#?PermitRootLogin
-    line: "PermitRootLogin yes"
+    line: PermitRootLogin yes
    state: present
  notify: Restart sshd service

--- a/roles/owncloud-autofs/tasks/main.yml
+++ b/roles/owncloud-autofs/tasks/main.yml
@ -12,7 +12,7 @@
 - name: Configure autofs deamon
  template:
    src: "{{ item }}.j2"
-    dest: "/etc/{{ item }}"
+    dest: /etc/{{ item }}
    mode: 0644
  loop:
    - default/autofs
@ -21,12 +21,12 @@

 - name: Configure home-adh autofs
  template:
-    src: "auto.master.d/{{ item.0 }}.j2"
-    dest: "/etc/auto.master.d/{{ item.0 }}"
+    src: auto.master.d/{{ item.0 }}.j2
+    dest: /etc/auto.master.d/{{ item.0 }}
    mode: "{{ item.1 }}"
  loop:
-    - ["home-owncloud.autofs", "0600"]
-    - ["home-owncloud.sh", "0700"]
+    - [home-owncloud.autofs, "0600"]
+    - [home-owncloud.sh, "0700"]
  notify: Restart autofs service

 - name: Create /home-owncloud/ directory
--- a/roles/owncloud/tasks/main.yml
+++ b/roles/owncloud/tasks/main.yml
@ -1,5 +1,4 @@
 ---
-
 - name: Install gpg
  apt:
    update_cache: true
@ -22,7 +21,7 @@
 # Add the repository into source list
 - name: Configure owncloud repository
  apt_repository:
-    repo: "deb http://download.opensuse.org/repositories/isv:/ownCloud:/server:/10/Debian_11/ /"
+    repo: deb http://download.opensuse.org/repositories/isv:/ownCloud:/server:/10/Debian_11/ /
    state: present

 - name: Install OwnCloud
--- a/roles/policyd/tasks/main.yml
+++ b/roles/policyd/tasks/main.yml
@ -18,8 +18,8 @@
    dest: "{{ item.dest }}"
    chmod: 0640
  loop:
-    - {src: policyd/policyd-rate-limit.yaml.j2, dest: /etc/policyd-rate-limit.yaml}
-    - {src: policyd/policyd.py.j2, dest: /usr/lib/python3/dist-packages/policyd_rate_limit}
+    - { src: policyd/policyd-rate-limit.yaml.j2, dest: /etc/policyd-rate-limit.yaml }
+    - { src: policyd/policyd.py.j2, dest: /usr/lib/python3/dist-packages/policyd_rate_limit }
  when: postfix.primary

 - name: Indicate role in motd
--- a/roles/postfix-mailman3/tasks/main.yml
+++ b/roles/postfix-mailman3/tasks/main.yml
@ -10,8 +10,8 @@

 - name: Deploy postfix configuration
  template:
-    src: "postfix/{{ item }}.j2"
-    dest: "/etc/postfix/{{ item }}"
+    src: postfix/{{ item }}.j2
+    dest: /etc/postfix/{{ item }}
    mode: 0644
    owner: root
    group: root
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - name: Set postgresql installation directory
  set_fact:
-    postgres_dir: '/etc/postgresql/{{ postgres.version }}/main'
+    postgres_dir: /etc/postgresql/{{ postgres.version }}/main

 - name: Install postgresql
  apt:
@ -14,7 +14,7 @@

 - name: Ensure main postgresql directory exists
  file:
-    path: '{{ postgres_dir }}'
+    path: "{{ postgres_dir }}"
    state: directory
    owner: postgres
    group: postgres
@ -22,7 +22,7 @@

 - name: Ensure configuration directory exists
  file:
-    path: '{{ postgres_dir }}/conf.d'
+    path: "{{ postgres_dir }}/conf.d"
    state: directory
    owner: postgres
    group: postgres
@ -31,7 +31,7 @@
 - name: Configuration of postgresql {{ postgres.version }}
  template:
    src: postgresql/postgresql.conf.j2
-    dest: '{{ postgres_dir }}/postgresql.conf'
+    dest: "{{ postgres_dir }}/postgresql.conf"
    mode: 0640
    owner: postgres
    group: postgres
@ -40,8 +40,8 @@

