format: Satisfy ansible-lint

This patch makes minor formatting adjustments & adds handlers to mastodon where appropriate to satisfy ansible-lint.

playbooks/mailcow.yml

@@ -28,6 +28,7 @@
         name: "Backup mailcow daily"
         minute: "5"
         hour: "3"
+        # yamllint disable-line rule:line-length
         job: "MAILCOW_BACKUP_LOCATION=/srv/mailcow-backups /srv/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all --delete-days 2 2>&1 | /usr/bin/logger -t mailcow_data_backup"
       become: true
 # Manual steps:

roles/docker/defaults/main.yml

@@ -68,4 +68,4 @@ docker_python_virtualenv_package_state: "present"
 # The pip package name of the docker library
 docker_pip_package: "docker"
 docker_pip_package_state: "present"
-docker_pip_package_version: "{{ omit }}" # This will be omitted by default, so the latest version will be installed.
+docker_pip_package_version: "{{ omit }}"  # This will be omitted by default, so the latest version will be installed.

roles/gitlab/defaults/main.yml

@@ -58,7 +58,7 @@ gitlab_smtp_address: smtp.example.com
 gitlab_smtp_port: 465
 gitlab_smtp_user_name: 'gitlab@example.com'
 gitlab_smtp_password: "{{ lookup('passwordstore',  gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
-gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
+gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}"  # There was a typo in the config option name, this makes sure it's falling back properly
 gitlab_email_from: "{{ gitlab_smtp_user_name }}"
 gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"
 
@@ -69,8 +69,9 @@ gitlab_libravatar_ssl: "seccdn.libravatar.org"
 # CSP settings
 gitlab_csp:
   img_src: 'https:'
-  #frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
+  # yamllint disable-line rule:line-length
-  #script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
+  # frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
+  # script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
 
 # SAML settings
 gitlab_saml:

roles/gitlab_runner/defaults/main.yml

@@ -39,17 +39,20 @@ gitlabrunner_extra_volumes: []
 # The maximum overall concurrent running jobs. This is the most upper limit of number of jobs using all defined runners, local and autoscale.
 gitlabrunner_concurrent: 1
 
-# The interval in seconds, to check for available jobs. (0 means default value is used. See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works)
+# The interval in seconds, to check for available jobs. (0 means default value is used.
+# See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works)
 gitlabrunner_check_interval: 0
 
 # This is used to define all the runners, that may be served by this gitlab-runner
+# !! YOU WILL NEED TO ADJUST THIS! BELOW IS A FULL EXAMPLE!
 gitlabrunner_runners:
     # The URL of the instance that this runner should be associated with
   - gitlab_url: https://gitlab.example.com
 
     # The token that you received when registering the runner (not the register token!!!)
     # Register a runner first to obtain a token: https://docs.gitlab.com/runner/register/index.html#docker
-    # Can be done via the API and the registration token: eg. `curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token=<registration_token>"`
+    # Can be done via the API and the registration token:
+    # curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token=<registration_token>"
     gitlab_token:
 
     # The name of the runner
@@ -82,15 +85,22 @@ gitlabrunner_runners:
 
     # The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
     # This for example are parameters for the Hetzner driver (but remember, that this will need the hetzner docker-machine plugin)
+    # The options can also be omitted if you do not need any.
     machine_options:
-      hetzner-api-token: "TOKENHERE" # The Hetzner specific API token
+      # The Hetzner specific API token
-      hetzner-image: "debian-10" # The image that should be used for new machines
+      hetzner-api-token: "TOKENHERE"
-      hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
+      # The image that should be used for new machines
-      hetzner-server-location: "fsn1" # The server location to use for a new machine
+      hetzner-image: "debian-10"
+      # The server type (the hardware configuration) to use for a new machine
+      hetzner-server-type: "cx11"
+      # The server location to use for a new machine
+      hetzner-server-location: "fsn1"
 
