pleasing erdnaxe and yamllint

2021-12-04 21:55:14 +01:00 · 2021-12-04 21:55:14 +01:00 · afbc9f2b58
parent a8bf67f18e
commit afbc9f2b58
77 changed files with 170 additions and 174 deletions
--- a/.yamllint.yml
+++ b/.yamllint.yml
@ -2,6 +2,5 @@
 extends: default

 rules:
-  line-length:
-    level: warning
+  line-length: disable
 ...
--- a/all.yml
+++ b/all.yml
@ -10,7 +10,7 @@
 # Common configuration
 - import_playbook: plays/mail.yml
 - import_playbook: plays/nfs.yml
-#- import_playbook: plays/logs.yml  TODO: rsyncd
+# - import_playbook: plays/logs.yml  TODO: rsyncd
 - import_playbook: plays/backup.yml  # import borgbackup_client/server.yml
 # - import_playbook: plays/network-interfaces.yml  TODO: check this paybook
 - import_playbook: plays/monitoring.yml
--- a/group_vars/all/home_nounou.yml
+++ b/group_vars/all/home_nounou.yml
@ -1,10 +1,10 @@
 ---
 glob_home_nounou:
  mounts:
-  - ip: 172.16.10.1
-    mountpoint: /pool/home
-    target: /home_nounou
-    name: home_nounou
-    owner: root
-    group: _user
-    mode: '0750'
+    - ip: 172.16.10.1
+      mountpoint: /pool/home
+      target: /home_nounou
+      name: home_nounou
+      owner: root
+      group: _user
+      mode: '0750'
--- a/group_vars/all/network_interfaces.yml
+++ b/group_vars/all/network_interfaces.yml
@ -1,3 +1,4 @@
+---
 glob_network_interfaces:
  vlan:
    - name: srv
--- a/group_vars/cachan/home_nounou.yml
+++ b/group_vars/cachan/home_nounou.yml
@ -1,10 +1,10 @@
 ---
 glob_home_nounou:
  mounts:
-  - ip: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
-    mountpoint: /rpool/home
-    target: /home_nounou
-    name: home_nounou
-    owner: root
-    group: _user
-    mode: '0750'
+    - ip: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+      mountpoint: /rpool/home
+      target: /home_nounou
+      name: home_nounou
+      owner: root
+      group: _user
+      mode: '0750'
--- a/group_vars/cachan/network_interfaces.yml
+++ b/group_vars/cachan/network_interfaces.yml
@ -1,3 +1,4 @@
+---
 glob_network_interfaces:
  vlan:
    - name: cachan_srv
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@ -1,13 +1,13 @@
 ---
 glob_dhcp:
  global_options:
-    - { key: "interface-mtu", value: "1500" }
+    - {key: "interface-mtu", value: "1500"}
  global_parameters: []