 - name: Master of configuration of postgresql {{ postgres.version }}
  template:
-    src: 'postgresql/{{ item }}.j2'
-    dest: '{{ postgres_dir }}/{{ item }}'
+    src: postgresql/{{ item }}.j2
+    dest: "{{ postgres_dir }}/{{ item }}"
    mode: 0640
    owner: postgres
    group: postgres
@ -50,7 +50,7 @@
    - pg_ident.conf
  notify:
    - reload postgresql
-  when: 'not(postgres.replica | default(False))'
+  when: not(postgres.replica | default(False))

 - name: Create backup directory
  file:
--- a/roles/printer/tasks/main.yml
+++ b/roles/printer/tasks/main.yml
@ -4,10 +4,10 @@
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
-    - src: "apt/sources.list.d/bullseye-backports.list.j2"
-      dest: "/etc/apt/sources.list.d/bullseye-backports.list"
-    - src: "apt/preferences.d/django-backports.j2"
-      dest: "/etc/apt/preferences.d/django-backports"
+    - src: apt/sources.list.d/bullseye-backports.list.j2
+      dest: /etc/apt/sources.list.d/bullseye-backports.list
+    - src: apt/preferences.d/django-backports.j2
+      dest: /etc/apt/preferences.d/django-backports

 - name: Install printer dependencies
  apt:
@ -42,15 +42,15 @@

 - name: Create django-printer configuration directory
  file:
-    path: "/etc/django-printer"
+    path: /etc/django-printer
    state: directory
-    mode: '2775'
+    mode: "2775"
    owner: "{{ printer.owner }}"
    group: "{{ printer.group }}"

 - name: Set ACL for printer directory
  acl:
-    path: "/etc/django-printer"
+    path: /etc/django-printer
    default: true
    entity: _nounou
    etype: group
@ -60,34 +60,34 @@

 - name: Clone printer repository
  git:
-    repo: 'https://gitlab.adm.crans.org/nounous/django-printer.git'
-    dest: "/var/local/django-printer"
-    umask: '002'
+    repo: https://gitlab.adm.crans.org/nounous/django-printer.git
+    dest: /var/local/django-printer
+    umask: "002"
    version: "{{ printer.version }}"
    recursive: true

 - name: Set owner of cloned project
  file:
-    path: "/var/local/django-printer"
+    path: /var/local/django-printer
    owner: "{{ printer.owner }}"
    group: "{{ printer.group }}"
    recurse: true

 - name: Set manage.py executable
  file:
-    path: "/var/local/django-printer/manage.py"
+    path: /var/local/django-printer/manage.py
    mode: 0755

 - name: Deploy local settings
  template:
    src: django-printer/settings_local.py.j2
-    dest: "/etc/django-printer/settings_local.py"
+    dest: /etc/django-printer/settings_local.py
    mode: 0660

 - name: Symlink configuration file
  file:
-    src: "/etc/django-printer/settings_local.py"
-    dest: "/var/local/django-printer/printer/settings_local.py"
+    src: /etc/django-printer/settings_local.py
+    dest: /var/local/django-printer/printer/settings_local.py
    state: link
  ignore_errors: "{{ ansible_check_mode }}"

@ -95,21 +95,21 @@
 - name: Make Django migrations
  django_manage:
    command: makemigrations
-    project_path: "/var/local/django-printer"
+    project_path: /var/local/django-printer
  notify: Restart uWSGI

 - name: Migrate database
  django_manage:
    command: migrate
-    project_path: "/var/local/django-printer"
+    project_path: /var/local/django-printer
  notify: Restart uWSGI

 - name: Create static files directory
  file:
-    path: "/var/lib/django-printer/{{ item }}"
+    path: /var/lib/django-printer/{{ item }}
    state: directory
-    mode: '2775'
-    owner: "www-data"
+    mode: "2775"
+    owner: www-data
    group: "{{ printer.group }}"
    recurse: true
  loop:
@ -119,18 +119,18 @@
 - name: Collect static files
  django_manage:
    command: collectstatic
-    project_path: "/var/local/django-printer"
+    project_path: /var/local/django-printer
  notify: Restart uWSGI

 - name: Compile messages
  django_manage:
    command: compilemessages
-    project_path: "/var/local/django-printer"
+    project_path: /var/local/django-printer

