From a73d5892e4e3834c2862dbb8ba997a1f442a5836 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Tue, 5 Jul 2022 00:07:18 +0200
Subject: [PATCH] Runned ansible-lint on this

---
 plays/backup.yml                              |  2 +-
 plays/bird.yml                                |  2 +-
 plays/borgbackup_client.yml                   |  7 +--
 plays/certbot.yml                             |  2 +-
 plays/dns-authoritative.yml                   |  2 +-
 plays/dovecot.yml                             |  6 +-
 plays/freeradius.yml                          |  4 +-
 plays/gitlab.yml                              | 14 ++---
 plays/horde.yml                               |  2 +-
 plays/irc.yml                                 |  6 +-
 plays/jitsi.yml                               |  6 +-
 plays/mailman.yml                             |  8 +--
 plays/mirror.yml                              | 10 ++--
 plays/moinmoin.yml                            |  6 +-
 plays/monitoring.yml                          |  3 +-
 plays/nginx.yml                               |  4 +-
 plays/owncloud.yml                            |  2 +-
 plays/postfix.yml                             | 22 ++------
 plays/postgresql.yml                          |  2 +-
 plays/proxmox.yml                             |  2 +-
 plays/reverse-proxy.yml                       |  6 +-
 plays/root.yml                                |  2 +-
 plays/roundcube.yml                           |  5 +-
 plays/scripts.yml                             |  2 +-
 plays/slapd.yml                               |  2 +-
 plays/utilities.yml                           |  7 ++-
 plays/vsftpd.yml                              |  6 +-
 plays/zamok.yml                               |  3 +-
 roles/anope/tasks/main.yml                    |  4 +-
 roles/apt-mirror/tasks/main.yml               |  2 +-
 roles/belenios/tasks/main.yml                 | 48 ++++++++--------
 roles/bird2/handlers/main.yml                 |  2 +-
 roles/bird2/tasks/main.yml                    |  1 -
 roles/borgbackup-client/tasks/main.yml        | 20 +++----
 roles/borgbackup-server/tasks/main.yml        |  6 +-
 roles/certbot/tasks/main.yml                  |  8 +--
 roles/common-tools/tasks/main.yml             | 52 +++++++++---------
 roles/constellation-doc/tasks/main.yml        |  2 +-
 roles/constellation-front/tasks/main.yml      | 30 +++++-----
 roles/constellation/tasks/main.yml            | 30 +++++-----
 roles/crans-scripts/tasks/main.yml            |  3 +-
 roles/django-cas/tasks/main.yml               |  8 +--
 roles/docker/tasks/main.yml                   |  2 +-
 roles/dovecot/tasks/main.yml                  |  4 +-
 roles/etherpad/tasks/main.yml                 |  8 +--
 roles/framadate/tasks/main.yml                |  4 +-
 roles/freeradius/tasks/main.yml               |  8 +--
 roles/ftpsync/tasks/main.yml                  |  9 ++-
 roles/galene/tasks/main.yml                   |  2 +-
 roles/grafana/tasks/main.yml                  |  2 +-
 roles/horde/handlers/main.yml                 |  1 -
 roles/horde/tasks/main.yml                    | 20 +++----
 roles/inspircd/tasks/main.yml                 | 20 +++----
 roles/irker/tasks/main.yml                    | 10 ++--
 roles/isc-dhcp-server/handlers/main.yml       |  4 +-
 roles/jitsi/tasks/main.yml                    | 20 +++----
 roles/keepalived/handlers/main.yml            |  1 -
 roles/ldap-client/handlers/main.yml           |  2 +-
 roles/linx/tasks/main.yml                     |  8 +--
 roles/mailman3/tasks/main.yml                 | 20 +++----
 roles/matrix-synapse/tasks/main.yml           |  4 +-
 roles/moinmoin-gendoc/tasks/main.yml          |  5 +-
 roles/moinmoin/tasks/main.yml                 |  2 +-
 roles/mtail/tasks/main.yml                    | 10 ++--
 roles/network-interfaces/tasks/main.yml       |  4 +-
 roles/nfs-mount/tasks/main.yml                |  2 +-
 roles/nftables/tasks/main.yml                 |  6 +-
 roles/nginx/tasks/main.yml                    | 32 +++++------
 roles/ntp-server/tasks/main.yml               |  2 +-
 roles/opendkim/tasks/main.yml                 | 10 ++--
 roles/openssh/tasks/main.yml                  |  2 +-
 roles/owncloud-autofs/tasks/main.yml          | 10 ++--
 roles/owncloud/tasks/main.yml                 |  3 +-
 roles/policyd/tasks/main.yml                  |  4 +-
 roles/postfix-mailman3/tasks/main.yml         |  4 +-
 roles/postgresql/tasks/main.yml               | 14 ++---
 roles/printer/tasks/main.yml                  | 55 +++++++++----------
 .../tasks/main.yml                            |  8 +--
 .../prometheus-nginx-exporter/tasks/main.yml  |  4 +-
 roles/prometheus-node-exporter/tasks/main.yml |  4 +-
 roles/prometheus-snmp-exporter/tasks/main.yml |  8 +--
 roles/prometheus/tasks/main.yml               |  2 +-
 roles/proxmox-debian-images/tasks/main.yml    |  6 +-
 roles/re2o-front/tasks/main.yml               |  8 +--
 roles/re2o-ldap/tasks/main.yml                | 16 +++---
 roles/re2o/tasks/main.yml                     |  6 +-
 roles/root-config/tasks/main.yml              |  4 +-
 roles/root/tasks/main.yml                     |  4 +-
 roles/roundcube/tasks/main.yml                | 14 ++---
 roles/rsync-mirror/tasks/main.yml             |  2 +-
 roles/rsyncd/tasks/main.yml                   |  2 +-
 roles/rsyslog-client/tasks/main.yml           |  2 +-
 roles/rsyslog-server/handlers/main.yml        |  4 +-
 roles/rsyslog-server/tasks/main.yml           |  2 +-
 roles/service/tasks/main.yml                  |  8 +--
 roles/slapd/handlers/main.yml                 |  1 -
 roles/slapd/tasks/main.yml                    | 14 ++---
 roles/sssd/tasks/main.yml                     | 38 ++++++-------
 roles/statping/tasks/main.yml                 |  4 +-
 roles/sudo/tasks/main.yml                     |  2 +-
 roles/unbound/tasks/main.yml                  |  4 +-
 roles/wireguard/tasks/main.yml                |  4 +-
 roles/zamok-tools/tasks/main.yml              | 54 +++++++++---------
 103 files changed, 436 insertions(+), 464 deletions(-)

diff --git a/plays/backup.yml b/plays/backup.yml
index f0133878..e25e0555 100755
--- a/plays/backup.yml
+++ b/plays/backup.yml
@@ -2,6 +2,6 @@
 ---
 - hosts: backups
   vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
+    borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
   roles:
     - borgbackup-server
diff --git a/plays/bird.yml b/plays/bird.yml
index 9ab5fcc7..358937db 100755
--- a/plays/bird.yml
+++ b/plays/bird.yml
@@ -2,6 +2,6 @@
 ---
 - hosts: bird
   vars:
-    bird: '{{ glob_bird | default({}) | combine(loc_bird | default({})) }}'
+    bird: "{{ glob_bird | default({}) | combine(loc_bird | default({})) }}"
   roles:
     - bird2
diff --git a/plays/borgbackup_client.yml b/plays/borgbackup_client.yml
index dac46b80..945cd80d 100755
--- a/plays/borgbackup_client.yml
+++ b/plays/borgbackup_client.yml
@@ -1,12 +1,9 @@
 #!/usr/bin/env ansible-playbook
 ---
-
-- hosts: server
-  roles:
-    - ssh_known_hosts
+- import_playbook: ssh_known_hosts.yml
 
 - hosts: server
   vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
+    borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
   roles:
     - borgbackup-client
diff --git a/plays/certbot.yml b/plays/certbot.yml
index f6b4de37..d3817ce0 100755
--- a/plays/certbot.yml
+++ b/plays/certbot.yml
@@ -3,7 +3,7 @@
 - hosts: certbot !zamok.adm.crans.org
   vars:
     service: "{{ glob_service_certbot | default({}) | combine(loc_service_certbot | default({})) }}"
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
   roles:
     - service
     - certbot
diff --git a/plays/dns-authoritative.yml b/plays/dns-authoritative.yml
index 8996f396..385390cd 100755
--- a/plays/dns-authoritative.yml
+++ b/plays/dns-authoritative.yml
@@ -3,6 +3,6 @@
 # Deploy authoritative DNS server
 - hosts: dns_authoritative
   vars:
-    bind: '{{ glob_bind | default({}) | combine(loc_bind | default({}), recursive=True) }}'
+    bind: "{{ glob_bind | default({}) | combine(loc_bind | default({}), recursive=True) }}"
   roles:
     - bind-authoritative
diff --git a/plays/dovecot.yml b/plays/dovecot.yml
index 32e02ca4..ff145a9f 100755
--- a/plays/dovecot.yml
+++ b/plays/dovecot.yml
@@ -3,9 +3,9 @@
 # Deploy dovecot server
 - hosts: dovecot
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    ldap: '{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}'
-    dovecot: '{{ glob_dovecot | default({}) | combine(loc_dovecot | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    ldap: "{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}"
+    dovecot: "{{ glob_dovecot | default({}) | combine(loc_dovecot | default({})) }}"
   roles:
     - certbot
     - dovecot
diff --git a/plays/freeradius.yml b/plays/freeradius.yml
index be1c74da..f749a9c0 100755
--- a/plays/freeradius.yml
+++ b/plays/freeradius.yml
@@ -10,8 +10,8 @@
 # Deploy radius server
 - hosts: radius
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    freeradius: "{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}"
   roles:
     - certbot
     - freeradius
diff --git a/plays/gitlab.yml b/plays/gitlab.yml
index f1cbc36a..936c505d 100755
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@@ -3,7 +3,7 @@
 # Deploy Gitlab CI
 - hosts: gitlab_runner
   vars:
-    docker: '{{ glob_docker | default({}) | combine(loc_docker | default({})) }}'
+    docker: "{{ glob_docker | default({}) | combine(loc_docker | default({})) }}"
   roles:
     - docker
     - gitlab-runner
@@ -11,12 +11,12 @@
 # Install Gitlab
 - hosts: gitlab
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}'
-    irker: '{{ glob_irker | default({}) | combine(loc_irker | default({})) }}'
-    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    gitlab: "{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}"
+    irker: "{{ glob_irker | default({}) | combine(loc_irker | default({})) }}"
+    mirror: "{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    reverseproxy: "{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}"
   roles:
     - certbot
     - gitlab
diff --git a/plays/horde.yml b/plays/horde.yml
index f1b8aa8d..faccd685 100755
--- a/plays/horde.yml
+++ b/plays/horde.yml
@@ -3,6 +3,6 @@
 # Moi j'aime le ocaml et lui il installe horde
 - hosts: horde
   vars:
-    horde: '{{ glob_horde | default({}) | combine(loc_horde | default({})) }}'
+    horde: "{{ glob_horde | default({}) | combine(loc_horde | default({})) }}"
   roles:
     - horde
diff --git a/plays/irc.yml b/plays/irc.yml
index b0c12a86..44d50d50 100755
--- a/plays/irc.yml
+++ b/plays/irc.yml
@@ -2,14 +2,14 @@
 ---
 - hosts: thelounge
   vars:
-    thelounge: '{{ glob_thelounge | default({}) | combine(loc_thelounge | default({})) }}'
+    thelounge: "{{ glob_thelounge | default({}) | combine(loc_thelounge | default({})) }}"
   roles:
     - thelounge
 
 - hosts: thelounge,!adh_server
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
   roles:
     - certbot
     - nginx
diff --git a/plays/jitsi.yml b/plays/jitsi.yml
index ee86ee5d..d56d7d1e 100755
--- a/plays/jitsi.yml
+++ b/plays/jitsi.yml
@@ -2,9 +2,9 @@
 ---
 - hosts: jitsi
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    jitsi: '{{ glob_jitsi | default({}) | combine(loc_jitsi | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    jitsi: "{{ glob_jitsi | default({}) | combine(loc_jitsi | default({})) }}"
   roles:
     - certbot
     - nginx
diff --git a/plays/mailman.yml b/plays/mailman.yml
index cd80ad80..5402c3cd 100755
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@@ -3,10 +3,10 @@
 # Deploy Mailman3
 - hosts: mailman
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    opendkim: '{{ glob_opendkim | combine(loc_opendkim | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    mailman3: "{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    opendkim: "{{ glob_opendkim | combine(loc_opendkim | default({})) }}"
   roles:
     - certbot
     - nginx
diff --git a/plays/mirror.yml b/plays/mirror.yml
index 6432626c..76843481 100755
--- a/plays/mirror.yml
+++ b/plays/mirror.yml
@@ -2,9 +2,9 @@
 ---
 - hosts: mirror_backend
   vars:
-    ftpsync: '{{ glob_ftpsync | default({}) | combine(loc_ftpsync | default({})) }}'
-    rsync_mirror: '{{ glob_rsync_mirror | default({}) | combine(loc_rsync_mirror | default({})) }}'
-    apt_mirror: '{{ glob_apt_mirror | default({}) | combine(loc_apt_mirror | default({})) }}'
+    ftpsync: "{{ glob_ftpsync | default({}) | combine(loc_ftpsync | default({})) }}"
+    rsync_mirror: "{{ glob_rsync_mirror | default({}) | combine(loc_rsync_mirror | default({})) }}"
+    apt_mirror: "{{ glob_apt_mirror | default({}) | combine(loc_apt_mirror | default({})) }}"
   roles:
     - ftpsync
     - rsync-mirror
@@ -12,12 +12,12 @@
 
 - hosts: mirror_frontend
   vars:
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
   roles:
     - nginx
 