 glob_service_dhcp:
  name: dhcp
  install_dir: /var/local/services/dhcp
-  generated: yes
+  generated: true
  cron:
    frequency: "*/2 * * * *"
    options: -q
--- a/group_vars/dovecot.yml
+++ b/group_vars/dovecot.yml
@ -1,3 +1,4 @@
+---
 glob_dovecot:
  ldap:
    uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'adm') | ipv4 | first }}/"
--- a/group_vars/ethercalc.yml
+++ b/group_vars/ethercalc.yml
@ -1,2 +1,3 @@
+---
 glob_ethercalc:
  ip: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
--- a/group_vars/etherpad.yml
+++ b/group_vars/etherpad.yml
@ -1,3 +1,4 @@
+---
 glob_etherpad:
  instances:
    - name: etherpad-lite
--- a/group_vars/firewall.yml
+++ b/group_vars/firewall.yml
@ -1,3 +1,4 @@
+---
 glob_service_firewall:
  name: firewall
  install_dir: /var/local/services/firewall
--- a/group_vars/framadate.yml
+++ b/group_vars/framadate.yml
@ -1,3 +1,4 @@
+---
 glob_framadate:
  contact: contact@crans.org
  automatic_response: no-reply@crans.org
@ -8,4 +9,3 @@ glob_framadate:
  admin_username: framadate
  admin_password: "{{ vault.framadate_password }}"
  db_password: "{{ vault.framadate_password_db }}"
-
--- a/group_vars/horde.yml
+++ b/group_vars/horde.yml
@ -1,3 +1,4 @@
+---
 glob_horde:
  secret: '{{ vault.horde_secret }}'
  imap: imap.adm.crans.org
@ -13,10 +14,10 @@ glob_horde:
    - "'erdnaxe'"
  redirection: https://wiki.crans.org/VieCrans/PagesDeDeconnexion/ERR_CHOOSE_WEBMAIL
  src_hostname: horde.crans.org
-  dest_hostname : webmail.crans.org
-  admin_src_hostname : horde.adm.crans.org
-  admin_dest_hostname : webmail.adm.crans.org
-  zone_ipv4 : 172.16.10.0/24
-  zone_ipv6 : fd00:0:0:10::/64
+  dest_hostname: webmail.crans.org
+  admin_src_hostname: horde.adm.crans.org
+  admin_dest_hostname: webmail.adm.crans.org
+  zone_ipv4: 172.16.10.0/24
+  zone_ipv6: fd00:0:0:10::/64
  ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
  ipv6: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv6 | first }}"
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@ -8,7 +8,7 @@ glob_keepalived:
    VI_ALL:
      password: "{{ vault.keepalived.password }}"
      id: 60
-      ipv6: yes
+      ipv6: true
      notify: /var/local/services/keepalived/keepalived.py
      zones:
        - vlan: via
--- a/group_vars/mirror_backend.yml
+++ b/group_vars/mirror_backend.yml
@ -1,3 +1,4 @@
+---
 glob_ftpsync:
  root: /mirror/pub
  mirror:
--- a/group_vars/postgres.yml
+++ b/group_vars/postgres.yml
@ -1,3 +1,4 @@
+---
 glob_postgres:
  subnets:
    - 172.16.10.0/24
--- a/group_vars/radius.yml
+++ b/group_vars/radius.yml
@ -17,7 +17,7 @@ glob_freeradius:
      ipv6: 2001:bc8:273e::1
      secret: '{{ vault.radius_secret.federez }}'
      server: radius-wifi
-      
+
 loc_certbot:
  - mail: root@crans.org
    certname: crans.org
--- a/group_vars/radvd.yml
+++ b/group_vars/radvd.yml
@ -1 +1,2 @@
+---
 glob_radvd: {}
--- a/group_vars/re2o.yml
+++ b/group_vars/re2o.yml
@ -17,8 +17,8 @@ glob_re2o:
    uri: "ldap://re2o-ldap.adm.crans.org/"
    dn: "cn=admin,dc=crans,dc=org"
  database:
-      password: "{{ vault.re2o_db_password }}"
-      uri: "172.16.10.1"
+    password: "{{ vault.re2o_db_password }}"
+    uri: "172.16.10.1"
  optional_apps:
    - api
    - captcha
--- a/group_vars/re2o_front.yml
+++ b/group_vars/re2o_front.yml
@ -3,8 +3,8 @@ glob_re2o_front:
  server_names:
    - "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
    - "[{{ query('ldap', 'ip', 'c3po', 'adm') | ipv6 | first }}]"
-  # - "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
-  # - "[{{ query('ldap', 'ip', 're2o', 'adm') | ipv6 | first }}]"
+    # - "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
+    # - "[{{ query('ldap', 'ip', 're2o', 'adm') | ipv6 | first }}]"
    - re2o.adm.crans.org
    - intranet.adm.crans.org
    - re2o.crans.org
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@ -1,3 +1,4 @@
+---
 loc_certbot:
  - mail: root@crans.org
    certname: crans.org
--- a/group_vars/roundcube.yml
+++ b/group_vars/roundcube.yml
@ -1,3 +1,4 @@
+---
 glob_roundcube:
  name: Crans
  imap_server: owl.adm.crans.org
--- a/group_vars/rsyncd.yml
+++ b/group_vars/rsyncd.yml
@ -9,4 +9,3 @@ glob_rsyncd:
      path: /pool/mirror/pub/videolan
      comment: VideoLAN repository
      hosts_allow: "*"
-
--- a/group_vars/server/ntp.yml
+++ b/group_vars/server/ntp.yml
@ -1,3 +1,4 @@
+---
 glob_ntp_client:
  servers:
    - ntp.adm.crans.org
--- a/group_vars/sssd.yml
+++ b/group_vars/sssd.yml
@ -1,3 +1,4 @@
+---
 glob_sssd:
  primary:
    domain: tealc.adm.crans.org
--- a/group_vars/thelounge.yml
+++ b/group_vars/thelounge.yml
@ -1,3 +1,4 @@
+---
 glob_thelounge:
  public: "false"
  host: "undefined"
--- a/host_vars/c3po.adm.crans.org.yml
+++ b/host_vars/c3po.adm.crans.org.yml
@ -1,2 +1,3 @@
+---
 interfaces:
  adm: eth0
--- a/host_vars/codichotomie.adm.crans.org.yml
+++ b/host_vars/codichotomie.adm.crans.org.yml
@ -1,3 +1,4 @@
+---
 interfaces:
  adm: eth0
  srv_nat: eth1
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@ -6,5 +6,5 @@ loc_slapd:

