ansible lint additions, .yamllint.yml configuratuion

.yamllint.yml

@@ -0,0 +1,2 @@
+rules:
+  braces: disable

Makefile

@@ -75,4 +75,4 @@ lint-ci: ${SKIP_FILE}
 	@printf "Running yamllint...\n"
 	@yamllint ${YAML_FILES}
 	@. ${SKIP_FILE}; printf "Running ansible-lint with SKIP_LIST: [%s]...\n" "$$ANSIBLE_LINT_SKIP_LIST"
-	@. ${SKIP_FILE}; ansible-lint -x $$ANSIBLE_LINT_SKIP_LIST ${YAML_FILES}
+	@. ${SKIP_FILE}; ansible-lint -x $$ANSIBLE_LINT_SKIP_LIST ansible/

ansible/deploy_home.yml

@@ -1,19 +1,17 @@
 ---
 - hosts: all
   vars_files:
-  - vars/vault.yml
+    - vars/vault.yml
   roles:
-  - role: common
-  - role: git
-  - role: ddns
-  - role: ssl
-  - role: pihole
-  - role: http
-  - role: drone
-  - role: hass
-  - role: nfs
-    tags: nfs
-  - role: motion
-    tags: motion
-  - role: partkeepr
-    tags: partkeepr
+    - role: common
+    - role: git
+    - role: ddns
+    - role: ssl
+    - role: pihole
+    - role: http
+    - role: drone
+    - role: hass
+    - role: motion
+      tags: motion
+    - role: partkeepr
+      tags: partkeepr

ansible/roles/common/handlers/main.yml

@@ -1,12 +1,12 @@
 ---
 - name: restart_sshd
   become: true
-  service:
+  ansible.builtin.service:
     name: sshd
     state: restarted
 
 - name: restart_fail2ban
   become: true
-  service:
+  ansible.builtin.service:
     name: fail2ban
     state: restarted

ansible/roles/common/tasks/deps.yml

@@ -1,7 +1,7 @@
 ---
 - name: install common dependencies
   become: true
-  pacman:
+  community.general.pacman:
     name: "{{ deps }}"
     state: present
   tags: deps

ansible/roles/common/tasks/security.yml

@@ -1,20 +1,20 @@
 ---
 - name: ensure sshd disallows passwords
   become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/ssh/sshd_config
     regexp: "{{ item.re }}"
     line: "{{ item.li }}"
   loop:
-    - {re: '^[# ]*PasswordAuthentication ', li: 'PasswordAuthentication no'}
-    - {re: '^[# ]*PermitEmptyPasswords ', li: 'PermitEmptyPasswords no'}
-    - {re: '^[# ]*PermitRootLogin ', li: 'PermitRootLogin no'}
+    - { re: "^[# ]*PasswordAuthentication ", li: "PasswordAuthentication no" }
+    - { re: "^[# ]*PermitEmptyPasswords ", li: "PermitEmptyPasswords no" }
+    - { re: "^[# ]*PermitRootLogin ", li: "PermitRootLogin no" }
   notify: restart_sshd
   tags: security
 
 - name: setup fail2ban jails
   become: true
-  copy:
+  ansible.builtin.copy:
     src: files/fail2ban/jails/{{ item }}
     dest: /etc/fail2ban/jail.d/{{ item }}
     mode: 0644
@@ -24,9 +24,9 @@
 
 - name: adjust fail2ban sshd filter
   become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/fail2ban/filter.d/sshd.conf
-    regexp: '^[#]*filter ='
-    line: 'filter = sshd[mode=extra]'
+    regexp: "^[#]*filter ="
+    line: "filter = sshd[mode=extra]"
   notify: restart_fail2ban
   tags: security

ansible/roles/common/tasks/service.yml

@@ -1,7 +1,7 @@
 ---
 - name: ensure desired services are started and enabled
   become: true
-  service:
+  ansible.builtin.service:
     name: "{{ item }}"
     state: started
     enabled: true

ansible/roles/drone/tasks/drone.yml

@@ -1,7 +1,7 @@
 ---
 - name: create drone-ci server container
   diff: false
-  docker_container:
+  community.general.docker_container:
     name: drone
     image: drone/drone:latest
     recreate: true
@@ -11,7 +11,7 @@
     env:
       DRONE_GITHUB_CLIENT_ID: "{{ drone_gh_client_id }}"
       DRONE_GITHUB_CLIENT_SECRET: "{{ drone_gh_client_sec }}"
-      DRONE_GIT_ALWAYS_AUTH: 'true'
+      DRONE_GIT_ALWAYS_AUTH: "true"
       DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
       DRONE_SERVER_HOST: "{{ ci_server_name }}"
       DRONE_SERVER_PROTO: "{{ drone_server_proto }}"
@@ -24,7 +24,7 @@
 