 - hosts: rsyncd
   vars:
-    rsyncd: '{{ glob_rsyncd | default({}) | combine(loc_rsyncd | default({})) }}'
+    rsyncd: "{{ glob_rsyncd | default({}) | combine(loc_rsyncd | default({})) }}"
   roles:
     - rsyncd
diff --git a/plays/moinmoin.yml b/plays/moinmoin.yml
index 35207855..dab94543 100755
--- a/plays/moinmoin.yml
+++ b/plays/moinmoin.yml
@@ -2,15 +2,15 @@
 ---
 - hosts: certbot:&wiki
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
   roles:
     - certbot
 
 # Deploy MoinMoin Wiki
 - hosts: wiki
   vars:
-    moinmoin: '{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    moinmoin: "{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
   roles:
     - moinmoin
     - nginx
diff --git a/plays/monitoring.yml b/plays/monitoring.yml
index 156e3c1f..7704fe8b 100755
--- a/plays/monitoring.yml
+++ b/plays/monitoring.yml
@@ -1,6 +1,5 @@
 #!/usr/bin/env ansible-playbook
 ---
-
 # Deploy Prometheus on monitoring server
 - hosts: prometheus
   vars:
@@ -54,7 +53,7 @@
 # Monitor logs with mtail
 - hosts: mtail
   vars:
-    mtail: '{{ glob_mtail | default({}) | combine(loc_mtail | default({})) }}'
+    mtail: "{{ glob_mtail | default({}) | combine(loc_mtail | default({})) }}"
   roles:
     - mtail
 
diff --git a/plays/nginx.yml b/plays/nginx.yml
index 6a89fdd0..551f93a0 100755
--- a/plays/nginx.yml
+++ b/plays/nginx.yml
@@ -3,7 +3,7 @@
 # Deploy Nginx
 - hosts: nginx,!adh_server
   vars:
-    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
-    re2o_front: '{{ glob_re2o_front | default({}) | combine(loc_re2o_front | default({})) }}'  # necessary for re2o-front
+    nginx: "{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}"
+    re2o_front: "{{ glob_re2o_front | default({}) | combine(loc_re2o_front | default({})) }}" # necessary for re2o-front
   roles:
     - nginx
diff --git a/plays/owncloud.yml b/plays/owncloud.yml
index 1be65a36..8771f1b9 100755
--- a/plays/owncloud.yml
+++ b/plays/owncloud.yml
@@ -3,7 +3,7 @@
 # Deploy OwnCloud
 - hosts: owncloud.adm.crans.org
   vars:
-    ldap: '{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}'
+    ldap: "{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}"
 
   roles:
     - owncloud
diff --git a/plays/postfix.yml b/plays/postfix.yml
index 42c57b07..2dd2286c 100644
--- a/plays/postfix.yml
+++ b/plays/postfix.yml
@@ -4,7 +4,7 @@
 - hosts: postfix,!mailman
   vars:
     certbot:
-      - dns_rfc2136_server: '172.16.10.147'
+      - dns_rfc2136_server: 172.16.10.147
         dns_rfc2136_name: certbot_challenge.
         dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
         mail: root@crans.org
@@ -17,23 +17,9 @@
       mail: root@crans.org
       exemptions: "{{ lookup('re2oapi', 'get_role', 'user-server')[0] }}"
       mynetworks:
-        ipv4:
-          "{{ lookup('re2oapi', 'cidrs', 'serveurs',
-                                         'adherents',
-                                         'wifi-new-pub',
-                                         'fil-new-pub',
-                                         'fil-pub',
-                                         'wifi-new-serveurs',
-                                         'wifi-new-adherents',
-                                         'wifi-new-federez',
-                                         'fil-new-serveurs',
-                                         'fil-new-adherents')
-                                         | flatten }}"
-        ipv6:
-          "{{ lookup('re2oapi', 'prefixv6', 'adherents',
-                                            'fil-new-pub',
-                                            'wifi-new-pub')
-                                            | flatten }}"
+        ipv4: "{{ lookup('re2oapi', 'cidrs', 'serveurs', 'adherents', 'wifi-new-pub', 'fil-new-pub', 'fil-pub', 'wifi-new-serveurs', 'wifi-new-adherents', 'wifi-new-federez',\
+          \ 'fil-new-serveurs', 'fil-new-adherents') | flatten }}"
+        ipv6: "{{ lookup('re2oapi', 'prefixv6', 'adherents', 'fil-new-pub', 'wifi-new-pub') | flatten }}"
   roles:
     - certbot
     - postfix
diff --git a/plays/postgresql.yml b/plays/postgresql.yml
index 114ce1e7..b419fd79 100755
--- a/plays/postgresql.yml
+++ b/plays/postgresql.yml
@@ -3,6 +3,6 @@
 # Deploy postgresql server
 - hosts: postgres
   vars:
-    postgres: '{{ glob_postgres | default({}) | combine(loc_postgres | default({})) }}'
+    postgres: "{{ glob_postgres | default({}) | combine(loc_postgres | default({})) }}"
   roles:
     - postgresql
diff --git a/plays/proxmox.yml b/plays/proxmox.yml
index 70d55ed0..88b3557a 100755
--- a/plays/proxmox.yml
+++ b/plays/proxmox.yml
@@ -2,7 +2,7 @@
 ---
 - hosts: virtu
   vars:
-    debian_images: '{{ glob_debian_images | default({}) | combine(loc_debian_images | default({})) }}'
+    debian_images: "{{ glob_debian_images | default({}) | combine(loc_debian_images | default({})) }}"
     service: "{{ glob_service_proxmox_user | default({}) | combine(loc_service_proxmox_user | default({})) }}"
   roles:
     - proxmox-apt-sources
diff --git a/plays/reverse-proxy.yml b/plays/reverse-proxy.yml
index 3b03f0a9..ee36c538 100755
--- a/plays/reverse-proxy.yml
+++ b/plays/reverse-proxy.yml
@@ -2,9 +2,9 @@
 ---
 - hosts: reverseproxy
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    reverseproxy: "{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}"
   roles:
     - certbot
     - nginx
diff --git a/plays/root.yml b/plays/root.yml
index 5b92d4fc..c00ed336 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -17,7 +17,7 @@
 
 - hosts: server,!sssd
   vars:
-    ldap: '{{ glob_ldap | combine(loc_ldap | default({})) }}'
+    ldap: "{{ glob_ldap | combine(loc_ldap | default({})) }}"
   roles:
     - ldap-client
 
diff --git a/plays/roundcube.yml b/plays/roundcube.yml
index c57e8920..f3941543 100755
--- a/plays/roundcube.yml
+++ b/plays/roundcube.yml
@@ -1,10 +1,9 @@
 #!/usr/bin/env ansible-playbook
 ---
-
 - hosts: roundcube
   vars:
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    roundcube: '{{ glob_roundcube | default({}) | combine(loc_roundcube | default({})) }}'
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    roundcube: "{{ glob_roundcube | default({}) | combine(loc_roundcube | default({})) }}"
   roles:
     - roundcube
     - nginx
diff --git a/plays/scripts.yml b/plays/scripts.yml
index 4683280a..c72623cd 100755
--- a/plays/scripts.yml
+++ b/plays/scripts.yml
@@ -2,6 +2,6 @@
 ---
 - hosts: server
   vars:
-    crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
+    crans_scripts: "{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}"
   roles:
     - crans-scripts
diff --git a/plays/slapd.yml b/plays/slapd.yml
index 95533606..9674d4f7 100755
--- a/plays/slapd.yml
+++ b/plays/slapd.yml
@@ -2,7 +2,7 @@
 ---
 - hosts: slapd
   vars:
-    slapd: '{{ glob_slapd | default({}) | combine(loc_slapd | default({})) }}'
+    slapd: "{{ glob_slapd | default({}) | combine(loc_slapd | default({})) }}"
   roles:
     - slapd
 
diff --git a/plays/utilities.yml b/plays/utilities.yml
index 97a3cedb..9d14aeb9 100755
--- a/plays/utilities.yml
+++ b/plays/utilities.yml
@@ -1,16 +1,17 @@
 #!/usr/bin/env ansible-playbook
 ---
+- import_playbook: ssh_known_hosts.yml
+
 - hosts: server
   vars:
-    root: '{{ glob_root | default({}) | combine(loc_root | default({})) }}'
-    ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
+    root: "{{ glob_root | default({}) | combine(loc_root | default({})) }}"
+    ntp_client: "{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}"
   roles:
     - root
     - common-tools
     - sudo
     - ntp-client
     - root-config
-    - ssh_known_hosts
 
 - hosts: server,!virtu
   roles:
diff --git a/plays/vsftpd.yml b/plays/vsftpd.yml
index efc6e691..ece6df48 100755
--- a/plays/vsftpd.yml
+++ b/plays/vsftpd.yml
@@ -3,8 +3,8 @@
 # Deploy vsftpd server on the mirrors
 - hosts: vsftpd_mirror
   vars:
-    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    vsftpd: '{{ glob_vsftpd_mirror | default({}) | combine(loc_vsftpd | default({})) }}'
+    certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
+    vsftpd: "{{ glob_vsftpd_mirror | default({}) | combine(loc_vsftpd | default({})) }}"
   roles:
     - certbot
     - vsftpd
@@ -12,6 +12,6 @@
 # Deploy vstfpd on the camera serveur
 - hosts: vsftpd_cameras
   vars:
-    vsftpd: '{{ glob_vsftpd_cameras | default({}) | combine(loc_vsftpd | default({})) }}'
+    vsftpd: "{{ glob_vsftpd_cameras | default({}) | combine(loc_vsftpd | default({})) }}"
   roles:
     - vsftpd
diff --git a/plays/zamok.yml b/plays/zamok.yml
index 6eaa496f..c4bbfbe0 100755
--- a/plays/zamok.yml
+++ b/plays/zamok.yml
@@ -1,11 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
-
 - import_playbook: nfs_mount.yml
 
 - hosts: adh_server
   vars:
-    adh: '{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}'
+    adh: "{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}"
   roles:
     - zamok-tools
     # - postfix
diff --git a/roles/anope/tasks/main.yml b/roles/anope/tasks/main.yml
index 122b34e7..0397cf74 100644
--- a/roles/anope/tasks/main.yml
+++ b/roles/anope/tasks/main.yml
@@ -11,8 +11,8 @@
 
 - name: Deploy Anope configuration
   template:
-    src: "anope/{{ item }}.j2"
-    dest: "/etc/anope/{{ item }}"
+    src: anope/{{ item }}.j2
+    dest: /etc/anope/{{ item }}
     mode: 0640
     owner: root
     group: irc
diff --git a/roles/apt-mirror/tasks/main.yml b/roles/apt-mirror/tasks/main.yml
index 2080afe3..6367c476 100644
--- a/roles/apt-mirror/tasks/main.yml
+++ b/roles/apt-mirror/tasks/main.yml
@@ -28,7 +28,7 @@
 - name: Copy apt-mirror configurations
   template:
     src: apt/mirror.list.j2
-    dest: "/etc/apt/mirror.list"
+    dest: /etc/apt/mirror.list
 
 - name: Configure apt-mirror cron
   template:
diff --git a/roles/belenios/tasks/main.yml b/roles/belenios/tasks/main.yml
index d2d0de02..5b37ad8b 100644
--- a/roles/belenios/tasks/main.yml
+++ b/roles/belenios/tasks/main.yml
@@ -42,8 +42,8 @@
 - name: Start ocsigenserver at boot
   lineinfile:
     path: /etc/default/ocsigenserver
-    regexp: "^LAUNCH_AT_STARTUP="
-    line: "LAUNCH_AT_STARTUP=true"
+    regexp: ^LAUNCH_AT_STARTUP=
+    line: LAUNCH_AT_STARTUP=true
   notify: Restart ocsigenserver
 
 - name: Clone belenios into /var/local/belenios
@@ -69,12 +69,12 @@
     mode: 0755
     state: directory
   loop:
-    - "/etc/ocsigenserver/conf.d"
-    - "/var/lib/belenios"
-    - "/var/lib/belenios/data"
-    - "/var/lib/belenios/upload"
-    - "/var/lib/belenios/spool"
-    - "/var/log/belenios"
+    - /etc/ocsigenserver/conf.d
+    - /var/lib/belenios
+    - /var/lib/belenios/data
+    - /var/lib/belenios/upload
+    - /var/lib/belenios/spool
+    - /var/log/belenios
 
 - name: Link belenios directories into proper locations
   file:
@@ -85,24 +85,24 @@
     mode: 0755
     state: link
   loop:
-    - src: "/var/local/belenios/_run/usr/bin/belenios-tool"
-      path: "/usr/bin/belenios-tool"
+    - src: /var/local/belenios/_run/usr/bin/belenios-tool
+      path: /usr/bin/belenios-tool
 
-    - src: "/var/local/belenios/_run/usr/lib/belenios"
-      path: "/usr/lib/ocaml/belenios"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-platform"
-      path: "/usr/lib/ocaml/belenios-platform"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-platform-js"
-      path: "/usr/lib/ocaml/belenios-platform-js"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-platform-native"
-      path: "/usr/lib/ocaml/belenios-platform-native"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-server"
-      path: "/usr/lib/ocaml/belenios-server"
-    - src: "/var/local/belenios/_run/usr/lib/belenios-tool"
-      path: "/usr/lib/ocaml/belenios-tool"
+    - src: /var/local/belenios/_run/usr/lib/belenios
+      path: /usr/lib/ocaml/belenios
+    - src: /var/local/belenios/_run/usr/lib/belenios-platform
+      path: /usr/lib/ocaml/belenios-platform
+    - src: /var/local/belenios/_run/usr/lib/belenios-platform-js
+      path: /usr/lib/ocaml/belenios-platform-js
+    - src: /var/local/belenios/_run/usr/lib/belenios-platform-native
+      path: /usr/lib/ocaml/belenios-platform-native
+    - src: /var/local/belenios/_run/usr/lib/belenios-server
+      path: /usr/lib/ocaml/belenios-server
+    - src: /var/local/belenios/_run/usr/lib/belenios-tool
+      path: /usr/lib/ocaml/belenios-tool
 