 loc_postgres:
  version: 11
-  replica: yes
+  replica: true
  addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
--- a/host_vars/fyre.cachan-adm.crans.org.yml
+++ b/host_vars/fyre.cachan-adm.crans.org.yml
@ -22,7 +22,7 @@ loc_prometheus:
      - job_name: servers
        file_sd_configs:
          - files:
-            - '/etc/prometheus/targets_node.json'
+              - '/etc/prometheus/targets_node.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
@ -41,7 +41,7 @@ loc_prometheus:
      - job_name: ups_snmp
        file_sd_configs:
          - files:
-            - '/etc/prometheus/targets_ups_snmp.json'
+              - '/etc/prometheus/targets_ups_snmp.json'
        metrics_path: /snmp
        params:
          module: [eatonups]
@ -60,7 +60,7 @@ loc_prometheus:
      - job_name: unifi_snmp
        file_sd_configs:
          - files:
-            - '/etc/prometheus/targets_unifi_snmp.json'
+              - '/etc/prometheus/targets_unifi_snmp.json'
        metrics_path: /snmp
        params:
          module: [ubiquiti_unifi]
@ -79,7 +79,7 @@ loc_prometheus:
      - job_name: nginx
        file_sd_configs:
          - files:
-            - '/etc/prometheus/targets_nginx.json'
+              - '/etc/prometheus/targets_nginx.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: instance
--- a/host_vars/gulp.cachan-adm.crans.org.yml
+++ b/host_vars/gulp.cachan-adm.crans.org.yml
@ -17,7 +17,7 @@ loc_postgres:
    - fd00:0:0:3010::/64
  version: 11
  hosts:
-    - { db: re2o, user: re2o }
+    - {db: re2o, user: re2o}
  addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
  backup:
    dir: /var/local/db-backup
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@ -42,20 +42,20 @@ loc_inspircd:
    nick: PEB
    email: root@crans.org
  bind:
-     - address: 185.230.79.11
-       type: clients
-       clair: 6667
-       ssl: 6697
-     - address: 2a0c:700:2::ff:fe01:2902
-       type: clients
-       clair: 6667
-       ssl: 6697
-     - address : 172.16.10.129
-       type: clients
-       clair: 6667
-     - address: 127.0.0.1
-       type: servers
-       clair: 6668
+    - address: 185.230.79.11
+      type: clients
+      clair: 6667
+      ssl: 6697
+    - address: 2a0c:700:2::ff:fe01:2902
+      type: clients
+      clair: 6667
+      ssl: 6697
+    - address: 172.16.10.129
+      type: clients
+      clair: 6667
+    - address: 127.0.0.1
+      type: servers
+      clair: 6668
  connect:
    - name: zamok
      allows:
@ -79,7 +79,7 @@ loc_inspircd:
        ipv6: fd00::10:ff:fe01:2110/128
      threshold: 10
      commandrate: 10000
-      modes: yes
+      modes: true
  dns: 185.230.79.62
  services:
    name: services.irc.crans.org
@ -87,8 +87,6 @@ loc_inspircd:
    recvpass: "{{ vault.irc_anope_recvpass }}"
    sendpass: "{{ vault.irc_anope_sendpass }}"