 - name: Copy uWSGI app
  template:
-    src: "uwsgi/apps-available/django-printer.ini.j2"
-    dest: "/etc/uwsgi/apps-available/django-printer.ini"
+    src: uwsgi/apps-available/django-printer.ini.j2
+    dest: /etc/uwsgi/apps-available/django-printer.ini
    owner: root
    group: root
    mode: 0644
@ -138,15 +138,14 @@

 - name: Activate uWSGI app
  file:
-    src: "../apps-available/django-printer.ini"
-    dest: "/etc/uwsgi/apps-enabled/django-printer.ini"
+    src: ../apps-available/django-printer.ini
+    dest: /etc/uwsgi/apps-enabled/django-printer.ini
    owner: root
    group: root
    state: link
  ignore_errors: "{{ ansible_check_mode }}"
  notify: Restart uWSGI

-
 - name: Create documentation directory with good permissions
  file:
    path: /var/www/django-printer-doc
@ -156,7 +155,7 @@
    mode: u=rwx,g=rwxs,o=rx

 - name: Build HTML documentation
-  command: "sphinx-build -b dirhtml /var/local/django-printer/docs/ /var/www/django-printer-doc/"
+  command: sphinx-build -b dirhtml /var/local/django-printer/docs/ /var/www/django-printer-doc/
  become_user: www-data

 - name: Indicate module in motd
--- a/roles/prometheus-blackbox-exporter/tasks/main.yml
+++ b/roles/prometheus-blackbox-exporter/tasks/main.yml
@ -1,10 +1,10 @@
 ---
 - name: Configure the exporter to allow pings
  debconf:
-    name: "prometheus-blackbox-exporter"
-    question: "prometheus-blackbox-exporter/want_cap_net_raw"
+    name: prometheus-blackbox-exporter
+    question: prometheus-blackbox-exporter/want_cap_net_raw
    value: "true"
-    vtype: "boolean"
+    vtype: boolean
  notify: Restart prometheus-blackbox-exporter

 - name: Install Prometheus Blackbox exporter
@ -18,7 +18,7 @@
 - name: Make Prometheus Blackbox exporter listen on localhost only
  lineinfile:
    path: /etc/default/prometheus-blackbox-exporter
-    regexp: '^ARGS='
+    regexp: ^ARGS=
    line: >
      ARGS='--config.file /etc/prometheus/blackbox.yml
      --web.listen-address="localhost:9115"'
--- a/roles/prometheus-nginx-exporter/tasks/main.yml
+++ b/roles/prometheus-nginx-exporter/tasks/main.yml
@ -3,7 +3,7 @@
  apt:
    update_cache: true
    name:
-      - nginx  # Nginx may be not already installed
+      - nginx # Nginx may be not already installed
      - prometheus-nginx-exporter
  register: apt_result
  retries: 3
@ -12,7 +12,7 @@
 - name: Make prometheus-nginx-exporter listen on adm only
  lineinfile:
    path: /etc/default/prometheus-nginx-exporter
-    regexp: '^ARGS='
+    regexp: ^ARGS=
    line: |
      ARGS="-web.listen-address={{ prometheus_nginx_exporter.listen_addr }}:9117 -nginx.scrape-uri=http://[::1]:6424/stub_status"
  notify:
--- a/roles/prometheus-node-exporter/tasks/main.yml
+++ b/roles/prometheus-node-exporter/tasks/main.yml
@ -3,7 +3,7 @@
  apt:
    update_cache: true
    name: prometheus-node-exporter
-    install_recommends: false  # Do not install smartmontools
+    install_recommends: false # Do not install smartmontools
  register: apt_result
  retries: 3
  until: apt_result is succeeded
@ -22,7 +22,7 @@
 - name: Make Prometheus node-exporter listen on adm only
  lineinfile:
    path: /etc/default/prometheus-node-exporter
-    regexp: '^ARGS='
+    regexp: ^ARGS=
    line: |
      ARGS="--web.listen-address={{ prometheus_node_exporter.listen_addr }}:9100"
  tags: restart-node-exporter
--- a/roles/prometheus-snmp-exporter/tasks/main.yml
+++ b/roles/prometheus-snmp-exporter/tasks/main.yml
@ -10,15 +10,15 @@
 - name: Make Prometheus SNMP exporter listen on localhost only
  lineinfile:
    path: /etc/default/prometheus-snmp-exporter
-    regexp: '^ARGS='
-    line: "ARGS=\"--web.listen-address={{ snmp_exporter.listen_address }}\""
+    regexp: ^ARGS=
+    line: ARGS="--web.listen-address={{ snmp_exporter.listen_address }}"
  notify: Restart prometheus-snmp-exporter