-    - src: "/var/local/belenios/_run/usr/share/belenios-server"
-      path: "/usr/share/belenios-server"
+    - src: /var/local/belenios/_run/usr/share/belenios-server
+      path: /usr/share/belenios-server
 
 - name: Deploy ocsigenserver configuration
   template:
diff --git a/roles/bird2/handlers/main.yml b/roles/bird2/handlers/main.yml
index a14ba0cc..6001124b 100644
--- a/roles/bird2/handlers/main.yml
+++ b/roles/bird2/handlers/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: systemctl status bird.service
   service_facts:
-  listen: 'systemctl reload bird.service'
+  listen: systemctl reload bird.service
 
 - name: systemctl reload bird.service
   pause:
diff --git a/roles/bird2/tasks/main.yml b/roles/bird2/tasks/main.yml
index 90013d25..2c0ec3d8 100644
--- a/roles/bird2/tasks/main.yml
+++ b/roles/bird2/tasks/main.yml
@@ -22,4 +22,3 @@
     owner: bird
     group: bird
   notify: systemctl reload bird.service
-
diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml
index 0f917619..2833d6b5 100644
--- a/roles/borgbackup-client/tasks/main.yml
+++ b/roles/borgbackup-client/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
 - name: Pin borgmatic
   template:
-    src: "apt/{{ item }}.j2"
-    dest: "/etc/apt/{{ item }}"
+    src: apt/{{ item }}.j2
+    dest: /etc/apt/{{ item }}
   loop:
     - sources.list.d/bullseye.list
     - preferences.d/borgmatic-bullseye
@@ -13,7 +13,7 @@
 
 - name: Don't pin borgmatic if we are on bullseye
   file:
-    path: "/etc/apt/{{ item }}"
+    path: /etc/apt/{{ item }}
     state: absent
   loop:
     - sources.list.d/bullseye.list
@@ -42,29 +42,29 @@
 
 - name: Deploy ssh private key
   template:
-    src: "borgmatic/id_ed25519_borg.j2"
-    dest: "/etc/borgmatic/id_ed25519_borg"
+    src: borgmatic/id_ed25519_borg.j2
+    dest: /etc/borgmatic/id_ed25519_borg
     mode: 0600
     owner: root
 
 - name: Deploy borgmatic config
   template:
-    src: "borgmatic/config.yaml.j2"
-    dest: "/etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml"
+    src: borgmatic/config.yaml.j2
+    dest: /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml
     mode: 0600
     owner: root
     group: root
 
 - name: Init borg repository
   command:
-    cmd: "/usr/bin/borgmatic init -c /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml -e repokey"
+    cmd: /usr/bin/borgmatic init -c /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml -e repokey
   register: borg_init
   changed_when: '"does not exist" in borg_init.stderr'
 
 - name: Deploy borg cron
   template:
-    src: "cron.d/borg.j2"
-    dest: "/etc/cron.d/borg{{ borg.path_suffix | default('') }}"
+    src: cron.d/borg.j2
+    dest: /etc/cron.d/borg{{ borg.path_suffix | default('') }}
 
 - name: Indicate role in motd
   template:
diff --git a/roles/borgbackup-server/tasks/main.yml b/roles/borgbackup-server/tasks/main.yml
index c2ed5232..b728718f 100644
--- a/roles/borgbackup-server/tasks/main.yml
+++ b/roles/borgbackup-server/tasks/main.yml
@@ -12,7 +12,7 @@
 - name: Create borgbackup user
   user:
     create_home: true
-    home: '/var/lib/borg/'
+    home: /var/lib/borg/
     system: true
     state: present
     update_password: always
@@ -27,8 +27,8 @@
 
 - name: Deploy authorized_keys
   template:
-    src: "authorized_keys.j2"
-    dest: "/var/lib/borg/.ssh/authorized_keys"
+    src: authorized_keys.j2
+    dest: /var/lib/borg/.ssh/authorized_keys
     mode: 0600
     owner: borg
 
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index e764ee44..6fe6eb57 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -11,8 +11,8 @@
 
 - name: Add dhparam
   template:
-    src: "letsencrypt/dhparam.j2"
-    dest: "/etc/letsencrypt/dhparam"
+    src: letsencrypt/dhparam.j2
+    dest: /etc/letsencrypt/dhparam
     mode: 0600
 
 - name: Create /etc/letsencrypt/conf.d
@@ -22,8 +22,8 @@
 
 - name: Add Certbot configuration
   template:
-    src: "letsencrypt/conf.d/certname.ini.j2"
-    dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini"
+    src: letsencrypt/conf.d/certname.ini.j2
+    dest: /etc/letsencrypt/conf.d/{{ item.certname }}.ini
     mode: 0644
   loop: "{{ certbot }}"
 
diff --git a/roles/common-tools/tasks/main.yml b/roles/common-tools/tasks/main.yml
index 6a16dbd9..178d6cb8 100644
--- a/roles/common-tools/tasks/main.yml
+++ b/roles/common-tools/tasks/main.yml
@@ -4,31 +4,31 @@
     update_cache: true
     install_recommends: false
     name:
-      - acl  # advanced ACL
-      - apt  # better than apt-get
+      - acl # advanced ACL
+      - apt # better than apt-get
       - apt-file
-      - aptitude  # nice to have for Ansible
-      - bash-completion  # because bash
-      - curl  # placeholder
+      - aptitude # nice to have for Ansible
+      - bash-completion # because bash
+      - curl # placeholder
       - debsums
-      - emacs-nox  # for maman
-      - git  # code versioning
-      - htop  # better than top
-      - iotop  # monitor i/o
-      - less  # i like cats
-      - lsb-release  # needed to autodetect Debian version
-      - lsscsi  # to list SCSI devices
-      - molly-guard  # prevent reboot
-      - nano  # for vulcain
-      - needrestart  # ask to restart services after upgrade
-      - resolvconf  # for dns configuration in network interfaces
-      - screen  # Vulcain asked for this
+      - emacs-nox # for maman
+      - git # code versioning
+      - htop # better than top
+      - iotop # monitor i/o
+      - less # i like cats
+      - lsb-release # needed to autodetect Debian version
+      - lsscsi # to list SCSI devices
+      - molly-guard # prevent reboot
+      - nano # for vulcain
+      - needrestart # ask to restart services after upgrade
+      - resolvconf # for dns configuration in network interfaces
+      - screen # Vulcain asked for this
       - sudo
-      - tmux  # better than screen
-      - tree  # create a graphical tree of files
-      - vim  # better than nano
-      - vlock  # virtual console lock
-      - zsh  # to be able to ssh @erdnaxe
+      - tmux # better than screen
+      - tree # create a graphical tree of files
+      - vim # better than nano
+      - vlock # virtual console lock
+      - zsh # to be able to ssh @erdnaxe
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -37,9 +37,9 @@
   apt:
     state: absent
     name:
-      - doc-debian  # graphical
-      - debian-faq  # graphical
-      - os-prober  # makes grub-install lag
+      - doc-debian # graphical
+      - debian-faq # graphical
+      - os-prober # makes grub-install lag
       # - oidentd  # kill the monster, https://youtu.be/yhNB0vO7FxI
       - python3-reportbug
       - fish
@@ -53,7 +53,7 @@
     path: /usr/bin/screen
     owner: root
     group: utmp
-    mode: '4755'
+    mode: "4755"
   check_mode: false
 
 - name: Deploy screen tmpfile
diff --git a/roles/constellation-doc/tasks/main.yml b/roles/constellation-doc/tasks/main.yml
index 8a92c477..31253733 100644
--- a/roles/constellation-doc/tasks/main.yml
+++ b/roles/constellation-doc/tasks/main.yml
@@ -19,5 +19,5 @@
     mode: u=rwx,g=rwxs,o=rx
 
 - name: Build HTML documentation
-  command: "sphinx-build -b dirhtml {{ project_path }}/docs/ /var/www/constellation-doc/"
+  command: sphinx-build -b dirhtml {{ project_path }}/docs/ /var/www/constellation-doc/
   become_user: www-data
diff --git a/roles/constellation-front/tasks/main.yml b/roles/constellation-front/tasks/main.yml
index a17a5394..73d966b5 100644
--- a/roles/constellation-front/tasks/main.yml
+++ b/roles/constellation-front/tasks/main.yml
@@ -21,14 +21,14 @@
 - name: Set data directories in development mode
   when: constellation.version != "master"
   set_fact:
-    project_path: "/var/local/constellation"
-    module_path: "/var/local/constellation/constellation"
+    project_path: /var/local/constellation
+    module_path: /var/local/constellation/constellation
 
 - name: Set data directories in production mode
   when: constellation.version == "master"
   set_fact:
-    project_path: "/usr/local/lib/python3.9/dist-packages/constellation"
-    module_path: "/usr/local/lib/python3.9/dist-packages/constellation"
+    project_path: /usr/local/lib/python3.9/dist-packages/constellation
+    module_path: /usr/local/lib/python3.9/dist-packages/constellation
 
 - name: Check front dependencies (production)
   when: constellation.version == "master"
@@ -50,8 +50,8 @@
 
 - name: Copy constellation uWSGI app
   template:
-    src: "uwsgi/apps-available/constellation.ini.j2"
-    dest: "/etc/uwsgi/apps-available/constellation.ini"
+    src: uwsgi/apps-available/constellation.ini.j2
+    dest: /etc/uwsgi/apps-available/constellation.ini
     owner: root
     group: root
     mode: 0644
@@ -59,8 +59,8 @@
 
 - name: Activate constellation uWSGI app
   file:
-    src: "../apps-available/constellation.ini"
-    dest: "/etc/uwsgi/apps-enabled/constellation.ini"
+    src: ../apps-available/constellation.ini
+    dest: /etc/uwsgi/apps-enabled/constellation.ini
     owner: root
     group: root
     state: link
@@ -82,10 +82,10 @@
 
 - name: Create static files directory
   file:
-    path: "/var/lib/constellation/{{ item }}"
+    path: /var/lib/constellation/{{ item }}
     state: directory
-    mode: '2775'
-    owner: "www-data"
+    mode: "2775"
+    owner: www-data
     group: "{{ constellation.group }}"
     recurse: true
   loop:
@@ -94,11 +94,11 @@
 
 - name: Symlink static and media directories (dev)
   file:
-    src: "/var/lib/constellation/{{ item }}"
-    dest: "/var/local/constellation/{{ item }}"
+    src: /var/lib/constellation/{{ item }}
+    dest: /var/local/constellation/{{ item }}
     state: link
-    owner: 'www-data'
-    group: '{{ constellation.group }}'
+    owner: www-data
+    group: "{{ constellation.group }}"
   loop:
     - static
     - media
diff --git a/roles/constellation/tasks/main.yml b/roles/constellation/tasks/main.yml
index af533e78..c8ac9a4c 100644
--- a/roles/constellation/tasks/main.yml
+++ b/roles/constellation/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
 - name: Pin Django from Debian bullseye-backports
   template:
-    src: "apt/sources.list.d/bullseye-backports.list.j2"
-    dest: "/etc/apt/sources.list.d/bullseye-backports.list"
+    src: apt/sources.list.d/bullseye-backports.list.j2
+    dest: /etc/apt/sources.list.d/bullseye-backports.list
 
 - name: Install constellation dependencies
   apt:
@@ -29,26 +29,26 @@
 - name: Set configuration directories in development mode
   when: constellation.version != "main"
   set_fact:
-    module_path: "/var/local/constellation/constellation"
-    project_path: "/var/local/constellation"
+    module_path: /var/local/constellation/constellation
+    project_path: /var/local/constellation
 
 - name: Set configuration directories in production mode
   when: constellation.version == "main"
   set_fact:
-    module_path: "/usr/local/lib/python3.9/dist-packages/constellation"
-    project_path: "/usr/local/lib/python3.9/dist-packages/constellation"
+    module_path: /usr/local/lib/python3.9/dist-packages/constellation
+    project_path: /usr/local/lib/python3.9/dist-packages/constellation
 
 - name: Create constellation directory
   file:
-    path: "/etc/constellation"
+    path: /etc/constellation
     state: directory
-    mode: '2775'
+    mode: "2775"
     owner: "{{ constellation.owner }}"
     group: "{{ constellation.group }}"
 
 - name: Set ACL for constellation directory
   acl:
-    path: "/etc/constellation"
+    path: /etc/constellation
     default: true
     entity: nounou
     etype: group
@@ -59,9 +59,9 @@
 - name: Clone constellation repository (development)
   when: constellation.version != "main"
   git:
-    repo: 'https://gitlab.adm.crans.org/nounous/constellation.git'
+    repo: https://gitlab.adm.crans.org/nounous/constellation.git
     dest: "{{ project_path }}"
-    umask: '002'
+    umask: "002"
     version: "{{ constellation.version }}"
     recursive: true
 
@@ -91,22 +91,22 @@
 - name: Deploy Constellation settings_local.py
   template:
     src: constellation/settings_local.py.j2
-    dest: "/etc/constellation/settings_local.py"
+    dest: /etc/constellation/settings_local.py
     mode: 0660
     owner: "{{ constellation.settings_local_owner }}"
     group: "{{ constellation.settings_local_group }}"
 
 - name: Symlink configuration file
   file:
-    src: "/etc/constellation/settings_local.py"
+    src: /etc/constellation/settings_local.py
     dest: "{{ module_path }}/settings_local.py"
     state: link
 
 - name: Deploy crontab
   when: constellation.crontab
   template:
-    src: "cron.d/constellation.j2"
-    dest: "/etc/cron.d/constellation"
+    src: cron.d/constellation.j2
+    dest: /etc/cron.d/constellation
     owner: root
     group: root
     mode: 0644
diff --git a/roles/crans-scripts/tasks/main.yml b/roles/crans-scripts/tasks/main.yml
index cd0d0210..5f8a57ae 100644
--- a/roles/crans-scripts/tasks/main.yml
+++ b/roles/crans-scripts/tasks/main.yml
@@ -17,7 +17,6 @@
     state: query
   when: not ansible_check_mode
 