-
-
 loc_anope:
  recvpass: "{{ vault.irc_anope_recvpass }}"
  sendpass: "{{ vault.irc_anope_sendpass }}"
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@ -6,5 +6,5 @@ loc_slapd:

 loc_postgres:
  version: 11
-  replica: yes
+  replica: true
  addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
--- a/host_vars/monitoring.adm.crans.org.yml
+++ b/host_vars/monitoring.adm.crans.org.yml
@ -1,3 +1,4 @@
+---
 interfaces:
  adm: eth0
  srv_nat: eth1
@ -10,7 +11,7 @@ loc_prometheus:
      - job_name: servers
        file_sd_configs:
          - files:
-            - '/etc/prometheus/targets_node.json'
+              - '/etc/prometheus/targets_node.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
@ -27,7 +28,7 @@ loc_prometheus:
      - job_name: nginx
        file_sd_configs:
          - files:
-            - '/etc/prometheus/targets_nginx.json'
+              - '/etc/prometheus/targets_nginx.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: instance
@ -63,7 +64,7 @@ loc_prometheus:
      - job_name: blackbox
        file_sd_configs:
          - files:
-            - '/etc/prometheus/targets_blackbox.json'
+              - '/etc/prometheus/targets_blackbox.json'
        metrics_path: /probe
        params:
          module: [http_2xx]  # Look for a HTTP 200 response.
@ -89,22 +90,3 @@ loc_prometheus:
          - source_labels: [instance]
            target_label: __address__
            replacement: '$1:3903'
-
-
-#  apache:
-#    targets:
-#    config:
-#      - job_name: apache
-#        file_sd_configs:
-#          - files:
-#            - '/etc/prometheus/targets_apache.json'
-#        relabel_configs:
-#          - source_labels: [__address__]
-#            target_label: instance
-#          - source_labels: [instance]
-#            target_label: __address__
-#            replacement: '$1:9117'
-
-#  bird_targets:
-#    - routeur-sam.adm.crans.org
-
--- a/host_vars/owncloud.adm.crans.org.yml
+++ b/host_vars/owncloud.adm.crans.org.yml
@ -8,4 +8,3 @@ loc_ldap:
  base_dn: "cn=admin,dc=crans,dc=org"
  password: "{{ vault.ldap_master_password }}"
  uri: "ldap://172.16.10.157"
-
--- a/host_vars/re2o.cachan-adm.crans.org.yml
+++ b/host_vars/re2o.cachan-adm.crans.org.yml
@ -30,8 +30,8 @@ loc_re2o:
    uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
    dn: "cn=admin,dc=crans,dc=org"
  database:
-      password: "{{ vault.re2o_db_password }}"
-      uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+    password: "{{ vault.re2o_db_password }}"
+    uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"

 loc_nginx:
  real_ip_from:
--- a/host_vars/routeur-daniel.adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-daniel.adm.crans.org/dhcp.yml
@ -1,9 +1,9 @@
 ---
 loc_dhcp:
-  authoritative: True
+  authoritative: true
  subnets:
    - network: "185.230.78.0/24"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "adh"
      default_lease_time: "600"
      max_lease_time: "7200"
--- a/host_vars/routeur-daniel.adm.crans.org/radvd.yml
+++ b/host_vars/routeur-daniel.adm.crans.org/radvd.yml
@ -1,3 +1,4 @@
+---
 loc_radvd:
  subnets:
    - name: adh
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
@ -1,9 +1,9 @@
 ---
 loc_dhcp:
-  authoritative: True
+  authoritative: true
  subnets:
    - network: "185.230.76.0/26"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "cachan_adh"
      default_lease_time: "600"
      max_lease_time: "7200"
@ -14,7 +14,7 @@ loc_dhcp:
      options: []
      lease_file: "/var/local/services/dhcp/generated/dhcp.cachan-adh.crans.org.list"
    - network: "100.64.0.0/16"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "adh_nat"
      default_lease_time: "600"
      max_lease_time: "7200"
@ -25,7 +25,7 @@ loc_dhcp:
      options: []
      lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
    - network: "172.16.32.0/22"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "infra"
      default_lease_time: "600"
      max_lease_time: "7200"
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/radius.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/radius.yml
@ -19,7 +19,7 @@ loc_re2o:
    uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
    dn: "cn=admin,dc=crans,dc=org"
  database:
-      password: "{{ vault.re2o_db_password }}"
-      uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+    password: "{{ vault.re2o_db_password }}"
+    uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"