 # This file store SNMP OIDs
 - name: Configure Prometheus SNMP exporter
  template:
-    src: "prometheus/snmp.yml.j2"
-    dest: "/etc/prometheus/snmp.yml"
+    src: prometheus/snmp.yml.j2
+    dest: /etc/prometheus/snmp.yml
    mode: 0600
    owner: prometheus
  notify: Restart prometheus-snmp-exporter
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@ -25,7 +25,7 @@
 - name: Configure Prometheus targets
  copy:
    content: "{{ [{'targets': item.value.targets}] | to_nice_json }}\n"
-    dest: "/etc/prometheus/{{ item.value.file }}"
+    dest: /etc/prometheus/{{ item.value.file }}
    mode: 0644
  loop: "{{ prometheus | dict2items }}"

--- a/roles/proxmox-debian-images/tasks/main.yml
+++ b/roles/proxmox-debian-images/tasks/main.yml
@ -22,7 +22,7 @@

 - name: Create specific directory for extra images (Arch Linux, Ubuntu)
  file:
-    path: "/var/lib/vz/template/iso/{{ item }}"
+    path: /var/lib/vz/template/iso/{{ item }}
    owner: root
    group: root
    mode: 0755
@ -33,6 +33,8 @@
  when: debian_images.include_extra_images

 - name: Initial synchronization to download Debian images
-  shell: "rsync --verbose --dirs --compress --times --update --delete-after --delete-excluded --include 'debian-[0-9]*-amd64-netinst.iso' --exclude '*' rsync://{{ debian_images.rsync_host }}/{{ debian_images.rsync_module }}/cdimage-debian/release/current/amd64/iso-cd/ /var/lib/vz/template/iso/debian/ && find /var/lib/vz/template/iso/debian -type f -iregex '.*/debian-[0-9.]*-amd64-netinst.iso' -exec ln -sf {} /var/lib/vz/template/iso/debian-stable-amd64-netinst.iso \\;"
+  shell: rsync --verbose --dirs --compress --times --update --delete-after --delete-excluded --include 'debian-[0-9]*-amd64-netinst.iso' --exclude '*' rsync://{{
+    debian_images.rsync_host }}/{{ debian_images.rsync_module }}/cdimage-debian/release/current/amd64/iso-cd/ /var/lib/vz/template/iso/debian/ && find /var/lib/vz/template/iso/debian
+    -type f -iregex '.*/debian-[0-9.]*-amd64-netinst.iso' -exec ln -sf {} /var/lib/vz/template/iso/debian-stable-amd64-netinst.iso \;
  register: rsync_output
  changed_when: '"debian" in rsync_output.stdout'
--- a/roles/re2o-front/tasks/main.yml
+++ b/roles/re2o-front/tasks/main.yml
@ -23,12 +23,12 @@

 - name: Copy re2o uWSGI app
  template:
-    src: "uwsgi/apps-available/re2o.ini.j2"
-    dest: "/etc/uwsgi/apps-available/re2o.ini"
+    src: uwsgi/apps-available/re2o.ini.j2
+    dest: /etc/uwsgi/apps-available/re2o.ini

 - name: Activate re2o uWSGI app
  file:
-    src: "../apps-available/re2o.ini"
-    dest: "/etc/uwsgi/apps-enabled/re2o.ini"
+    src: ../apps-available/re2o.ini
+    dest: /etc/uwsgi/apps-enabled/re2o.ini
    state: link
  notify: Reload uWSGI
--- a/roles/re2o-ldap/tasks/main.yml
+++ b/roles/re2o-ldap/tasks/main.yml
@ -31,7 +31,7 @@
 - name: Delete old slapd configuration and data
  when: not installation.stat.exists
  file:
-    path: '{{ item }}'
+    path: "{{ item }}"
    state: absent
  loop:
    - /etc/ldap/slapd.d
@ -39,7 +39,7 @@