-
 - name: Clone scripts repository
   git:
     repo: "{{ crans_scripts.remote }}"
@@ -25,5 +24,5 @@
     version: "{{ crans_scripts.version }}"
     umask: "002"
   register: git_result
-  changed_when: "git_result.after|default('after') != git_result.before|default('before')"
+  changed_when: git_result.after|default('after') != git_result.before|default('before')
   when: not ansible_check_mode
diff --git a/roles/django-cas/tasks/main.yml b/roles/django-cas/tasks/main.yml
index e065f2d0..f4906c38 100644
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@@ -15,16 +15,16 @@
 
 - name: Clone Django CAS project repository
   git:
-    repo: '{{ django_cas.repo }}'
-    dest: '{{ django_cas.path }}'
+    repo: "{{ django_cas.repo }}"
+    dest: "{{ django_cas.path }}"
     force: true
     version: master
-    umask: '002'
+    umask: "002"
 
 - name: Configure Django CAS
   template:
     src: cas/settings_local.py.j2
-    dest: '{{ django_cas.path }}/cas/settings_local.py'
+    dest: "{{ django_cas.path }}/cas/settings_local.py"
     mode: 0600
     owner: www-data
   notify: Restart uwsgi
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index b9e6d51f..5b1e9c4f 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -3,7 +3,7 @@
   apt:
     update_cache: true
     name:
-      - docker.io  # Warning: Docker package stands for an unrelated project
+      - docker.io # Warning: Docker package stands for an unrelated project
     state: present
   register: apt_result
   retries: 3
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
index 417e5e2e..4330b203 100644
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -14,8 +14,8 @@
 
 - name: Deploy dovecot configuration
   template:
-    src: "dovecot/{{ item }}.j2"
-    dest: "/etc/dovecot/{{ item }}"
+    src: dovecot/{{ item }}.j2
+    dest: /etc/dovecot/{{ item }}
   loop:
     - conf.d/10-auth.conf
     - conf.d/10-logging.conf
diff --git a/roles/etherpad/tasks/main.yml b/roles/etherpad/tasks/main.yml
index 0eb3e172..28497312 100644
--- a/roles/etherpad/tasks/main.yml
+++ b/roles/etherpad/tasks/main.yml
@@ -14,7 +14,7 @@
 - name: Clone EtherPad
   git:
     repo: https://github.com/ether/etherpad-lite.git
-    dest: "/var/www/{{ item.name }}"
+    dest: /var/www/{{ item.name }}
     version: 1.8.4
   loop: "{{ etherpad.instances }}"
   become: true
@@ -24,7 +24,7 @@
 - name: Configure EtherPad
   template:
     src: etherpad/settings.json.j2
-    dest: "/var/www/{{ item.name }}/settings.json"
+    dest: /var/www/{{ item.name }}/settings.json
     owner: etherpad
     group: etherpad
     mode: 0600
@@ -34,7 +34,7 @@
 - name: Install delete_after_delay module
   npm:
     name: ep_delete_after_delay
-    path: "/var/www/{{ item.name }}/node_modules"
+    path: /var/www/{{ item.name }}/node_modules
     state: "{% if item.temporary.enabled is defined and item.temporary.enabled %}present{% else %}absent{% endif %}"
   loop: "{{ etherpad.instances }}"
   become: true
@@ -44,7 +44,7 @@
 - name: Install EtherPad systemd unit
   template:
     src: systemd/system/etherpad-lite.service.j2
-    dest: "/etc/systemd/system/{{ item.name }}.service"
+    dest: /etc/systemd/system/{{ item.name }}.service
   loop: "{{ etherpad.instances }}"
   notify: Restart Etherpad
 
diff --git a/roles/framadate/tasks/main.yml b/roles/framadate/tasks/main.yml
index 75c29264..a01a1e52 100644
--- a/roles/framadate/tasks/main.yml
+++ b/roles/framadate/tasks/main.yml
@@ -10,7 +10,7 @@
       - php-mbstring
       - php-mysql
       - composer
-      - python3-passlib  # Necessary for htpasswd module
+      - python3-passlib # Necessary for htpasswd module
       - python3-pymysql
       - mariadb-server
   register: apt_result
@@ -90,7 +90,7 @@
     login_unix_socket: /var/run/mysqld/mysqld.sock
     name: framadate
     password: "{{ glob_framadate.db_password }}"
-    priv: 'framadate.*:ALL'
+    priv: framadate.*:ALL
     state: present
 
 - name: Indicate role in motd
diff --git a/roles/freeradius/tasks/main.yml b/roles/freeradius/tasks/main.yml
index 4f658796..b33e7cc7 100644
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@@ -25,11 +25,11 @@
 
 - name: Deploy freeradius configuration
   template:
-    src: "freeradius/3.0/{{ item }}.j2"
-    dest: "/etc/freeradius/3.0/{{ item }}"
+    src: freeradius/3.0/{{ item }}.j2
+    dest: /etc/freeradius/3.0/{{ item }}
     owner: freerad
     group: freerad
-    mode: '0640'
+    mode: "0640"
   loop:
     - radiusd.conf
     - clients.conf
@@ -67,7 +67,7 @@
   file:
     path: /etc/letsencrypt/{{ item }}
     group: freerad
-    mode: '0755'
+    mode: "0755"
     recurse: true
   loop:
     - live
diff --git a/roles/ftpsync/tasks/main.yml b/roles/ftpsync/tasks/main.yml
index c6e4e1b4..208cbaa1 100644
--- a/roles/ftpsync/tasks/main.yml
+++ b/roles/ftpsync/tasks/main.yml
@@ -13,7 +13,7 @@
 - name: Add the mirror user
   user:
     name: mirror
-    home: /var/mirror  # unused, should be something empty
+    home: /var/mirror # unused, should be something empty
     shell: /bin/false
 
 - name: Create /etc/ftpsync directory
@@ -24,7 +24,7 @@
     mode: 0755
     state: directory
   loop:
-    - "/etc/ftpsync"
+    - /etc/ftpsync
     - "{{ ftpsync.root }}/.html"
 
 - name: Create root directory
@@ -35,11 +35,10 @@
     mode: 0755
     state: directory
 
-
 - name: Copy ftpsync configurations
   template:
     src: ftpsync.conf.j2
-    dest: "/etc/ftpsync/ftpsync-{{ item.name }}.conf"
+    dest: /etc/ftpsync/ftpsync-{{ item.name }}.conf
   loop: "{{ ftpsync.targets }}"
 
 - name: Configure ftpsync cron
@@ -55,7 +54,7 @@
 
 - name: Copy configuration files
   template:
-    src: "html/{{ item }}.j2"
+    src: html/{{ item }}.j2
     dest: "{{ ftpsync.root }}/.html/{{ item }}"
     mode: 0644
   loop:
diff --git a/roles/galene/tasks/main.yml b/roles/galene/tasks/main.yml
index f74c117b..ee33d0a6 100644
--- a/roles/galene/tasks/main.yml
+++ b/roles/galene/tasks/main.yml
@@ -35,7 +35,7 @@
 
 - name: Build galene
   when: git_result.changed
-  shell: "go build -ldflags='-s -w'"
+  shell: go build -ldflags='-s -w'
   args:
     chdir: /var/local/galene
   environment:
diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml
index d8ed839f..89201e19 100644
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@@ -60,7 +60,7 @@
     - section: auth.anonymous
       option: hide_version
       value: "true"
-    - section: auth.basic  # Only LDAP auth
+    - section: auth.basic # Only LDAP auth
       option: enabled
       value: "false"
     - section: auth.ldap
diff --git a/roles/horde/handlers/main.yml b/roles/horde/handlers/main.yml
index 721ac462..5a2a60a3 100644
--- a/roles/horde/handlers/main.yml
+++ b/roles/horde/handlers/main.yml
@@ -1,5 +1,4 @@
 ---
-
 - name: Restart nginx
   service:
     name: nginx.service
diff --git a/roles/horde/tasks/main.yml b/roles/horde/tasks/main.yml
index efea6f2c..8cb36f53 100644
--- a/roles/horde/tasks/main.yml
+++ b/roles/horde/tasks/main.yml
@@ -3,8 +3,8 @@
 - name: Install horde APT dependencies
   apt:
     update_cache: true
-    name: '{{ item }}'
-  loop:  # Install dependencies in the right order.
+    name: "{{ item }}"
+  loop: # Install dependencies in the right order.
     - nginx
     - php-fpm
     - php-horde-webmail
@@ -16,8 +16,8 @@
 
 - name: Configure horde
   template:
-    src: '{{ item }}.j2'
-    dest: '/etc/{{ item }}'
+    src: "{{ item }}.j2"
+    dest: /etc/{{ item }}
     owner: www-data
     group: www-data
     mode: 0640
@@ -27,8 +27,8 @@
 
 - name: Enable horde plugins
   template:
-    src: 'horde/{{ item }}/conf.php.j2'
-    dest: '/etc/horde/{{ item }}/conf.php'
+    src: horde/{{ item }}/conf.php.j2
+    dest: /etc/horde/{{ item }}/conf.php
     owner: www-data
     group: www-data
     mode: 0640
@@ -44,8 +44,8 @@
 
 - name: Configure nginx site
   template:
-    src: '{{ item }}.j2'
-    dest: '/etc/{{ item }}'
+    src: "{{ item }}.j2"
+    dest: /etc/{{ item }}
     owner: root
     group: root
     mode: 0644
@@ -57,8 +57,8 @@
 
 - name: Enable nginx site
   file:
-    src: '/etc/nginx/sites-available/{{ item }}'
-    dest: '/etc/nginx/sites-enabled/{{ item }}'
+    src: /etc/nginx/sites-available/{{ item }}
+    dest: /etc/nginx/sites-enabled/{{ item }}
     state: link
   loop:
     - webmail
diff --git a/roles/inspircd/tasks/main.yml b/roles/inspircd/tasks/main.yml
index 8cf51fda..5a1a6dd1 100644
--- a/roles/inspircd/tasks/main.yml
+++ b/roles/inspircd/tasks/main.yml
@@ -1,22 +1,22 @@
 ---
 - name: Deploy InspIRCd configuration
   template:
-    src: "inspircd/{{ item.dest }}.j2"
-    dest: "/etc/inspircd/{{ item.dest }}"
+    src: inspircd/{{ item.dest }}.j2
+    dest: /etc/inspircd/{{ item.dest }}
     mode: "{{ item.mode }}"
     owner: irc
     group: irc
   loop:
-    - {dest: inspircd.conf, mode: "0644"}
-    - {dest: links.conf, mode: "0600"}
-    - {dest: power.conf, mode: "0600"}
-    - {dest: opers.conf, mode: "0600"}
-    - {dest: modules.conf, mode: "0600"}
-    - {dest: inspircd.motd, mode: "0644"}
+    - { dest: inspircd.conf, mode: "0644" }
+    - { dest: links.conf, mode: "0600" }
+    - { dest: power.conf, mode: "0600" }
+    - { dest: opers.conf, mode: "0600" }
+    - { dest: modules.conf, mode: "0600" }
+    - { dest: inspircd.motd, mode: "0644" }
   notify: Reload InspIRCd
 
 - name: Deploy certificate refresh CRON
   template:
-    src: "cron.monthly/irc-certs.j2"
-    dest: "/etc/cron.monthly/irc-certs"
+    src: cron.monthly/irc-certs.j2
+    dest: /etc/cron.monthly/irc-certs
     mode: 0755
diff --git a/roles/irker/tasks/main.yml b/roles/irker/tasks/main.yml
index f8c18b18..f0efd019 100644
--- a/roles/irker/tasks/main.yml
+++ b/roles/irker/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
 - name: Pin irker from Debian Bullseye
   template:
-    src: "apt/{{ item }}.j2"
-    dest: "/etc/apt/{{ item }}"
+    src: apt/{{ item }}.j2
+    dest: /etc/apt/{{ item }}
   loop:
     - sources.list.d/bullseye.list
     - preferences.d/irker-bullseye
@@ -13,7 +13,7 @@
 
 - name: Don't pin irker if we are on bullseye
   file:
-    path: "/etc/apt/{{ item }}"
+    path: /etc/apt/{{ item }}
     state: absent
   loop:
     - sources.list.d/bullseye.list
@@ -36,8 +36,8 @@
 - name: Setup Irker parameters
   lineinfile:
     path: /etc/default/irker
-    regexp: "^IRKER_OPTIONS="
-    line: 'IRKER_OPTIONS="-n {{ irker.name }} -d warning"'
+    regexp: ^IRKER_OPTIONS=
+    line: IRKER_OPTIONS="-n {{ irker.name }} -d warning"
     create: true
     owner: root
     group: root
diff --git a/roles/isc-dhcp-server/handlers/main.yml b/roles/isc-dhcp-server/handlers/main.yml
index 1922dc71..f1902c01 100644
--- a/roles/isc-dhcp-server/handlers/main.yml
+++ b/roles/isc-dhcp-server/handlers/main.yml
@@ -1,11 +1,11 @@
 ---
 - name: check isc-dhcp-server
   service_facts:
-  listen: 'restart isc-dhcp-server'
+  listen: restart isc-dhcp-server
 