 - name: create drone-ci worker container
   diff: false
-  docker_container:
+  community.general.docker_container:
     name: drone-runner
     image: drone/drone-runner-docker:latest
     recreate: true

ansible/roles/git/handlers/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: start-gitdaemon
   become: true
-  systemd:
+  ansible.builtin.systemd:
     name: git-daemon.service
     state: started
     enabled: true

ansible/roles/git/tasks/systemd.yml

@@ -1,7 +1,7 @@
 ---
 - name: create the git daemon systemd service
   become: true
-  template:
+  ansible.builtin.template:
     src: "templates/{{ item }}.j2"
     dest: "/etc/systemd/system/{{ item }}"
     mode: 0644

ansible/roles/git/tasks/user.yml

@@ -1,7 +1,7 @@
 ---
 - name: create git user
   become: true
-  user:
+  ansible.builtin.user:
     name: "{{ git_user }}"
     comment: Git user for SSH remotes
     shell: /usr/bin/git-shell
@@ -12,7 +12,7 @@
 - name: create git's .ssh directory
   become: true
   become_user: git
-  file:
+  ansible.builtin.file:
     path: "{{ git_home }}/.ssh"
     state: directory
     mode: 0700
@@ -20,7 +20,7 @@
 
 - name: check git authorized_keys exists
   become: true
-  stat:
+  ansible.builtin.stat:
     path: "{{ git_home }}/.ssh/authorized_keys"
   register: git_authfile
   tags: git
@@ -28,7 +28,7 @@
 - name: touch git authorized_keys
   become: true
   become_user: git
-  file:
+  ansible.builtin.file:
     path: "{{ git_home }}/.ssh/authorized_keys"
     state: touch
     mode: 0600

ansible/roles/hass/tasks/hass.yml

@@ -1,7 +1,7 @@
 ---
 - name: create home-assistant host directory volumes
   become: true
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     mode: 0640
@@ -13,7 +13,7 @@
 
 - name: copy configuration and automations
   become: true
-  copy:
+  ansible.builtin.copy:
     src: "files/{{ item }}"
     dest: "/var/lib/private/hass/{{ item }}"
     mode: 0644
@@ -24,7 +24,7 @@
 
 - name: create home-assistant server container
   diff: false
-  docker_container:
+  community.general.docker_container:
     name: hass
     image: ghcr.io/home-assistant/home-assistant:stable
     recreate: true

ansible/roles/http/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: restart_nginx
   become: true
-  service:
+  ansible.builtin.service:
     name: nginx
     state: restarted

ansible/roles/http/tasks/http.yml

@@ -1,7 +1,7 @@
 ---
 - name: setup nginx base configuration
   become: true
-  copy:
+  ansible.builtin.copy:
     src: files/nginx/nginx.conf
     dest: /etc/nginx/nginx.conf
     mode: 0644
@@ -10,7 +10,7 @@
 
 - name: setup nginx directories
   become: true
-  file:
+  ansible.builtin.file:
     path: "/etc/nginx/{{ item }}"
     state: directory
     mode: 0755
@@ -19,13 +19,14 @@
     - sites-available
   tags: http
 
-- name: ensure http/s directories exist
+- name: ensure http and letsencrypt directories exist
   become: true
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     owner: http
     group: http
+    mode: 0644
   loop:
     - /srv/http
     - /srv/http/letsencrypt
@@ -33,16 +34,17 @@
 
 - name: chown http user home
   become: true
-  file:
+  ansible.builtin.file:
     path: /srv/http
     owner: http
     group: http
+    mode: 0644
     recurse: true
   tags: http
 
 - name: template nginx http sites-available
   become: true
-  template:
+  ansible.builtin.template:
     src: "templates/nginx/sites/{{ item }}.j2"
     dest: "/etc/nginx/sites-available/{{ item }}"
     mode: 0644
@@ -58,14 +60,14 @@
 
 - name: remove pihole from sites-enabled if there
   become: true
-  file:
+  ansible.builtin.file:
     path: "/etc/nginx/sites-enabled/pi.hole.conf"
     state: absent
   tags: http
 
 - name: enable desired nginx http sites
   become: true
-  file:
+  ansible.builtin.file:
     src: "/etc/nginx/sites-available/{{ item }}"
     dest: "/etc/nginx/sites-enabled/{{ item }}"
     state: link
@@ -81,5 +83,6 @@
 
 - name: validate nginx configurations
   become: true
-  shell: nginx -t
+  ansible.builtin.command: nginx -t
+  changed_when: false
   tags: http

ansible/roles/http/tasks/https.yml

@@ -1,7 +1,7 @@
 ---
 - name: template nginx https sites-available
   become: true
-  template:
+  ansible.builtin.template:
     src: "templates/nginx/sites/{{ item }}.j2"
     dest: "/etc/nginx/sites-available/{{ item }}"
     mode: 0644
@@ -13,7 +13,7 @@
 
 - name: enable desired nginx https sites
   become: true
-  file:
+  ansible.builtin.file:
     src: "/etc/nginx/sites-available/{{ item }}"
     dest: "/etc/nginx/sites-enabled/{{ item }}"
     state: link

ansible/roles/http/tasks/modsec.yml

@@ -1,7 +1,7 @@
 ---
 - name: create nginx/conf directory
   become: true
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     owner: root
@@ -14,7 +14,7 @@
 