 - name: Create slapd configuration and data directory
  file:
-    path: '{{ item }}'
+    path: "{{ item }}"
    state: directory
    owner: openldap
    group: openldap
@ -50,8 +50,8 @@

 - name: Copy ldif files
  template:
-    src: 'ldap/{{ item }}.ldif.j2'
-    dest: '/var/lib/slapd/{{ item }}.ldif'
+    src: ldap/{{ item }}.ldif.j2
+    dest: /var/lib/slapd/{{ item }}.ldif
    owner: openldap
    group: openldap
    mode: 0600
@ -83,8 +83,8 @@
 # LDAPS configuration
 - name: Copy TLS certificate
  template:
-    src: "ldap/{{ item }}.j2"
-    dest: "/etc/ldap/{{ item }}"
+    src: ldap/{{ item }}.j2
+    dest: /etc/ldap/{{ item }}
    owner: openldap
    group: openldap
    mode: 0600
@ -95,8 +95,8 @@
 - name: Enable LDAPS
  lineinfile:
    path: /etc/default/slapd
-    regexp: '^SLAPD_SERVICES='
-    line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
+    regexp: ^SLAPD_SERVICES=
+    line: SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
  notify: Restart slapd
  when: not ansible_check_mode

--- a/roles/re2o/tasks/main.yml
+++ b/roles/re2o/tasks/main.yml
@ -36,7 +36,7 @@
  file:
    path: /var/www/re2o
    state: directory
-    mode: '2775'
+    mode: "2775"
    owner: "{{ re2o.owner }}"
    group: "{{ re2o.group }}"

@ -51,9 +51,9 @@

 - name: Clone re2o repository
  git:
-    repo: 'http://gitlab.adm.crans.org/nounous/re2o.git'
+    repo: http://gitlab.adm.crans.org/nounous/re2o.git
    dest: /var/www/re2o
-    umask: '002'
+    umask: "002"
    version: "{{ re2o.version }}"

 - name: Set owner of cloned project
--- a/roles/root-config/tasks/main.yml
+++ b/roles/root-config/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Create or rewrite .nanorc for root
  template:
-    src: '{{ item.src }}.j2'
-    dest: '/root/{{ item.dest }}'
+    src: "{{ item.src }}.j2"
+    dest: /root/{{ item.dest }}
  loop:
    - src: nanorc
      dest: .nanorc
--- a/roles/root/tasks/main.yml
+++ b/roles/root/tasks/main.yml
@ -2,5 +2,5 @@
 - name: Deploys root password hash
  replace:
    path: /etc/shadow
-    regexp: '^root:[^:]*:'
-    replace: 'root:{{ root.passwd_hash }}:'
+    regexp: "^root:[^:]*:"
+    replace: "root:{{ root.passwd_hash }}:"
--- a/roles/roundcube/tasks/main.yml
+++ b/roles/roundcube/tasks/main.yml
@ -18,8 +18,8 @@

 - name: Configure Roundcube
  template:
-    src: "roundcube/{{ item }}.j2"
-    dest: "/etc/roundcube/{{ item }}"
+    src: roundcube/{{ item }}.j2
+    dest: /etc/roundcube/{{ item }}
    owner: root
    group: www-data
    mode: 0640
@ -30,23 +30,23 @@
 - name: Clone custom plugins
  git:
    repo: "{{ item.repo }}"
-    dest: "/etc/roundcube/plugins/{{ item.name }}"
+    dest: /etc/roundcube/plugins/{{ item.name }}
    version: "{{ item.version }}"
  loop: "{{ roundcube.plugins }}"
  when: item.repo is defined

 - name: Symlink custom plugins (1)
  file:
-    src: "/usr/share/roundcube/plugins/{{ item.name }}"
-    dest: "/var/lib/roundcube/plugins/{{ item.name }}"
+    src: /usr/share/roundcube/plugins/{{ item.name }}
+    dest: /var/lib/roundcube/plugins/{{ item.name }}
    state: link
  loop: "{{ roundcube.plugins }}"
  when: item.repo is defined