 - name: restart dhcp server
   systemd:
     name: isc-dhcp-server
     state: restarted
-  listen: 'restart isc-dhcp-server'
+  listen: restart isc-dhcp-server
   when: not ansible_check_mode and ansible_facts.services['isc-dhcp-server']['state'] == 'running'
diff --git a/roles/jitsi/tasks/main.yml b/roles/jitsi/tasks/main.yml
index b2500196..56be2f63 100644
--- a/roles/jitsi/tasks/main.yml
+++ b/roles/jitsi/tasks/main.yml
@@ -13,8 +13,8 @@
 - name: Define host
   lineinfile:
     path: /etc/hosts
-    regexp: "^{{ item }}"
-    line: '{{ item }} {{ jitsi.hostname }}'
+    regexp: ^{{ item }}
+    line: "{{ item }} {{ jitsi.hostname }}"
   loop: "{{ jitsi.ip }}"
 
 - name: Import public key of Jitsi repository
@@ -39,19 +39,19 @@
     - name: jitsi-meet-prosody
       question: jitsi-videobridge/jvb-hostname
       value: "{{ jitsi.hostname }}"
-      vtype: "string"
+      vtype: string
     - name: jitsi-meet-web-config
       question: jitsi-meet/cert-choice
-      value: "I want to use my own certificate"
-      vtype: "select"
+      value: I want to use my own certificate
+      vtype: select
     - name: jitsi-meet-web-config
       question: jitsi-meet/cert-path-crt
-      value: "/etc/letsencrypt/live/{{ certbot[0].certname }}/fullchain.pem"
-      vtype: "string"
+      value: /etc/letsencrypt/live/{{ certbot[0].certname }}/fullchain.pem
+      vtype: string
     - name: jitsi-meet-web-config
       question: jitsi-meet/cert-path-key
-      value: "/etc/letsencrypt/live/{{ certbot[0].certname }}/privkey.pem"
-      vtype: "string"
+      value: /etc/letsencrypt/live/{{ certbot[0].certname }}/privkey.pem
+      vtype: string
 
 - name: Install Jitsi-meet
   apt:
@@ -65,7 +65,7 @@
 
 - name: Apply Jitsi configuration
   lineinfile:
-    path: "/etc/jitsi/meet/{{ jitsi.hostname }}-config.js"
+    path: /etc/jitsi/meet/{{ jitsi.hostname }}-config.js
     regexp: "{{ item }}"
     line: "    {{ item }}: true,"
   loop: "{{ jitsi.configuration }}"
diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml
index cab78c6b..e4806543 100644
--- a/roles/keepalived/handlers/main.yml
+++ b/roles/keepalived/handlers/main.yml
@@ -1,5 +1,4 @@
 ---
-
 - name: Reload keepalived.service
   service:
     name: keepalived.service
diff --git a/roles/ldap-client/handlers/main.yml b/roles/ldap-client/handlers/main.yml
index f0f3111b..5dacb64c 100644
--- a/roles/ldap-client/handlers/main.yml
+++ b/roles/ldap-client/handlers/main.yml
@@ -12,5 +12,5 @@
   service:
     name: nscd
     state: restarted
-  ignore_errors: true  # Sometimes service do not exist
+  ignore_errors: true # Sometimes service do not exist
   listen: Restart nslcd service
diff --git a/roles/linx/tasks/main.yml b/roles/linx/tasks/main.yml
index 6e71dabf..e113dc95 100644
--- a/roles/linx/tasks/main.yml
+++ b/roles/linx/tasks/main.yml
@@ -18,14 +18,14 @@
 
 - name: Deploy configuration file
   template:
-    src: "linx/server.conf.j2"
-    dest: "/etc/linx/server.conf"
+    src: linx/server.conf.j2
+    dest: /etc/linx/server.conf
     mode: 0644
 
 - name: Install linx systemd unit
   template:
-    src: "systemd/system/linx-server.service.j2"
-    dest: "/etc/systemd/system/linx-server.service"
+    src: systemd/system/linx-server.service.j2
+    dest: /etc/systemd/system/linx-server.service
     mode: 0644
   notify: Restart linx-server
 
diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml
index 1a4d4050..1cd2289c 100644
--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@@ -4,9 +4,9 @@
     update_cache: true
     name:
       - mailman3-full
-      - python3-ipython  # Prettier shell
-      - python3-pip  # CAS
-      - python3-lxml  # CAS
+      - python3-ipython # Prettier shell
+      - python3-pip # CAS
+      - python3-lxml # CAS
       - sassc
     install_recommends: false
   register: apt_result
@@ -25,8 +25,8 @@
 # sudo -u postgres createdb -O mailman3 mailman3
 - name: Configure mailman3
   template:
-    src: "mailman3/{{ item }}.j2"
-    dest: "/etc/mailman3/{{ item }}"
+    src: mailman3/{{ item }}.j2
+    dest: /etc/mailman3/{{ item }}
     mode: 0640
     owner: root
     group: list
@@ -83,17 +83,17 @@
   blockinfile:
     path: /usr/lib/python3/dist-packages/mailman/commands/cli_notify.py
     marker: "{mark}"
-    marker_begin: '    # XXX This should be a template.'
-    marker_end: '    msg = OwnerNotification(mlist, subject, text, mlist.administrators)'
-    block: "    text = _(\"\"\"La liste {} a {} requêtes de modération en attente.\n\n{}\n\nVous pouvez gérer ces demandes via votre interface web :\nhttps://{{ mailman3.web_domains[0] }}/postorius/lists/{}/held_messages\n\"\"\").format(mlist.fqdn_listname, count, detail, mlist.fqdn_listname)"
+    marker_begin: "    # XXX This should be a template."
+    marker_end: "    msg = OwnerNotification(mlist, subject, text, mlist.administrators)"
+    block: "    text = _(\"\"\"La liste {} a {} requêtes de modération en attente.\n\n{}\n\nVous pouvez gérer ces demandes via votre interface web :\nhttps://{{ mailman3.web_domains[0]\
+      \ }}/postorius/lists/{}/held_messages\n\"\"\").format(mlist.fqdn_listname, count, detail, mlist.fqdn_listname)"
 
 - name: Send owner notifications from listname-bounces@domain
   lineinfile:
     path: /usr/lib/python3/dist-packages/mailman/email/message.py
-    regexp: '        sender ='
+    regexp: "        sender ="
     line: '        sender = f"{mlist.list_name}-bounces@{mlist.domain.mail_host}"'
 
-
 # When notifying moderators of a new incoming message, add link to moderation page
 - name: Patch moderation requests messages
   template:
diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml
index 83a6d6ef..6ba08617 100644
--- a/roles/matrix-synapse/tasks/main.yml
+++ b/roles/matrix-synapse/tasks/main.yml
@@ -15,8 +15,8 @@
 
 - name: Configure matrix-synapse
   template:
-    src: "matrix-synapse/conf.d/{{ item }}.j2"
-    dest: "/etc/matrix-synapse/conf.d/{{ item }}"
+    src: matrix-synapse/conf.d/{{ item }}.j2
+    dest: /etc/matrix-synapse/conf.d/{{ item }}
     mode: 0640
     owner: matrix-synapse
     group: nogroup
diff --git a/roles/moinmoin-gendoc/tasks/main.yml b/roles/moinmoin-gendoc/tasks/main.yml
index 9babb992..c66ad943 100644
--- a/roles/moinmoin-gendoc/tasks/main.yml
+++ b/roles/moinmoin-gendoc/tasks/main.yml
@@ -9,12 +9,11 @@
 
 - name: get dmidecode facts
   dmidecode_facts: {}
-
 - name: get ssh fingerprints
   sshfp: {}
   register: sshfp
 
-- name: "Create wiki page documenting {{ ansible_hostname }} (physical)"
+- name: Create wiki page documenting {{ ansible_hostname }} (physical)
   when: ansible_system_vendor != 'QEMU'
   moinmoin_page:
     url: "{{ moinmoin_base_url }}/Serveur{{ ansible_hostname|title|replace('-', '') }}/CaracteristiquesTechniques"
@@ -25,7 +24,7 @@
   connection: local
   become: false
 
-- name: "Create wiki page documenting {{ ansible_hostname }} (virtual)"
+- name: Create wiki page documenting {{ ansible_hostname }} (virtual)
   when: ansible_system_vendor == 'QEMU'
   moinmoin_page:
     url: "{{ moinmoin_base_url }}/Virtuels/Serveur{{ ansible_hostname|title|replace('-', '') }}/CaracteristiquesTechniques"
diff --git a/roles/moinmoin/tasks/main.yml b/roles/moinmoin/tasks/main.yml
index 89598514..a8af6671 100644
--- a/roles/moinmoin/tasks/main.yml
+++ b/roles/moinmoin/tasks/main.yml
@@ -5,7 +5,7 @@
     name:
       - python-lxml
       - python-moinmoin
-      - python-markdown  # markdown parser
+      - python-markdown # markdown parser
       - python-netaddr
       - uwsgi
       - uwsgi-plugin-python
diff --git a/roles/mtail/tasks/main.yml b/roles/mtail/tasks/main.yml
index c4d673cc..399d2664 100644
--- a/roles/mtail/tasks/main.yml
+++ b/roles/mtail/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
 - name: Pin mtail
   template:
-    src: "apt/{{ item }}.j2"
-    dest: "/etc/apt/{{ item }}"
+    src: apt/{{ item }}.j2
+    dest: /etc/apt/{{ item }}
   loop:
     - sources.list.d/bullseye.list
     - preferences.d/mtail-bullseye
@@ -27,15 +27,15 @@
 
 - name: Copy mtail configurations
   template:
-    src: "mtail/{{ item }}.j2"
-    dest: "/etc/mtail/{{ item }}"
+    src: mtail/{{ item }}.j2
+    dest: /etc/mtail/{{ item }}
     mode: 0644
   loop: "{{ mtail.config }}"
   notify: Restart mtail
 
 - name: Drop unusued configuration
   file:
-    path: "/etc/mtail/{{ item }}"
+    path: /etc/mtail/{{ item }}
     state: absent
   loop: "{{ mtail.remove }}"
   notify: Restart mtail
diff --git a/roles/network-interfaces/tasks/main.yml b/roles/network-interfaces/tasks/main.yml
index ec282137..ac71ba7c 100644
--- a/roles/network-interfaces/tasks/main.yml
+++ b/roles/network-interfaces/tasks/main.yml
@@ -21,8 +21,8 @@
 
 - name: Deploy interfaces config
   template:
-    src: "network/interfaces.d/ifalias.j2"
-    dest: "/etc/network/interfaces.d/{{ '%02d' | format(item.id) }}-{{ item.name | replace('_', '-') }}"
+    src: network/interfaces.d/ifalias.j2
+    dest: /etc/network/interfaces.d/{{ '%02d' | format(item.id) }}-{{ item.name | replace('_', '-') }}
     mode: 0644
   when: item.name in interfaces
   loop: "{{ network_interfaces.vlan }}"
diff --git a/roles/nfs-mount/tasks/main.yml b/roles/nfs-mount/tasks/main.yml
index 5c346d79..a07a920b 100644
--- a/roles/nfs-mount/tasks/main.yml
+++ b/roles/nfs-mount/tasks/main.yml
@@ -21,7 +21,7 @@
 - name: Deploy nfs systemd mount
   template:
     src: systemd/system/nfs.mount.j2
-    dest: "/etc/systemd/system/{{ item.name }}.mount"
+    dest: /etc/systemd/system/{{ item.name }}.mount
     mode: 0644
   loop: "{{ nfs_mount.mounts }}"
 
diff --git a/roles/nftables/tasks/main.yml b/roles/nftables/tasks/main.yml
index 4abb5233..0bdc6f5d 100644
--- a/roles/nftables/tasks/main.yml
+++ b/roles/nftables/tasks/main.yml
@@ -11,9 +11,9 @@
 - name: Deploy the configuration files
   template:
     src: "{{ item }}"
-    dest: "/etc/unbound/{{ item }}"
-    owner: "unbound"
-    group: "unbound"
+    dest: /etc/unbound/{{ item }}
+    owner: unbound
+    group: unbound
     mode: 0600
   loop:
     - unbound.conf
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index c43f3a33..5b51da86 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -9,16 +9,16 @@
 
 - name: Copy proxypass snippets
   template:
-    src: "nginx/snippets/options-proxypass.conf.j2"
-    dest: "/etc/nginx/snippets/options-proxypass.conf"
+    src: nginx/snippets/options-proxypass.conf.j2
+    dest: /etc/nginx/snippets/options-proxypass.conf
     owner: root
     group: root
     mode: 0644
 
 - name: Copy SSL snippets
   template:
-    src: "nginx/snippets/options-ssl.conf.j2"
-    dest: "/etc/nginx/snippets/options-ssl.{{ item.name }}.conf"
+    src: nginx/snippets/options-ssl.conf.j2
+    dest: /etc/nginx/snippets/options-ssl.{{ item.name }}.conf
     owner: root
     group: root
     mode: 0644
@@ -26,14 +26,14 @@
 
 - name: Disable default site
   file:
-    dest: "/etc/nginx/sites-enabled/default"
+    dest: /etc/nginx/sites-enabled/default
     state: absent
 
