From ada2133fd99aa6c4ddc664dba24525e14c196318 Mon Sep 17 00:00:00 2001
From: saibotk <git@saibotk.de>
Date: Sat, 26 Sep 2020 22:37:09 +0200
Subject: [PATCH] traefik: Adjust command formatting to satisfy ansible-lint

---
 roles/traefik/tasks/main.yml | 37 ++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
index dc1256f..d6045f0 100644
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -146,7 +146,23 @@
 
 # NOTE: This rule does not care about new / old ip values, so removal must be made by hand!
 - name: Configure firewalld to allow IPv6 traffic for HTTP/HTTPS
-  command: "firewall-cmd --direct --add-rule ipv6 filter FORWARD 0 -p tcp --destination {{ traefik_ipv6.ip_addr | ipaddr('address') }}/128 --dport {{ item }} -j ACCEPT"
+  command:
+    argv:
+      - firewall-cmd
+      - --direct
+      - --add-rule
+      - ipv6
+      - filter
+      - FORWARD
+      - 0
+      - -p
+      - tcp
+      - --destination
+      - "{{ traefik_ipv6.ip_addr | ipaddr('address') }}/128"
+      - --dport
+      - "{{ item }}"
+      - -j
+      - ACCEPT
   register: firewalld_direct_result
   become: true
   changed_when: '"ALREADY_ENABLED" not in firewalld_direct_result.stderr'
@@ -162,7 +178,24 @@
 
 # NOTE: This rule does not care about new / old ip values, so removal must be made by hand!
 - name: Configure firewalld to allow IPv6 traffic for HTTP/HTTPS
-  command: "firewall-cmd --permanent --direct --add-rule ipv6 filter FORWARD 0 -p tcp --destination {{ traefik_ipv6.ip_addr | ipaddr('address') }}/128 --dport {{ item }} -j ACCEPT"
+  command:
+    argv:
+      - firewall-cmd
+      - --permanent
+      - --direct
+      - --add-rule
+      - ipv6
+      - filter
+      - FORWARD
+      - 0
+      - -p
+      - tcp
+      - --destination
+      - "{{ traefik_ipv6.ip_addr | ipaddr('address') }}/128"
+      - --dport
+      - "{{ item }}"
+      - -j
+      - ACCEPT
   register: firewalld_direct_permanent_result
   become: true
   changed_when: '"ALREADY_ENABLED" not in firewalld_direct_permanent_result.stderr'