 - name: Symlink custom plugins (2)
  file:
-    src: "/etc/roundcube/plugins/{{ item.name }}"
-    dest: "/usr/share/roundcube/plugins/{{ item.name }}"
+    src: /etc/roundcube/plugins/{{ item.name }}
+    dest: /usr/share/roundcube/plugins/{{ item.name }}
    state: link
  loop: "{{ roundcube.plugins }}"
  when: item.repo is defined
--- a/roles/rsync-mirror/tasks/main.yml
+++ b/roles/rsync-mirror/tasks/main.yml
@ -3,7 +3,7 @@
 - name: Add the mirror user
  user:
    name: mirror
-    home: /var/mirror  # unused, should be something empty
+    home: /var/mirror # unused, should be something empty
    shell: /bin/false

 - name: Create root directory
--- a/roles/rsyncd/tasks/main.yml
+++ b/roles/rsyncd/tasks/main.yml
@ -10,7 +10,7 @@
 - name: Enable rsync daemon
  lineinfile:
    path: /etc/default/rsync
-    regexp: '^RSYNC_ENABLE'
+    regexp: ^RSYNC_ENABLE
    line: RSYNC_ENABLE=true

 - name: Configure rsyncd
--- a/roles/rsyslog-client/tasks/main.yml
+++ b/roles/rsyslog-client/tasks/main.yml
@ -13,7 +13,7 @@
  file:
    path: /var/log/spool
    state: directory
-    mode: '0750'
+    mode: "0750"
    owner: root
    group: root

--- a/roles/rsyslog-server/handlers/main.yml
+++ b/roles/rsyslog-server/handlers/main.yml
@ -1,5 +1,5 @@
 ---
 - name: restart rsyslog
  service:
-     name: rsyslog
-     state: restarted
+    name: rsyslog
+    state: restarted
--- a/roles/rsyslog-server/tasks/main.yml
+++ b/roles/rsyslog-server/tasks/main.yml
@ -12,7 +12,7 @@
 - name: Deploy logrotate config
  template:
    src: logrotate.d/logrotate.j2
-    dest: "/etc/logrotate.d/{{ rsyslog_server.name }}"
+    dest: /etc/logrotate.d/{{ rsyslog_server.name }}
    mode: 0644
    owner: root
    group: root
--- a/roles/service/tasks/main.yml
+++ b/roles/service/tasks/main.yml
@ -13,7 +13,7 @@
  file:
    path: "{{ service.install_dir }}"
    state: directory
-    mode: '2775'
+    mode: "2775"
    owner: root
    group: _nounou

@ -31,13 +31,13 @@
    repo: "{{ service.git.remote }}"
    version: "{{ service.git.version }}"
    dest: "{{ service.install_dir }}"
-    umask: '002'
+    umask: "002"

 - name: Create generated directory
  file:
    path: "{{ service.install_dir }}/generated"
    state: directory
-    mode: '2770'
+    mode: "2770"
    owner: root
    group: _nounou
  when: service.generated is defined and service.generated
@ -54,7 +54,7 @@
 - name: Deploy cron for service
  template:
    src: cron.d/service.j2
-    dest: "/etc/cron.d/services-{{ service.name }}"
+    dest: /etc/cron.d/services-{{ service.name }}
  when: service.cron is defined and service.cron.frequency is defined

 - name: Deploy service configuration
--- a/roles/slapd/handlers/main.yml
+++ b/roles/slapd/handlers/main.yml
@ -1,5 +1,4 @@
 ---
-
 - name: Restart slapd
  service:
    name: slapd.service
--- a/roles/slapd/tasks/main.yml
+++ b/roles/slapd/tasks/main.yml
@ -15,21 +15,21 @@

 - name: Deploy slapd configuration
  template:
-    src: "ldap/{{ item.dest }}.j2"
-    dest: "/etc/ldap/{{ item.dest }}"
+    src: ldap/{{ item.dest }}.j2
+    dest: /etc/ldap/{{ item.dest }}
    mode: "{{ item.mode }}"
    owner: openldap
    group: openldap
  loop:
-    - {dest: slapd.conf, mode: "0600"}
-    - {dest: ldap.key, mode: "0600"}
-    - {dest: ldap.pem, mode: "0644"}
+    - { dest: slapd.conf, mode: "0600" }
+    - { dest: ldap.key, mode: "0600" }
+    - { dest: ldap.pem, mode: "0644" }
  notify: Restart slapd