 - name: Copy reverse proxy sites
   when: reverseproxy is defined
   template:
-    src: "nginx/sites-available/{{ item }}.j2"
-    dest: "/etc/nginx/sites-available/{{ item }}"
+    src: nginx/sites-available/{{ item }}.j2
+    dest: /etc/nginx/sites-available/{{ item }}
     owner: root
     group: root
     mode: 0644
@@ -46,8 +46,8 @@
 - name: Activate reverse proxy sites
   when: reverseproxy is defined
   file:
-    src: "/etc/nginx/sites-available/{{ item }}"
-    dest: "/etc/nginx/sites-enabled/{{ item }}"
+    src: /etc/nginx/sites-available/{{ item }}
+    dest: /etc/nginx/sites-enabled/{{ item }}
     owner: root
     group: root
     state: link
@@ -61,8 +61,8 @@
 - name: Copy service nginx configuration
   when: nginx.servers is defined and nginx.servers|length > 0
   template:
-    src: "nginx/sites-available/service.j2"
-    dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
+    src: nginx/sites-available/service.j2
+    dest: /etc/nginx/sites-available/{{ nginx.service_name }}
     owner: root
     group: root
     mode: 0644
@@ -71,8 +71,8 @@
 - name: Activate local nginx service site
   when: nginx.servers is defined and nginx.servers|length > 0
   file:
-    src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
-    dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
+    src: /etc/nginx/sites-available/{{ nginx.service_name }}
+    dest: /etc/nginx/sites-enabled/{{ nginx.service_name }}
     owner: root
     group: root
     state: link
@@ -123,6 +123,6 @@
     path: "{{ item }}"
     state: absent
   loop:
-    - "/etc/nginx/snippets/options-ssl.conf"
-    - "/var/www/custom_401.html"
-    - "/var/www/robots.txt"
+    - /etc/nginx/snippets/options-ssl.conf
+    - /var/www/custom_401.html
+    - /var/www/robots.txt
diff --git a/roles/ntp-server/tasks/main.yml b/roles/ntp-server/tasks/main.yml
index d0542d90..3be6a719 100644
--- a/roles/ntp-server/tasks/main.yml
+++ b/roles/ntp-server/tasks/main.yml
@@ -10,7 +10,7 @@
 - name: Configure NTP daemon
   lineinfile:
     path: /etc/default/ntp
-    regexp: '^NTPD_OPTS'
+    regexp: ^NTPD_OPTS
     line: NTPD_OPTS='-g -x'
   check_mode: false
 
diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml
index 0278c4ef..a439e8be 100644
--- a/roles/opendkim/tasks/main.yml
+++ b/roles/opendkim/tasks/main.yml
@@ -11,7 +11,7 @@
 
 - name: Ensure opendkim directories are here
   file:
-    path: "/etc/opendkim/keys/{{ opendkim.domain }}"
+    path: /etc/opendkim/keys/{{ opendkim.domain }}
     state: directory
     mode: 0750
     owner: opendkim
@@ -40,11 +40,11 @@
 
 - name: Deploy opendkim key
   template:
-    src: "opendkim/keys/key.{{ item }}.j2"
-    dest: "/etc/opendkim/keys/{{ opendkim.domain }}/{{ opendkim.selector }}.{{ item }}"
+    src: opendkim/keys/key.{{ item }}.j2
+    dest: /etc/opendkim/keys/{{ opendkim.domain }}/{{ opendkim.selector }}.{{ item }}
     mode: 0600
     owner: opendkim
     group: opendkim
   loop:
-    - "private"
-    - "txt"
+    - private
+    - txt
diff --git a/roles/openssh/tasks/main.yml b/roles/openssh/tasks/main.yml
index 398c3264..b2e5efe2 100644
--- a/roles/openssh/tasks/main.yml
+++ b/roles/openssh/tasks/main.yml
@@ -3,7 +3,7 @@
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: ^#?PermitRootLogin
-    line: "PermitRootLogin yes"
+    line: PermitRootLogin yes
     state: present
   notify: Restart sshd service
 
diff --git a/roles/owncloud-autofs/tasks/main.yml b/roles/owncloud-autofs/tasks/main.yml
index e8acd1aa..a290439d 100644
--- a/roles/owncloud-autofs/tasks/main.yml
+++ b/roles/owncloud-autofs/tasks/main.yml
@@ -12,7 +12,7 @@
 - name: Configure autofs deamon
   template:
     src: "{{ item }}.j2"
-    dest: "/etc/{{ item }}"
+    dest: /etc/{{ item }}
     mode: 0644
   loop:
     - default/autofs
@@ -21,12 +21,12 @@
 
 - name: Configure home-adh autofs
   template:
-    src: "auto.master.d/{{ item.0 }}.j2"
-    dest: "/etc/auto.master.d/{{ item.0 }}"
+    src: auto.master.d/{{ item.0 }}.j2
+    dest: /etc/auto.master.d/{{ item.0 }}
     mode: "{{ item.1 }}"
   loop:
-    - ["home-owncloud.autofs", "0600"]
-    - ["home-owncloud.sh", "0700"]
+    - [home-owncloud.autofs, "0600"]
+    - [home-owncloud.sh, "0700"]
   notify: Restart autofs service
 
 - name: Create /home-owncloud/ directory
diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml
index 1bcd6a7e..f0610010 100644
--- a/roles/owncloud/tasks/main.yml
+++ b/roles/owncloud/tasks/main.yml
@@ -1,5 +1,4 @@
 ---
-
 - name: Install gpg
   apt:
     update_cache: true
@@ -22,7 +21,7 @@
 # Add the repository into source list
 - name: Configure owncloud repository
   apt_repository:
-    repo: "deb http://download.opensuse.org/repositories/isv:/ownCloud:/server:/10/Debian_11/ /"
+    repo: deb http://download.opensuse.org/repositories/isv:/ownCloud:/server:/10/Debian_11/ /
     state: present
 
 - name: Install OwnCloud
diff --git a/roles/policyd/tasks/main.yml b/roles/policyd/tasks/main.yml
index b2330d1e..1ea44d29 100644
--- a/roles/policyd/tasks/main.yml
+++ b/roles/policyd/tasks/main.yml
@@ -18,8 +18,8 @@
     dest: "{{ item.dest }}"
     chmod: 0640
   loop:
-    - {src: policyd/policyd-rate-limit.yaml.j2, dest: /etc/policyd-rate-limit.yaml}
-    - {src: policyd/policyd.py.j2, dest: /usr/lib/python3/dist-packages/policyd_rate_limit}
+    - { src: policyd/policyd-rate-limit.yaml.j2, dest: /etc/policyd-rate-limit.yaml }
+    - { src: policyd/policyd.py.j2, dest: /usr/lib/python3/dist-packages/policyd_rate_limit }
   when: postfix.primary
 
 - name: Indicate role in motd
diff --git a/roles/postfix-mailman3/tasks/main.yml b/roles/postfix-mailman3/tasks/main.yml
index a4e9b264..c81fd026 100644
--- a/roles/postfix-mailman3/tasks/main.yml
+++ b/roles/postfix-mailman3/tasks/main.yml
@@ -10,8 +10,8 @@
 
 - name: Deploy postfix configuration
   template:
-    src: "postfix/{{ item }}.j2"
-    dest: "/etc/postfix/{{ item }}"
+    src: postfix/{{ item }}.j2
+    dest: /etc/postfix/{{ item }}
     mode: 0644
     owner: root
     group: root
diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml
index eea13c0c..43610a31 100644
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Set postgresql installation directory
   set_fact:
-    postgres_dir: '/etc/postgresql/{{ postgres.version }}/main'
+    postgres_dir: /etc/postgresql/{{ postgres.version }}/main
 
 - name: Install postgresql
   apt:
@@ -14,7 +14,7 @@
 
 - name: Ensure main postgresql directory exists
   file:
-    path: '{{ postgres_dir }}'
+    path: "{{ postgres_dir }}"
     state: directory
     owner: postgres
     group: postgres
@@ -22,7 +22,7 @@
 
 - name: Ensure configuration directory exists
   file:
-    path: '{{ postgres_dir }}/conf.d'
+    path: "{{ postgres_dir }}/conf.d"
     state: directory
     owner: postgres
     group: postgres
@@ -31,7 +31,7 @@
 - name: Configuration of postgresql {{ postgres.version }}
   template:
     src: postgresql/postgresql.conf.j2
-    dest: '{{ postgres_dir }}/postgresql.conf'
+    dest: "{{ postgres_dir }}/postgresql.conf"
     mode: 0640
     owner: postgres
     group: postgres
@@ -40,8 +40,8 @@
 
 - name: Master of configuration of postgresql {{ postgres.version }}
   template:
-    src: 'postgresql/{{ item }}.j2'
-    dest: '{{ postgres_dir }}/{{ item }}'
+    src: postgresql/{{ item }}.j2
+    dest: "{{ postgres_dir }}/{{ item }}"
     mode: 0640
     owner: postgres
     group: postgres
@@ -50,7 +50,7 @@
     - pg_ident.conf
   notify:
     - reload postgresql
-  when: 'not(postgres.replica | default(False))'
+  when: not(postgres.replica | default(False))
 
 - name: Create backup directory
   file:
diff --git a/roles/printer/tasks/main.yml b/roles/printer/tasks/main.yml
index 44579ea1..0ad5f692 100644
--- a/roles/printer/tasks/main.yml
+++ b/roles/printer/tasks/main.yml
@@ -4,10 +4,10 @@
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
   loop:
-    - src: "apt/sources.list.d/bullseye-backports.list.j2"
-      dest: "/etc/apt/sources.list.d/bullseye-backports.list"
-    - src: "apt/preferences.d/django-backports.j2"
-      dest: "/etc/apt/preferences.d/django-backports"
+    - src: apt/sources.list.d/bullseye-backports.list.j2
+      dest: /etc/apt/sources.list.d/bullseye-backports.list
+    - src: apt/preferences.d/django-backports.j2
+      dest: /etc/apt/preferences.d/django-backports
 
 - name: Install printer dependencies
   apt:
@@ -42,15 +42,15 @@
 
 - name: Create django-printer configuration directory
   file:
-    path: "/etc/django-printer"
+    path: /etc/django-printer
     state: directory
-    mode: '2775'
+    mode: "2775"
     owner: "{{ printer.owner }}"
     group: "{{ printer.group }}"
 
 - name: Set ACL for printer directory
   acl:
-    path: "/etc/django-printer"
+    path: /etc/django-printer
     default: true
     entity: _nounou
     etype: group
@@ -60,34 +60,34 @@
 
 - name: Clone printer repository
   git:
-    repo: 'https://gitlab.adm.crans.org/nounous/django-printer.git'
-    dest: "/var/local/django-printer"
-    umask: '002'
+    repo: https://gitlab.adm.crans.org/nounous/django-printer.git
+    dest: /var/local/django-printer
+    umask: "002"
     version: "{{ printer.version }}"
     recursive: true
 
 - name: Set owner of cloned project
   file:
-    path: "/var/local/django-printer"
+    path: /var/local/django-printer
     owner: "{{ printer.owner }}"
     group: "{{ printer.group }}"
     recurse: true
 
 - name: Set manage.py executable
   file:
-    path: "/var/local/django-printer/manage.py"
+    path: /var/local/django-printer/manage.py
     mode: 0755
 
 - name: Deploy local settings
   template:
     src: django-printer/settings_local.py.j2
-    dest: "/etc/django-printer/settings_local.py"
+    dest: /etc/django-printer/settings_local.py
     mode: 0660
 
 - name: Symlink configuration file
   file:
-    src: "/etc/django-printer/settings_local.py"
-    dest: "/var/local/django-printer/printer/settings_local.py"
+    src: /etc/django-printer/settings_local.py
+    dest: /var/local/django-printer/printer/settings_local.py
     state: link
   ignore_errors: "{{ ansible_check_mode }}"
 
@@ -95,21 +95,21 @@
 - name: Make Django migrations
   django_manage:
     command: makemigrations
-    project_path: "/var/local/django-printer"
+    project_path: /var/local/django-printer
   notify: Restart uWSGI
 
 - name: Migrate database
   django_manage:
     command: migrate
-    project_path: "/var/local/django-printer"
+    project_path: /var/local/django-printer
   notify: Restart uWSGI
 
 - name: Create static files directory
   file:
-    path: "/var/lib/django-printer/{{ item }}"
+    path: /var/lib/django-printer/{{ item }}
     state: directory
-    mode: '2775'
-    owner: "www-data"
+    mode: "2775"
+    owner: www-data
     group: "{{ printer.group }}"
     recurse: true
   loop:
@@ -119,18 +119,18 @@
 - name: Collect static files
   django_manage:
     command: collectstatic
-    project_path: "/var/local/django-printer"
+    project_path: /var/local/django-printer
   notify: Restart uWSGI
 
 - name: Compile messages
   django_manage:
     command: compilemessages
-    project_path: "/var/local/django-printer"
+    project_path: /var/local/django-printer
 
 - name: Copy uWSGI app
   template:
-    src: "uwsgi/apps-available/django-printer.ini.j2"
-    dest: "/etc/uwsgi/apps-available/django-printer.ini"
+    src: uwsgi/apps-available/django-printer.ini.j2
+    dest: /etc/uwsgi/apps-available/django-printer.ini
     owner: root
     group: root
     mode: 0644
@@ -138,15 +138,14 @@
 
 - name: Activate uWSGI app
   file:
-    src: "../apps-available/django-printer.ini"
-    dest: "/etc/uwsgi/apps-enabled/django-printer.ini"
+    src: ../apps-available/django-printer.ini
+    dest: /etc/uwsgi/apps-enabled/django-printer.ini
     owner: root
     group: root
     state: link
   ignore_errors: "{{ ansible_check_mode }}"
   notify: Restart uWSGI
 
-
 - name: Create documentation directory with good permissions
   file:
     path: /var/www/django-printer-doc
@@ -156,7 +155,7 @@
     mode: u=rwx,g=rwxs,o=rx
 
 - name: Build HTML documentation
-  command: "sphinx-build -b dirhtml /var/local/django-printer/docs/ /var/www/django-printer-doc/"
+  command: sphinx-build -b dirhtml /var/local/django-printer/docs/ /var/www/django-printer-doc/
   become_user: www-data
 
 - name: Indicate module in motd
diff --git a/roles/prometheus-blackbox-exporter/tasks/main.yml b/roles/prometheus-blackbox-exporter/tasks/main.yml
index 8e9915c6..025d1cbb 100644
--- a/roles/prometheus-blackbox-exporter/tasks/main.yml
+++ b/roles/prometheus-blackbox-exporter/tasks/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: Configure the exporter to allow pings
   debconf:
-    name: "prometheus-blackbox-exporter"
-    question: "prometheus-blackbox-exporter/want_cap_net_raw"
+    name: prometheus-blackbox-exporter
+    question: prometheus-blackbox-exporter/want_cap_net_raw
     value: "true"
-    vtype: "boolean"
+    vtype: boolean
   notify: Restart prometheus-blackbox-exporter
 