  optional_apps: []
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
@ -18,7 +18,7 @@ loc_radvd:
        - 2a0c:700:254::ff:fe00:99fe
    - name: infra
      prefix: fd00:0:0:11::/64
-      no_gateway: yes
+      no_gateway: true
      dnssl: infra.crans.org
      dns:
        - fd00::11:0:ff:fe00:9911
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml
@ -8,4 +8,3 @@ interfaces:
  infra: ens1
  zayo: ens2
  federez: enp1s3
-  
--- a/host_vars/routeur-jack.adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-jack.adm.crans.org/dhcp.yml
@ -1,9 +1,9 @@
 ---
 loc_dhcp:
-  authoritative: True
+  authoritative: true
  subnets:
    - network: "185.230.78.0/24"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "adh"
      default_lease_time: "600"
      max_lease_time: "7200"
--- a/host_vars/routeur-jack.adm.crans.org/radvd.yml
+++ b/host_vars/routeur-jack.adm.crans.org/radvd.yml
@ -1,3 +1,4 @@
+---
 loc_radvd:
  subnets:
    - name: adh
--- a/host_vars/routeur-sam.adm.crans.org/dhcp.yml
+++ b/host_vars/routeur-sam.adm.crans.org/dhcp.yml
@ -1,9 +1,9 @@
 ---
 loc_dhcp:
-  authoritative: True
+  authoritative: true
  subnets:
    - network: "185.230.78.0/24"
-      deny_unknown: True
+      deny_unknown: true
      vlan: "adh"
      default_lease_time: "600"
      max_lease_time: "7200"
--- a/host_vars/routeur-sam.adm.crans.org/radvd.yml
+++ b/host_vars/routeur-sam.adm.crans.org/radvd.yml
@ -1,3 +1,4 @@
+---
 loc_radvd:
  subnets:
    - name: adh
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@ -6,5 +6,5 @@ loc_slapd:

 loc_postgres:
  version: 11
-  replica: yes
+  replica: true
  addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
--- a/host_vars/sputnik.adm.crans.org.yml
+++ b/host_vars/sputnik.adm.crans.org.yml
@ -73,7 +73,7 @@ loc_nginx:
  servers:
    - server_name:
        - "wiki2.crans.org"
-      ssl : "crans.org"
+      ssl: "crans.org"
      access_log: "/var/log/nginx/wiki.log combined"
      error_log: "/var/log/nginx/wiki.error.log"
      additional_params:
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@ -1,29 +1,30 @@
+---
 loc_postgres:
  version: 11
  hosts:
    - db: etherpad
      user: crans
-      map: { name: etherpad, system: etherpad, pg: crans }
+      map: {name: etherpad, system: etherpad, pg: crans}
    - db: etherpad_tmp
      user: crans
-      map: { name: etherpad_tmp, system: etherpad, pg: crans }
+      map: {name: etherpad_tmp, system: etherpad, pg: crans}
    - db: horde5
      user: www-data
-      map: { name: horde, system: www-data, pg: www-data }
+      map: {name: horde, system: www-data, pg: www-data}
    - db: roundcube
      user: roundcube
-      map: { name: webmail, system: www-data, pg: roundcube }
-    - { db: owncloud, user: owncloud }
-    - { db: cas, user: cas }
-    - { db: hedgedoc, user: hedgedoc }
-    - { db: sqlgrey, user: sqlgrey, method: ident }
-    - { db: re2o, user: re2o }
-    - { db: re2o_test, user: re2o }
-    - { db: constellation-dev, user: constellation-dev }
-    - { db: mailman3, user: mailman3 }
-    - { db: mailman3web, user: mailman3web }
-    - { db: all, user: all, subnets: ['127.0.0.1/32','::1/128'], local: yes }
-    - { db: replication, user: replication, local: yes }
+      map: {name: webmail, system: www-data, pg: roundcube}
+    - {db: owncloud, user: owncloud}
+    - {db: cas, user: cas}
+    - {db: hedgedoc, user: hedgedoc}
+    - {db: sqlgrey, user: sqlgrey, method: ident}
+    - {db: re2o, user: re2o}
+    - {db: re2o_test, user: re2o}
+    - {db: constellation-dev, user: constellation-dev}
+    - {db: mailman3, user: mailman3}
+    - {db: mailman3web, user: mailman3web}
+    - {db: all, user: all, subnets: ['127.0.0.1/32', '::1/128'], local: true}
+    - {db: replication, user: replication, local: true}
  addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ipaddr('address') }}"
  backup:
    dir: /var/local/db-backup
@ -78,7 +79,7 @@ loc_nginx:
      locations:
        - filter: "/"
          params:
-          - "autoindex on"
-          - "autoindex_exact_size off"
-          - "add_before_body /.html/HEADER.html"
-          - "add_after_body /.html/FOOTER.html"
+            - "autoindex on"
+            - "autoindex_exact_size off"
+            - "add_before_body /.html/HEADER.html"
+            - "add_after_body /.html/FOOTER.html"
--- a/host_vars/voyager.adm.crans.org.yml
+++ b/host_vars/voyager.adm.crans.org.yml
@ -1,3 +1,4 @@
+---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/plays/monitoring.yml
+++ b/plays/monitoring.yml
@ -40,8 +40,8 @@
    - prometheus-nginx-exporter