-    # S3 Runner cache configuration to improve performance between runs (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)
+    # S3 Runner cache configuration to improve performance between runs
-    # cache_s3:
+    # (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)
-    #   server: s3.example.com
+    # The options can also be omitted if you do not want to configure a cache
-    #   access_key: ""
+    cache_s3:
-    #   secret_key: ""
+      server: s3.example.com
-    #   bucket: "runner"
+      access_key: ""
+      secret_key: ""
+      bucket: "runner"

roles/mastodon/handlers/main.yml

@@ -0,0 +1,15 @@
+---
+# Handlers file for the mastodon role
+
+- name: Pull mastodon image
+  docker_image:
+    name: "docker.io/tootsuite/mastodon:{{ mastodon_image_version }}"
+    source: pull
+  become: true
+
+- name: Stop mastodon for upgrade
+  docker_compose:
+    state: present
+    project_src: "{{ mastodon_install_location }}"
+    stopped: true
+  become: true

roles/mastodon/tasks/main.yml

@@ -82,29 +82,10 @@
   changed_when: mastodon_version_fact.rc > 0
   failed_when: false
   become: true
+  notify: ["Pull mastodon image", "Stop mastodon for upgrade"]
 
-- name: Pull an mastodon image
+- name: Immediately run / flush Ansible handlers
-  docker_image:
+  meta: "flush_handlers"
-    name: "docker.io/tootsuite/mastodon:{{ mastodon_image_version }}"
-    source: pull
-  become: true
-  tags:
-    - docker
-    - mastodon
-  when:
-    - mastodon_version_fact is changed
-
-- name: Stop mastodon for upgrade
-  docker_compose:
-    state: present
-    project_src: "{{ mastodon_install_location }}"
-    stopped: true
-  tags:
-    - docker
-    - mastodon
-  become: true
-  when:
-    - mastodon_version_fact is changed
 
 - name: Deploy config
   template:
@@ -134,6 +115,7 @@
   args:
     chdir: "{{ mastodon_install_location }}"
   when:
+    # noqa no-handler
     - mastodon_version_fact is changed
   tags:
     - docker
@@ -147,6 +129,7 @@
   args:
     chdir: "{{ mastodon_install_location }}"
   when:
+    # noqa no-handler
     - mastodon_version_fact is changed
   tags:
     - docker

roles/matrix/defaults/main.yml

@@ -34,7 +34,8 @@ matrix_traefik_certresolver: letsencrypt_http
 matrix_synapse_servername: matrix.example.com
 matrix_synapse_domain: "{{ matrix_synapse_servername }}"
 
-# Additional synapse ENV options (keys will automatically be prefixed with SYNAPSE_) see https://github.com/matrix-org/synapse/tree/develop/docker#generating-a-configuration-file
+# Additional synapse ENV options (keys will automatically be prefixed with SYNAPSE_)
+# see https://github.com/matrix-org/synapse/tree/develop/docker#generating-a-configuration-file
 # Note: Some keys are needed for generating the initial config file like "SYNAPSE_REPORT_STATS" and "SYNAPSE_SERVER_NAME"!
 matrix_synapse_options: {}
 

roles/minecraft/defaults/main.yml

@@ -34,7 +34,7 @@ minecraft_rcon_certresolver: letsencrypt_http
 minecraft_rcon_domain: minecraft.example.com
 
 # Should the RCON webinterface be deployed?
-minecraft_enable_rcon_web: False
+minecraft_enable_rcon_web: false
 
 # The RCON password
 minecraft_rcon_password: "CHANGEME"

roles/minecraft_blockmap/defaults/main.yml

@@ -43,8 +43,9 @@ minecraft_blockmap_timer_enabled: true
 minecraft_blockmap_timer_state: 'started'
 
 # The input location, where the world resides in, that should be rendered.
-# ! NOTE: This is relative to the lvm volume root (eg. a volume covering `/srv` will result in an input path `/minecraft/data/WORLDNAME` if a minecraft server is installed under /srv/minecraft)
+# ! NOTE: This is relative to the lvm volume root
-# minecraft_blockmap_input_location: "/YOUR/PATH/TO/MC_WORLD"
+# (eg. a volume covering `/srv` will result in an input path `/minecraft/data/WORLDNAME` if a minecraft server is installed under /srv/minecraft)
+minecraft_blockmap_input_location:
 