 - name: Install Prometheus Blackbox exporter
@@ -18,7 +18,7 @@
 - name: Make Prometheus Blackbox exporter listen on localhost only
   lineinfile:
     path: /etc/default/prometheus-blackbox-exporter
-    regexp: '^ARGS='
+    regexp: ^ARGS=
     line: >
       ARGS='--config.file /etc/prometheus/blackbox.yml
       --web.listen-address="localhost:9115"'
diff --git a/roles/prometheus-nginx-exporter/tasks/main.yml b/roles/prometheus-nginx-exporter/tasks/main.yml
index c9558b58..22d9db64 100644
--- a/roles/prometheus-nginx-exporter/tasks/main.yml
+++ b/roles/prometheus-nginx-exporter/tasks/main.yml
@@ -3,7 +3,7 @@
   apt:
     update_cache: true
     name:
-      - nginx  # Nginx may be not already installed
+      - nginx # Nginx may be not already installed
       - prometheus-nginx-exporter
   register: apt_result
   retries: 3
@@ -12,7 +12,7 @@
 - name: Make prometheus-nginx-exporter listen on adm only
   lineinfile:
     path: /etc/default/prometheus-nginx-exporter
-    regexp: '^ARGS='
+    regexp: ^ARGS=
     line: |
       ARGS="-web.listen-address={{ prometheus_nginx_exporter.listen_addr }}:9117 -nginx.scrape-uri=http://[::1]:6424/stub_status"
   notify:
diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml
index f2752d2a..5f44f637 100644
--- a/roles/prometheus-node-exporter/tasks/main.yml
+++ b/roles/prometheus-node-exporter/tasks/main.yml
@@ -3,7 +3,7 @@
   apt:
     update_cache: true
     name: prometheus-node-exporter
-    install_recommends: false  # Do not install smartmontools
+    install_recommends: false # Do not install smartmontools
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -22,7 +22,7 @@
 - name: Make Prometheus node-exporter listen on adm only
   lineinfile:
     path: /etc/default/prometheus-node-exporter
-    regexp: '^ARGS='
+    regexp: ^ARGS=
     line: |
       ARGS="--web.listen-address={{ prometheus_node_exporter.listen_addr }}:9100"
   tags: restart-node-exporter
diff --git a/roles/prometheus-snmp-exporter/tasks/main.yml b/roles/prometheus-snmp-exporter/tasks/main.yml
index 74671baf..3178d709 100644
--- a/roles/prometheus-snmp-exporter/tasks/main.yml
+++ b/roles/prometheus-snmp-exporter/tasks/main.yml
@@ -10,15 +10,15 @@
 - name: Make Prometheus SNMP exporter listen on localhost only
   lineinfile:
     path: /etc/default/prometheus-snmp-exporter
-    regexp: '^ARGS='
-    line: "ARGS=\"--web.listen-address={{ snmp_exporter.listen_address }}\""
+    regexp: ^ARGS=
+    line: ARGS="--web.listen-address={{ snmp_exporter.listen_address }}"
   notify: Restart prometheus-snmp-exporter
 
 # This file store SNMP OIDs
 - name: Configure Prometheus SNMP exporter
   template:
-    src: "prometheus/snmp.yml.j2"
-    dest: "/etc/prometheus/snmp.yml"
+    src: prometheus/snmp.yml.j2
+    dest: /etc/prometheus/snmp.yml
     mode: 0600
     owner: prometheus
   notify: Restart prometheus-snmp-exporter
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 2a9f54fe..3e62cf9f 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -25,7 +25,7 @@
 - name: Configure Prometheus targets
   copy:
     content: "{{ [{'targets': item.value.targets}] | to_nice_json }}\n"
-    dest: "/etc/prometheus/{{ item.value.file }}"
+    dest: /etc/prometheus/{{ item.value.file }}
     mode: 0644
   loop: "{{ prometheus | dict2items }}"
 
diff --git a/roles/proxmox-debian-images/tasks/main.yml b/roles/proxmox-debian-images/tasks/main.yml
index 52c74c15..d96e23d5 100644
--- a/roles/proxmox-debian-images/tasks/main.yml
+++ b/roles/proxmox-debian-images/tasks/main.yml
@@ -22,7 +22,7 @@
 
 - name: Create specific directory for extra images (Arch Linux, Ubuntu)
   file:
-    path: "/var/lib/vz/template/iso/{{ item }}"
+    path: /var/lib/vz/template/iso/{{ item }}
     owner: root
     group: root
     mode: 0755
@@ -33,6 +33,8 @@
   when: debian_images.include_extra_images
 
 - name: Initial synchronization to download Debian images
-  shell: "rsync --verbose --dirs --compress --times --update --delete-after --delete-excluded --include 'debian-[0-9]*-amd64-netinst.iso' --exclude '*' rsync://{{ debian_images.rsync_host }}/{{ debian_images.rsync_module }}/cdimage-debian/release/current/amd64/iso-cd/ /var/lib/vz/template/iso/debian/ && find /var/lib/vz/template/iso/debian -type f -iregex '.*/debian-[0-9.]*-amd64-netinst.iso' -exec ln -sf {} /var/lib/vz/template/iso/debian-stable-amd64-netinst.iso \\;"
+  shell: rsync --verbose --dirs --compress --times --update --delete-after --delete-excluded --include 'debian-[0-9]*-amd64-netinst.iso' --exclude '*' rsync://{{
+    debian_images.rsync_host }}/{{ debian_images.rsync_module }}/cdimage-debian/release/current/amd64/iso-cd/ /var/lib/vz/template/iso/debian/ && find /var/lib/vz/template/iso/debian
+    -type f -iregex '.*/debian-[0-9.]*-amd64-netinst.iso' -exec ln -sf {} /var/lib/vz/template/iso/debian-stable-amd64-netinst.iso \;
   register: rsync_output
   changed_when: '"debian" in rsync_output.stdout'
diff --git a/roles/re2o-front/tasks/main.yml b/roles/re2o-front/tasks/main.yml
index 9da356f8..f74fbe8b 100644
--- a/roles/re2o-front/tasks/main.yml
+++ b/roles/re2o-front/tasks/main.yml
@@ -23,12 +23,12 @@
 
 - name: Copy re2o uWSGI app
   template:
-    src: "uwsgi/apps-available/re2o.ini.j2"
-    dest: "/etc/uwsgi/apps-available/re2o.ini"
+    src: uwsgi/apps-available/re2o.ini.j2
+    dest: /etc/uwsgi/apps-available/re2o.ini
 
 - name: Activate re2o uWSGI app
   file:
-    src: "../apps-available/re2o.ini"
-    dest: "/etc/uwsgi/apps-enabled/re2o.ini"
+    src: ../apps-available/re2o.ini
+    dest: /etc/uwsgi/apps-enabled/re2o.ini
     state: link
   notify: Reload uWSGI
diff --git a/roles/re2o-ldap/tasks/main.yml b/roles/re2o-ldap/tasks/main.yml
index 485cf7ff..7e5fd604 100644
--- a/roles/re2o-ldap/tasks/main.yml
+++ b/roles/re2o-ldap/tasks/main.yml
@@ -31,7 +31,7 @@
 - name: Delete old slapd configuration and data
   when: not installation.stat.exists
   file:
-    path: '{{ item }}'
+    path: "{{ item }}"
     state: absent
   loop:
     - /etc/ldap/slapd.d
@@ -39,7 +39,7 @@
 
 - name: Create slapd configuration and data directory
   file:
-    path: '{{ item }}'
+    path: "{{ item }}"
     state: directory
     owner: openldap
     group: openldap
@@ -50,8 +50,8 @@
 
 - name: Copy ldif files
   template:
-    src: 'ldap/{{ item }}.ldif.j2'
-    dest: '/var/lib/slapd/{{ item }}.ldif'
+    src: ldap/{{ item }}.ldif.j2
+    dest: /var/lib/slapd/{{ item }}.ldif
     owner: openldap
     group: openldap
     mode: 0600
@@ -83,8 +83,8 @@
 # LDAPS configuration
 - name: Copy TLS certificate
   template:
-    src: "ldap/{{ item }}.j2"
-    dest: "/etc/ldap/{{ item }}"
+    src: ldap/{{ item }}.j2
+    dest: /etc/ldap/{{ item }}
     owner: openldap
     group: openldap
     mode: 0600
@@ -95,8 +95,8 @@
 - name: Enable LDAPS
   lineinfile:
     path: /etc/default/slapd
-    regexp: '^SLAPD_SERVICES='
-    line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
+    regexp: ^SLAPD_SERVICES=
+    line: SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
   notify: Restart slapd
   when: not ansible_check_mode
 
diff --git a/roles/re2o/tasks/main.yml b/roles/re2o/tasks/main.yml
index d84fb9e5..d35df15a 100644
--- a/roles/re2o/tasks/main.yml
+++ b/roles/re2o/tasks/main.yml
@@ -36,7 +36,7 @@
   file:
     path: /var/www/re2o
     state: directory
-    mode: '2775'
+    mode: "2775"
     owner: "{{ re2o.owner }}"
     group: "{{ re2o.group }}"
 
@@ -51,9 +51,9 @@
 
 - name: Clone re2o repository
   git:
-    repo: 'http://gitlab.adm.crans.org/nounous/re2o.git'
+    repo: http://gitlab.adm.crans.org/nounous/re2o.git
     dest: /var/www/re2o
-    umask: '002'
+    umask: "002"
     version: "{{ re2o.version }}"
 
 - name: Set owner of cloned project
diff --git a/roles/root-config/tasks/main.yml b/roles/root-config/tasks/main.yml
index 97ebfabd..4631e40d 100644
--- a/roles/root-config/tasks/main.yml
+++ b/roles/root-config/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
 - name: Create or rewrite .nanorc for root
   template:
-    src: '{{ item.src }}.j2'
-    dest: '/root/{{ item.dest }}'
+    src: "{{ item.src }}.j2"
+    dest: /root/{{ item.dest }}
   loop:
     - src: nanorc
       dest: .nanorc
diff --git a/roles/root/tasks/main.yml b/roles/root/tasks/main.yml
index 721309f3..be3a7d78 100644
--- a/roles/root/tasks/main.yml
+++ b/roles/root/tasks/main.yml
@@ -2,5 +2,5 @@
 - name: Deploys root password hash
   replace:
     path: /etc/shadow
-    regexp: '^root:[^:]*:'
-    replace: 'root:{{ root.passwd_hash }}:'
+    regexp: "^root:[^:]*:"
+    replace: "root:{{ root.passwd_hash }}:"
diff --git a/roles/roundcube/tasks/main.yml b/roles/roundcube/tasks/main.yml
index a67f90b8..071aa58e 100644
--- a/roles/roundcube/tasks/main.yml
+++ b/roles/roundcube/tasks/main.yml
@@ -18,8 +18,8 @@
 
 - name: Configure Roundcube
   template:
-    src: "roundcube/{{ item }}.j2"
-    dest: "/etc/roundcube/{{ item }}"
+    src: roundcube/{{ item }}.j2
+    dest: /etc/roundcube/{{ item }}
     owner: root
     group: www-data
     mode: 0640
@@ -30,23 +30,23 @@
 - name: Clone custom plugins
   git:
     repo: "{{ item.repo }}"
-    dest: "/etc/roundcube/plugins/{{ item.name }}"
+    dest: /etc/roundcube/plugins/{{ item.name }}
     version: "{{ item.version }}"
   loop: "{{ roundcube.plugins }}"
   when: item.repo is defined
 
 - name: Symlink custom plugins (1)
   file:
-    src: "/usr/share/roundcube/plugins/{{ item.name }}"
-    dest: "/var/lib/roundcube/plugins/{{ item.name }}"
+    src: /usr/share/roundcube/plugins/{{ item.name }}
+    dest: /var/lib/roundcube/plugins/{{ item.name }}
     state: link
   loop: "{{ roundcube.plugins }}"
   when: item.repo is defined
 
 - name: Symlink custom plugins (2)
   file:
-    src: "/etc/roundcube/plugins/{{ item.name }}"
-    dest: "/usr/share/roundcube/plugins/{{ item.name }}"
+    src: /etc/roundcube/plugins/{{ item.name }}
+    dest: /usr/share/roundcube/plugins/{{ item.name }}
     state: link
   loop: "{{ roundcube.plugins }}"
   when: item.repo is defined
diff --git a/roles/rsync-mirror/tasks/main.yml b/roles/rsync-mirror/tasks/main.yml
index 45a1f57d..8357bf65 100644
--- a/roles/rsync-mirror/tasks/main.yml
+++ b/roles/rsync-mirror/tasks/main.yml
@@ -3,7 +3,7 @@
 - name: Add the mirror user
   user:
     name: mirror
-    home: /var/mirror  # unused, should be something empty
+    home: /var/mirror # unused, should be something empty
     shell: /bin/false
 
 - name: Create root directory
diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml
index 591a8f50..e805149d 100644
--- a/roles/rsyncd/tasks/main.yml
+++ b/roles/rsyncd/tasks/main.yml
@@ -10,7 +10,7 @@
 - name: Enable rsync daemon
   lineinfile:
     path: /etc/default/rsync
-    regexp: '^RSYNC_ENABLE'
+    regexp: ^RSYNC_ENABLE
     line: RSYNC_ENABLE=true
 