 # Monitor mailq with a special text exporter
-#- hosts: redisdead.adm.crans.org
-#  roles: ["prometheus-node-exporter-postfix"]
+# - hosts: redisdead.adm.crans.org
+#   roles: ["prometheus-node-exporter-postfix"]

 # Monitor logs with mtail
 - hosts: mtail
--- a/plays/network_interfaces.yml
+++ b/plays/network_interfaces.yml
@ -2,6 +2,6 @@
 ---
 - hosts: crans_vm,!routeurs_vm
  vars:
-   network_interfaces: "{{ glob_network_interfaces | default({}) | combine(loc_network_interfaces | default({})) }}"
+    network_interfaces: "{{ glob_network_interfaces | default({}) | combine(loc_network_interfaces | default({})) }}"
  roles:
    - network-interfaces
--- a/plays/zamok.yml
+++ b/plays/zamok.yml
@ -8,5 +8,5 @@
    adh: '{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}'
  roles:
    - zamok-tools
-#    - postfix
+    # - postfix
    - prometheus-node-exporter-postfix
--- a/roles/autoconfig/tasks/main.yml
+++ b/roles/autoconfig/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: Create base directory
  file:
    path: "{{ autoconfig.path }}/mail"
--- a/roles/borgbackup-server/tasks/main.yml
+++ b/roles/borgbackup-server/tasks/main.yml
@ -11,9 +11,9 @@

 - name: Create borgbackup user
  user:
-    create_home: yes
+    create_home: true
    home: '/var/lib/borg/'
-    system: yes
+    system: true
    state: present
    update_password: always
    name: borg
--- a/roles/common-tools/tasks/main.yml
+++ b/roles/common-tools/tasks/main.yml
@ -53,7 +53,7 @@
    owner: root
    group: utmp
    mode: '4755'
-  check_mode: no
+  check_mode: false

 - name: Deploy screen tmpfile
  template:
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@ -17,7 +17,7 @@
  git:
    repo: '{{ django_cas.repo }}'
    dest: '{{ django_cas.path }}'
-    force: yes
+    force: true
    version: master
    umask: '002'

--- a/roles/dovecot/handlers/main.yml
+++ b/roles/dovecot/handlers/main.yml
@ -2,4 +2,4 @@
 - name: Restart dovecot
  service:
    name: dovecot
-    state: restarted
+    state: restarted
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: Install dovecot
  apt:
    update_cache: true
@ -23,4 +24,4 @@
    - conf.d/10-ssl.conf
    - conf.d/auth-system.conf.ext
    - dovecot-ldap.conf.ext
-  notify: Restart dovecot
+  notify: Restart dovecot
--- a/roles/etherpad/handlers/main.yml
+++ b/roles/etherpad/handlers/main.yml
@ -4,5 +4,3 @@
    name: "{{ item.name }}"
    state: restarted
  loop: "{{ etherpad.instances }}"
-
-
--- a/roles/framadate/tasks/main.yml
+++ b/roles/framadate/tasks/main.yml
@ -10,7 +10,7 @@
      - php-mbstring
      - php-mysql
      - composer
-      - python3-passlib # Necessary for htpasswd module
+      - python3-passlib  # Necessary for htpasswd module
      - python3-pymysql
      - mariadb-server
  register: apt_result
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@ -44,21 +44,21 @@
    src: /var/www/re2o/freeradius_utils/auth.py
    dest: /etc/freeradius/3.0/auth.py
    state: link
-    force: yes
+    force: true
  notify: Restart freeradius