 - name: Deploy ldap services
  lineinfile:
    path: /etc/default/slapd
-    regexp: '^SLAPD_SERVICES='
-    line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
+    regexp: ^SLAPD_SERVICES=
+    line: SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"
  notify: Restart slapd
  check_mode: false
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@ -21,7 +21,7 @@

 - name: Enable sssd socket activation
  systemd:
-    name: "sssd-{{ item }}"
+    name: sssd-{{ item }}
    enabled: true
  loop:
    - nss
@ -38,13 +38,13 @@
  lineinfile:
    dest: /etc/nsswitch.conf
    regexp: "^{{ item.name }}:"
-    line: "{{ item.name }}:		{{ item.db }}"
+    line: "{{ item.name }}:\t\t{{ item.db }}"
  loop:
-    - {name: passwd, db: files systemd sss}
-    - {name: group, db: files systemd sss}
-    - {name: shadow, db: files sss}
-    - {name: networks, db: files ldap}
-    - {name: hosts, db: files ldap dns}
+    - { name: passwd, db: files systemd sss }
+    - { name: group, db: files systemd sss }
+    - { name: shadow, db: files sss }
+    - { name: networks, db: files ldap }
+    - { name: hosts, db: files ldap dns }

 - name: Disable nscd cache
  lineinfile:
@ -60,18 +60,18 @@
    # Standard Unix auth by default if available (for root)
    name: common-auth
    type: auth
-    control: '[success=2 default=ignore]'
-    new_control: '[success=3 default=ignore]'
+    control: "[success=2 default=ignore]"
+    new_control: "[success=3 default=ignore]"
    module_path: pam_unix.so

 - name: Insert PAM SSS authentication rule
  pamd:
    name: common-auth
    type: auth
-    control: '[success=3 default=ignore]'
+    control: "[success=3 default=ignore]"
    module_path: pam_unix.so
    new_type: auth
-    new_control: '[success=2 default=ignore]'
+    new_control: "[success=2 default=ignore]"
    new_module_path: pam_sss.so
    state: after

@ -80,8 +80,8 @@
    name: common-auth
    type: auth
    module_path: pam_sss.so
-    control: '[success=2 default=ignore]'
-    module_arguments: 'use_first_pass'
+    control: "[success=2 default=ignore]"
+    module_arguments: use_first_pass

 - name: Add PAM rule for SSS sessions
  pamd:
@ -98,18 +98,18 @@
  pamd:
    name: common-password
    type: password
-    control: '[success=2 default=ignore]'
-    new_control: '[success=3 default=ignore]'
+    control: "[success=2 default=ignore]"
+    new_control: "[success=3 default=ignore]"
    module_path: pam_unix.so

 - name: Insert PAM SSS password rule
  pamd:
    name: common-password
    type: password
-    control: '[success=3 default=ignore]'
+    control: "[success=3 default=ignore]"
    module_path: pam_unix.so
    new_type: password
-    new_control: '[success=2 default=ignore]'
+    new_control: "[success=2 default=ignore]"
    new_module_path: pam_sss.so
    state: after

@ -118,5 +118,5 @@
    name: common-password
    type: password
    module_path: pam_sss.so
-    control: '[success=2 default=ignore]'
-    module_arguments: 'use_authtok'
+    control: "[success=2 default=ignore]"
+    module_arguments: use_authtok
--- a/roles/statping/tasks/main.yml
+++ b/roles/statping/tasks/main.yml
@ -17,8 +17,8 @@

 - name: Install statping systemd unit
  template:
-    src: "systemd/system/statping.service.j2"
-    dest: "/etc/systemd/system/statping.service"
+    src: systemd/system/statping.service.j2
+    dest: /etc/systemd/system/statping.service
    mode: 0644
  notify: Restart statping

--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@ -2,7 +2,7 @@
 - name: Configure sudoers
  template:
    src: "{{ item }}.j2"
-    dest: "/etc/{{ item }}"
+    dest: /etc/{{ item }}
    mode: 0440
  loop:
    - sudoers.d/custom_passprompt
--- a/Show More
+++ b/Show More