 - name: Configure rsyncd
diff --git a/roles/rsyslog-client/tasks/main.yml b/roles/rsyslog-client/tasks/main.yml
index e6e960b8..121e2ab1 100644
--- a/roles/rsyslog-client/tasks/main.yml
+++ b/roles/rsyslog-client/tasks/main.yml
@@ -13,7 +13,7 @@
   file:
     path: /var/log/spool
     state: directory
-    mode: '0750'
+    mode: "0750"
     owner: root
     group: root
 
diff --git a/roles/rsyslog-server/handlers/main.yml b/roles/rsyslog-server/handlers/main.yml
index 3251903d..6500301b 100644
--- a/roles/rsyslog-server/handlers/main.yml
+++ b/roles/rsyslog-server/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart rsyslog
   service:
-     name: rsyslog
-     state: restarted
+    name: rsyslog
+    state: restarted
diff --git a/roles/rsyslog-server/tasks/main.yml b/roles/rsyslog-server/tasks/main.yml
index 5717dfb6..5a9ad3d5 100644
--- a/roles/rsyslog-server/tasks/main.yml
+++ b/roles/rsyslog-server/tasks/main.yml
@@ -12,7 +12,7 @@
 - name: Deploy logrotate config
   template:
     src: logrotate.d/logrotate.j2
-    dest: "/etc/logrotate.d/{{ rsyslog_server.name }}"
+    dest: /etc/logrotate.d/{{ rsyslog_server.name }}
     mode: 0644
     owner: root
     group: root
diff --git a/roles/service/tasks/main.yml b/roles/service/tasks/main.yml
index 11525d34..73fbfb59 100644
--- a/roles/service/tasks/main.yml
+++ b/roles/service/tasks/main.yml
@@ -13,7 +13,7 @@
   file:
     path: "{{ service.install_dir }}"
     state: directory
-    mode: '2775'
+    mode: "2775"
     owner: root
     group: _nounou
 
@@ -31,13 +31,13 @@
     repo: "{{ service.git.remote }}"
     version: "{{ service.git.version }}"
     dest: "{{ service.install_dir }}"
-    umask: '002'
+    umask: "002"
 
 - name: Create generated directory
   file:
     path: "{{ service.install_dir }}/generated"
     state: directory
-    mode: '2770'
+    mode: "2770"
     owner: root
     group: _nounou
   when: service.generated is defined and service.generated
@@ -54,7 +54,7 @@
 - name: Deploy cron for service
   template:
     src: cron.d/service.j2
-    dest: "/etc/cron.d/services-{{ service.name }}"
+    dest: /etc/cron.d/services-{{ service.name }}
   when: service.cron is defined and service.cron.frequency is defined
 
 - name: Deploy service configuration
diff --git a/roles/slapd/handlers/main.yml b/roles/slapd/handlers/main.yml
index c8b9f3c0..ce4f0cdd 100644
--- a/roles/slapd/handlers/main.yml
+++ b/roles/slapd/handlers/main.yml
@@ -1,5 +1,4 @@
 ---
-
 - name: Restart slapd
   service:
     name: slapd.service
diff --git a/roles/slapd/tasks/main.yml b/roles/slapd/tasks/main.yml
index cfafc65e..312c3227 100644
--- a/roles/slapd/tasks/main.yml
+++ b/roles/slapd/tasks/main.yml
@@ -15,21 +15,21 @@
 
 - name: Deploy slapd configuration
   template:
-    src: "ldap/{{ item.dest }}.j2"
-    dest: "/etc/ldap/{{ item.dest }}"
+    src: ldap/{{ item.dest }}.j2
+    dest: /etc/ldap/{{ item.dest }}
     mode: "{{ item.mode }}"
     owner: openldap
     group: openldap
   loop:
-    - {dest: slapd.conf, mode: "0600"}
-    - {dest: ldap.key, mode: "0600"}
-    - {dest: ldap.pem, mode: "0644"}
+    - { dest: slapd.conf, mode: "0600" }
+    - { dest: ldap.key, mode: "0600" }
+    - { dest: ldap.pem, mode: "0644" }
   notify: Restart slapd
 
 - name: Deploy ldap services
   lineinfile:
     path: /etc/default/slapd
-    regexp: '^SLAPD_SERVICES='
-    line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
+    regexp: ^SLAPD_SERVICES=
+    line: SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"
   notify: Restart slapd
   check_mode: false
diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml
index d8b887f5..d2615dfa 100644
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@@ -21,7 +21,7 @@
 
 - name: Enable sssd socket activation
   systemd:
-    name: "sssd-{{ item }}"
+    name: sssd-{{ item }}
     enabled: true
   loop:
     - nss
@@ -38,13 +38,13 @@
   lineinfile:
     dest: /etc/nsswitch.conf
     regexp: "^{{ item.name }}:"
-    line: "{{ item.name }}:		{{ item.db }}"
+    line: "{{ item.name }}:\t\t{{ item.db }}"
   loop:
-    - {name: passwd, db: files systemd sss}
-    - {name: group, db: files systemd sss}
-    - {name: shadow, db: files sss}
-    - {name: networks, db: files ldap}
-    - {name: hosts, db: files ldap dns}
+    - { name: passwd, db: files systemd sss }
+    - { name: group, db: files systemd sss }
+    - { name: shadow, db: files sss }
+    - { name: networks, db: files ldap }
+    - { name: hosts, db: files ldap dns }
 
 - name: Disable nscd cache
   lineinfile:
@@ -60,18 +60,18 @@
     # Standard Unix auth by default if available (for root)
     name: common-auth
     type: auth
-    control: '[success=2 default=ignore]'
-    new_control: '[success=3 default=ignore]'
+    control: "[success=2 default=ignore]"
+    new_control: "[success=3 default=ignore]"
     module_path: pam_unix.so
 
 - name: Insert PAM SSS authentication rule
   pamd:
     name: common-auth
     type: auth
-    control: '[success=3 default=ignore]'
+    control: "[success=3 default=ignore]"
     module_path: pam_unix.so
     new_type: auth
-    new_control: '[success=2 default=ignore]'
+    new_control: "[success=2 default=ignore]"
     new_module_path: pam_sss.so
     state: after
 
@@ -80,8 +80,8 @@
     name: common-auth
     type: auth
     module_path: pam_sss.so
-    control: '[success=2 default=ignore]'
-    module_arguments: 'use_first_pass'
+    control: "[success=2 default=ignore]"
+    module_arguments: use_first_pass
 
 - name: Add PAM rule for SSS sessions
   pamd:
@@ -98,18 +98,18 @@
   pamd:
     name: common-password
     type: password
-    control: '[success=2 default=ignore]'
-    new_control: '[success=3 default=ignore]'
+    control: "[success=2 default=ignore]"
+    new_control: "[success=3 default=ignore]"
     module_path: pam_unix.so
 
 - name: Insert PAM SSS password rule
   pamd:
     name: common-password
     type: password
-    control: '[success=3 default=ignore]'
+    control: "[success=3 default=ignore]"
     module_path: pam_unix.so
     new_type: password
-    new_control: '[success=2 default=ignore]'
+    new_control: "[success=2 default=ignore]"
     new_module_path: pam_sss.so
     state: after
 
@@ -118,5 +118,5 @@
     name: common-password
     type: password
     module_path: pam_sss.so
-    control: '[success=2 default=ignore]'
-    module_arguments: 'use_authtok'
+    control: "[success=2 default=ignore]"
+    module_arguments: use_authtok
diff --git a/roles/statping/tasks/main.yml b/roles/statping/tasks/main.yml
index f153e0df..eb06eaa7 100644
--- a/roles/statping/tasks/main.yml
+++ b/roles/statping/tasks/main.yml
@@ -17,8 +17,8 @@
 
 - name: Install statping systemd unit
   template:
-    src: "systemd/system/statping.service.j2"
-    dest: "/etc/systemd/system/statping.service"
+    src: systemd/system/statping.service.j2
+    dest: /etc/systemd/system/statping.service
     mode: 0644
   notify: Restart statping
 
diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
index 2701c683..6ee4500b 100644
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: Configure sudoers
   template:
     src: "{{ item }}.j2"
-    dest: "/etc/{{ item }}"
+    dest: /etc/{{ item }}
     mode: 0440
   loop:
     - sudoers.d/custom_passprompt
diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index de4c69f7..11ad0224 100644
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -8,12 +8,11 @@
   retries: 3
   until: apt_result is succeeded
 
-
 - name: Download the root file
   get_url:
     url: https://www.internic.net/domain/named.root
     dest: /var/unbound/etc/root.hints
-    mode: '0444'
+    mode: "0444"
   notify: Reload unbound
 
 - name: Fetch the initial keys
@@ -33,4 +32,3 @@
     name: unbound
     enabled: true
     state: started
-
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 905cbfce..449759ec 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -25,7 +25,7 @@
 - name: Deploy wireguard configuration
   template:
     src: wireguard/tunnel.conf.j2
-    dest: "/etc/wireguard/{{ item.name }}.conf"
+    dest: /etc/wireguard/{{ item.name }}.conf
     mode: 0700
     owner: root
     group: root
@@ -33,7 +33,7 @@
 
 - name: Enable and start wireguard service
   systemd:
-    name: "wg-quick@{{ item.name }}"
+    name: wg-quick@{{ item.name }}
     state: started
     enabled: true
   loop: "{{ wireguard.tunnels }}"
diff --git a/roles/zamok-tools/tasks/main.yml b/roles/zamok-tools/tasks/main.yml
index ed290020..fbe6385f 100644
--- a/roles/zamok-tools/tasks/main.yml
+++ b/roles/zamok-tools/tasks/main.yml
@@ -7,7 +7,7 @@
 
 - name: Install custom repository for Weechat sources
   apt_repository:
-    repo: "deb https://weechat.org/debian {{ ansible_distribution_release }} main"
+    repo: deb https://weechat.org/debian {{ ansible_distribution_release }} main
     state: present
 
 - name: Install zamok tools
@@ -15,43 +15,43 @@
     update_cache: true
     name:
       - apache2
-      - bat  # Rajouté par shirenn le 10/11/2021
-      - bitlbee  # Demande du 06/09/2017 17:40 sur #crans
+      - bat # Rajouté par shirenn le 10/11/2021
+      - bitlbee # Demande du 06/09/2017 17:40 sur #crans
       - byobu
       - cabal-install
-      - cmake  # Demande irc  #root 22/05/2018 15h45
+      - cmake # Demande irc  #root 22/05/2018 15h45
       - cpanminus
-      - exiv2  # Demande du 25/08/2017 14:19 sur #crans
+      - exiv2 # Demande du 25/08/2017 14:19 sur #crans
       - fetchmail
       - fish
       # - freefem++  # Demande du 14/05/2018 17:12 sur #roots
-      - graphviz  # Demande du 10/02/2018 15:46 sur #roots
-      - inotify-tools  # Demande du 24/10/2017 23:17 sur #crans
-      - jed  # Demande du 04/08/2017 sur nounou@
+      - graphviz # Demande du 10/02/2018 15:46 sur #roots
+      - inotify-tools # Demande du 24/10/2017 23:17 sur #crans
+      - jed # Demande du 04/08/2017 sur nounou@
       - joe
       - libapache2-mod-php
       - libapache2-mod-wsgi-py3
-      - lua-cjson  # Demande du 01/09/2017 18:50 sur #crans
-      - lynx  # Demande du 30/07/2017 sur nounou@
+      - lua-cjson # Demande du 01/09/2017 18:50 sur #crans
+      - lynx # Demande du 30/07/2017 sur nounou@
       - mariadb-server
-      - moreutils  # Ce package, c'est la vie !
+      - moreutils # Ce package, c'est la vie !
       - nyancat
-      - octave  # Demande irc  #crans 28/02/2019 14h28
+      - octave # Demande irc  #crans 28/02/2019 14h28
       - odt2txt
       - par
-      - pdftk  # Demande mail nounou@ 16/10/2018 16h01
+      - pdftk # Demande mail nounou@ 16/10/2018 16h01
       - php
       - php-bz2
       - php-curl
       - php-gd
-      - php-imagick  # dépendance de WordPress, BDS 27/10/2021
+      - php-imagick # dépendance de WordPress, BDS 27/10/2021
       - php-mbstring
       - php-mysql
       - php-sqlite3
       - php-xml
       - php-zip
       - phpmyadmin
-      - pkg-config  # Demande du 01/02/2018 15:00 sur #roots
+      - pkg-config # Demande du 01/02/2018 15:00 sur #roots
       - poppler-utils
       - python3-dialog
       - python3-django
@@ -62,21 +62,21 @@
       - python3-netaddr
       - python3-pip
       - python3-scipy
-      - python3-venv  # Ajout par erdnaxe pour la Med 10/08/2019 10h50
+      - python3-venv # Ajout par erdnaxe pour la Med 10/08/2019 10h50
       - pyzor
-      - ranger  # Demande du 31/01/2020 11h10 par Solal
+      - ranger # Demande du 31/01/2020 11h10 par Solal
       - razor
       - reptyr
-      - ruby-dev  # Demande du 07/01/2018 18:50 sur #crans pour compiler des gem
+      - ruby-dev # Demande du 07/01/2018 18:50 sur #crans pour compiler des gem
       - sl
       - slrn
-      - spamassassin  # utile pour filtrer le spam avec procmail
+      - spamassassin # utile pour filtrer le spam avec procmail
       - texlive-full
-      - unison  # Demande news crans.crans 11/04/18
-      - uwsgi  # pratique pour utiliser Django sur sa page perso
+      - unison # Demande news crans.crans 11/04/18
+      - uwsgi # pratique pour utiliser Django sur sa page perso
       - uwsgi-plugin-python3
-      - vim-gtk  # Demande du 23/09/2017 22:04 sur #crans
-      - weechat  # Parceque c'est normal qu'il soit installe
+      - vim-gtk # Demande du 23/09/2017 22:04 sur #crans
+      - weechat # Parceque c'est normal qu'il soit installe
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -96,14 +96,14 @@
 
 - name: Copy apache configuration
   template:
-    src: "apache2/{{ item }}.j2"
-    dest: "/etc/apache2/{{ item }}"
+    src: apache2/{{ item }}.j2
+    dest: /etc/apache2/{{ item }}
     owner: root
     group: root
     mode: 0644
   loop:
-    - "ports.conf"
-    - "sites-available/000-perso.conf"
+    - ports.conf
+    - sites-available/000-perso.conf
   notify: Reload apache
 
 - name: Enable apache sites