 - name: Ensure ${certdir}/letsencrypt directory exists
  file:
    path: /etc/freeradius/3.0/certs/letsencrypt
    state: directory
-    recurse: yes
+    recurse: true

 - name: Symlink radius certificates
  file:
    src: /etc/letsencrypt/live/crans.org/{{ item }}
    dest: /etc/freeradius/3.0/certs/letsencrypt/{{ item }}
    state: link
-    force: yes
+    force: true
  loop:
    - fullchain.pem
    - privkey.pem
@ -68,7 +68,7 @@
    path: /etc/letsencrypt/{{ item }}
    group: freerad
    mode: '0755'
-    recurse: yes
+    recurse: true
  loop:
    - live
    - archive
--- a/roles/galene/tasks/main.yml
+++ b/roles/galene/tasks/main.yml
@ -75,8 +75,8 @@
 - name: Enable systemd unit
  systemd:
    name: galene
-    enabled: yes
-    daemon_reload: yes
+    enabled: true
+    daemon_reload: true
    state: started

 - name: Indicate role in motd
--- a/roles/inspircd/tasks/main.yml
+++ b/roles/inspircd/tasks/main.yml
@ -1,6 +1,4 @@
 ---
-#- name: Install InspIRCd
-
 - name: Deploy InspIRCd configuration
  template:
    src: "inspircd/{{ item.dest }}.j2"
@ -9,12 +7,12 @@
    owner: irc
    group: irc
  loop:
-    - { dest: inspircd.conf, mode: "0644" }
-    - { dest: links.conf, mode: "0600" }
-    - { dest: power.conf, mode: "0600" }
-    - { dest: opers.conf, mode: "0600" }
-    - { dest: modules.conf, mode: "0600" }
-    - { dest: inspircd.motd, mode: "0644" }
+    - {dest: inspircd.conf, mode: "0644"}
+    - {dest: links.conf, mode: "0600"}
+    - {dest: power.conf, mode: "0600"}
+    - {dest: opers.conf, mode: "0600"}
+    - {dest: modules.conf, mode: "0600"}
+    - {dest: inspircd.motd, mode: "0644"}
  notify: Reload InspIRCd

 - name: Deploy certificate refresh CRON
--- a/roles/keepalived/tasks/main.yml
+++ b/roles/keepalived/tasks/main.yml
@ -56,4 +56,4 @@
    name: keepalived
    daemon-reload: true
    state: started
-    enabled: yes
+    enabled: true
--- a/roles/linx/tasks/main.yml
+++ b/roles/linx/tasks/main.yml
@ -1,11 +1,11 @@
 ---
-#- name: Install linx
+# - name: Install linx

 - name: Create linx user
  user:
-    create_home: yes
+    create_home: true
    home: /var/lib/linx
-    system: yes
+    system: true
    state: present
    password: "!"
    update_password: always
--- a/roles/nfs-common/tasks/main.yml
+++ b/roles/nfs-common/tasks/main.yml
@ -16,11 +16,10 @@
 - name: Disable and mask rpcbind.service
  systemd:
    name: rpcbind.service
-    enabled: no
-    masked: yes
+    enabled: false
+    masked: true

 - name:
  systemd:
    name: rpcbind.socket
-    masked: yes
-    
+    masked: true
--- a/roles/ntp-server/tasks/main.yml
+++ b/roles/ntp-server/tasks/main.yml
@ -12,7 +12,7 @@
    path: /etc/default/ntp
    regexp: '^NTPD_OPTS'
    line: NTPD_OPTS='-g -x'
-  check_mode: no
+  check_mode: false