 # Additional parameters, that should be passed to the blockmap-cli
 minecraft_blockmap_parameters: ""

roles/moby_engine/tasks/Fedora-32.yml

@@ -33,7 +33,7 @@
 
 - name: Check if line is present
   shell: cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT
-  changed_when: False
+  changed_when: false
   ignore_errors: true
   register: moby_engine_grub_default
 

roles/monitoring/tasks/main.yml

@@ -85,6 +85,7 @@
   wait_for:
     timeout: 30
   delegate_to: localhost
+  # noqa no-handler
   when: monitoring_compose is changed
 
 - name: Include influxdb management

roles/telegraf/defaults/main.yml

@@ -44,14 +44,14 @@ telegraf_influxdb_retention_policy_tag: ""
 # Telegraf agent configuration (see https://docs.influxdata.com/telegraf/v1.15/administration/configuration/)
 telegraf_agent_hostname: "{{ ansible_fqdn }}"
 telegraf_agent_interval: 10
-telegraf_agent_debug: False
+telegraf_agent_debug: false
 telegraf_agent_round_interval: true
 telegraf_agent_flush_interval: 10
 telegraf_agent_flush_jitter: 5
 telegraf_agent_collection_jitter: 5
 telegraf_agent_metric_batch_size: 2000
 telegraf_agent_metric_buffer_limit: 1000000
-telegraf_agent_omit_hostname: False
+telegraf_agent_omit_hostname: false
 
 # The telegraf config's [global_tags] section (see https://docs.influxdata.com/telegraf/v1.15/administration/configuration/)
 telegraf_global_tags: []

roles/traefik/defaults/main.yml

@@ -50,10 +50,16 @@ traefik_docker_bridge_name: docker-proxy
 # which results in the containers only seeing clients connecting with the internal network IPv4 gateway address.
 traefik_ipv6:
   enabled: false
-  firewall_rules_enabled: false # This controls, if iptable rules should be deployed, to forward incoming traffic from 80/443 with a destination of the specified IP (traefik's IP). TL;DR: Should IPv6 traffic be forwarded/allowed to traefik.
+  # This controls, if iptable rules should be deployed, to forward incoming traffic from 80/443 with a destination of the specified IP (traefik's IP).
-  subnet: "{{ ansible_default_ipv6.address | ipsubnet(64) | ipsubnet(80, 51966) }}" # The subnet that should be used. Usually has to have a size of at least `/80` (see https://web.archive.org/web/20181113104036/https://docs.docker.com/v17.06/engine/userguide/networking/default_network/ipv6/#docker-ipv6-cluster)
+  # TL;DR: Should IPv6 traffic be forwarded/allowed to traefik.
-  ip_addr: "{{ ansible_default_ipv6.address | ipsubnet(64) | ipsubnet(80, 51966) | ipaddr('2') | ipaddr('address') }}" # The traefik container will use this static address, unless you explicitly use `{{ omit }}`
+  firewall_rules_enabled: false
-  name: traefik_ipv6 # The name of the special ipv6 network which will be created and added to the traefik container
+  # The subnet that should be used. Usually has to have a size of at least `/80`
+  # (see https://web.archive.org/web/20181113104036/https://docs.docker.com/v17.06/engine/userguide/networking/default_network/ipv6/#docker-ipv6-cluster)
+  subnet: "{{ ansible_default_ipv6.address | ipsubnet(64) | ipsubnet(80, 51966) }}"
+  # The traefik container will use this static address, unless you explicitly use `{{ omit }}`
+  ip_addr: "{{ ansible_default_ipv6.address | ipsubnet(64) | ipsubnet(80, 51966) | ipaddr('2') | ipaddr('address') }}"
+  # The name of the special ipv6 network which will be created and added to the traefik container
+  name: traefik_ipv6
 
 # Should a general https redirect middleware be enabled for all hosts on the web endpoint?
 traefik_https_redirect_all: true
@@ -70,7 +76,7 @@ traefik_dynamic_conf:
     options:
       default:
         minVersion: "VersionTLS12"
-        sniStrict: true # Can be disabled for local testing, which will lead to traefik serving it's default certificate if none can be found
+        sniStrict: true  # Can be disabled for local testing, which will lead to traefik serving it's default certificate if none can be found
         cipherSuites:
           - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
           - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384