 - name: Configure NTP
  template:
--- a/roles/owncloud/tasks/main.yml
+++ b/roles/owncloud/tasks/main.yml
@ -4,7 +4,7 @@
  apt:
    update_cache: true
    name:
-    - gpg
+      - gpg
  register: apt_result
  retries: 3
  until: apt_result is succeeded
--- a/roles/policyd/tasks/main.yml
+++ b/roles/policyd/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: Install policyd-rate-limit
  apt:
    update_cache: true
@ -17,8 +18,8 @@
    dest: "{{ item.dest }}"
    chmod: 0640
  loop:
-    - { src: policyd/policyd-rate-limit.yaml.j2, dest: /etc/policyd-rate-limit.yaml }
-    - { src: policyd/policyd.py.j2, dest: /usr/lib/python3/dist-packages/policyd_rate_limit }
+    - {src: policyd/policyd-rate-limit.yaml.j2, dest: /etc/policyd-rate-limit.yaml}
+    - {src: policyd/policyd.py.j2, dest: /usr/lib/python3/dist-packages/policyd_rate_limit}
  when: postfix.primary

 - name: Indicate role in motd
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -46,8 +46,8 @@
    owner: postgres
    group: postgres
  loop:
-   - pg_hba.conf
-   - pg_ident.conf
+    - pg_hba.conf
+    - pg_ident.conf
  notify:
    - reload postgresql
  when: 'not(postgres.replica | default(False))'
--- a/roles/prometheus-node-exporter/handlers/main.yml
+++ b/roles/prometheus-node-exporter/handlers/main.yml
@ -6,4 +6,4 @@

 - name: systemctl daemon-reload
  systemd:
-    daemon_reload: yes
+    daemon_reload: true
--- a/roles/prometheus-node-exporter/tasks/main.yml
+++ b/roles/prometheus-node-exporter/tasks/main.yml
@ -40,7 +40,7 @@

 - name: systemctl daemon-reload
  systemd:
-    daemon_reload: yes
+    daemon_reload: true
  when: override.changed

 - name: Activate prometheus-node-exporter service
--- a/roles/re2o-ldap-replica/tasks/main.yml
+++ b/roles/re2o-ldap-replica/tasks/main.yml
@ -99,11 +99,11 @@

 - name: Enable LDAPS
  lineinfile:
-     path: /etc/default/slapd
-     regexp: '^SLAPD_SERVICES='
-     line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
+    path: /etc/default/slapd
+    regexp: '^SLAPD_SERVICES='
+    line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
  notify: Restart slapd
-  check_mode: no
+  check_mode: false

 - name: Touch installation marker
  when: not installation.stat.exists
--- a/roles/slapd/tasks/main.yml
+++ b/roles/slapd/tasks/main.yml
@ -21,15 +21,15 @@
    owner: openldap
    group: openldap
  loop:
-    - { dest: slapd.conf, mode: "0600" }
-    - { dest: ldap.key, mode: "0600" }
-    - { dest: ldap.pem, mode: "0644" }
+    - {dest: slapd.conf, mode: "0600"}
+    - {dest: ldap.key, mode: "0600"}
+    - {dest: ldap.pem, mode: "0644"}
  notify: Restart slapd

 - name: Deploy ldap services
  lineinfile:
-     path: /etc/default/slapd
-     regexp: '^SLAPD_SERVICES='
-     line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
+    path: /etc/default/slapd
+    regexp: '^SLAPD_SERVICES='
+    line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
  notify: Restart slapd
-  check_mode: no
+  check_mode: false
--- a/roles/statping/tasks/main.yml
+++ b/roles/statping/tasks/main.yml
@ -3,13 +3,13 @@
  unarchive:
    src: https://github.com/statping/statping/releases/download/v0.90.74/statping-linux-amd64.tar.gz
    dest: /usr/local/bin/
-    remote_src: yes
+    remote_src: true

 - name: Create statping user
  user:
-    create_home: yes
+    create_home: true
    home: /var/lib/statping
-    system: yes
+    system: true
    state: present
    password: "!"
    update_password: always
--- a/roles/zamok-tools/tasks/main.yml
+++ b/roles/zamok-tools/tasks/main.yml
@ -15,7 +15,7 @@
    update_cache: true
    name:
      - apache2
-      - bat # Rajouté par shirenn le 10/11/2021
+      - bat  # Rajouté par shirenn le 10/11/2021
      - bitlbee  # Demande du 06/09/2017 17:40 sur #crans
      - byobu
      - cabal-install