 - name: create modsec_includes.conf
   become: true
-  copy:
+  ansible.builtin.copy:
     src: files/nginx/modsec_includes.conf
     dest: "{{ nginx_path }}/modsec_includes.conf"
     mode: 0644
@@ -23,7 +23,7 @@
 
 - name: clone coreruleset and modsecurity
   become: true
-  git:
+  ansible.builtin.git:
     repo: "{{ item.src }}"
     dest: "{{ item.dest }}"
     update: true
@@ -35,7 +35,7 @@
 
 - name: setup modsec and coreruleset configs
   become: true
-  copy:
+  ansible.builtin.copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: true
@@ -47,7 +47,7 @@
 
 - name: setup coreruleset rules
   become: true
-  copy:
+  ansible.builtin.copy:
     src: "{{ crs_rules_path }}/{{ item.name }}.conf"
     dest: "{{ modsec_rules_path }}/{{ item.name }}.conf"
     force: true
@@ -60,7 +60,7 @@
 
 - name: setup coreruleset data
   become: true
-  copy:
+  ansible.builtin.copy:
     src: "{{ crs_rules_path }}/{{ item }}.data"
     dest: "{{ modsec_rules_path }}/{{ item }}.data"
     force: true
@@ -72,7 +72,7 @@
 
 - name: whitelist local ip addresses
   become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "{{ modsec_crs_before_rule_conf }}"
     regexp: "{{ modsec_whitelist_local_re }}"
     line: "{{ modsec_whitelist_local }}"
@@ -82,9 +82,9 @@
 
 - name: activate mod-security
   become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/nginx/modsecurity.conf
-    regexp: '^SecRuleEngine'
-    line: 'SecRuleEngine On'
+    regexp: "^SecRuleEngine"
+    line: "SecRuleEngine On"
   notify: restart_nginx
   tags: modsec

ansible/roles/http/tasks/security.yml

@@ -1,7 +1,7 @@
 ---
 - name: touch nginx logs, enable jail
   become: true
-  file:
+  ansible.builtin.file:
     path: "/var/log/nginx/{{ item }}.log"
     state: touch
     mode: 0644

ansible/roles/motion/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: restart_motion
   become: true
-  service:
+  ansible.builtin.service:
     name: motion
     state: restarted

ansible/roles/motion/tasks/deps.yml

@@ -1,7 +1,7 @@
 ---
 - name: install shinobi dependencies
   become: true
-  pacman:
+  community.general.pacman:
     name: "{{ deps }}"
     state: present
   tags:

ansible/roles/motion/tasks/motion.yml

@@ -1,14 +1,14 @@
 ---
 - name: create shinobi user
   become: true
-  user:
+  ansible.builtin.user:
     name: "{{ motion_user }}"
     shell: /bin/nologin
   tags: motion
 
 - name: mount shinob videos folder
   become: true
-  file:
+  ansible.builtin.file:
     path: /mnt/shinobi
     state: directory
     owner: "{{ motion_user }}"
@@ -18,7 +18,7 @@
 
 - name: mount smb via cifs
   become: true
-  mount:
+  ansible.posix.mount:
     path: /mnt/shinobi
     src: "//{{ motion_hostname }}/share/GardenCamera"
     fstype: cifs
@@ -29,13 +29,13 @@
 
 - name: create shinobi data volume
   become: true
-  docker_volume:
+  community.general.docker_volume:
     name: shinobi_data
   tags: motion
 
 - name: create shinobi server container
   diff: false
-  docker_container:
+  community.general.docker_container:
     name: shinobi
     image: migoller/shinobidocker:latest
     recreate: true

ansible/roles/nfs/defaults/main.yml

@@ -1,10 +0,0 @@
----
-deps: [
-  nfs-utils,
-  samba
-]
-
-nfs_root: /srv/nfs
-
-nfs_user: nfs
-nfs_group: nfsshare

ansible/roles/nfs/files/exports

@@ -1 +0,0 @@
-/srv/nfs/       192.168.1.0/24(rw,sync,all_squash,anonuid=2021,anongid=2021,insecure,no_subtree_check)

ansible/roles/nfs/files/smb.conf

@@ -1,223 +0,0 @@
-# This is the main Samba configuration file. You should read the
-# smb.conf(5) manual page in order to understand the options listed
-# here. Samba has a huge number of configurable options (perhaps too
-# many!) most of which are not shown in this example
-#
-# For a step to step guide on installing, configuring and using samba,
-# read the Samba-HOWTO-Collection. This may be obtained from:
-#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
-#
-# Many working examples of smb.conf files can be found in the
-# Samba-Guide which is generated daily and can be downloaded from:
-#  http://www.samba.org/samba/docs/Samba-Guide.pdf
-#
-# Any line which starts with a ; (semi-colon) or a # (hash)
-# is a comment and is ignored. In this example we will use a #
-# for commentry and a ; for parts of the config file that you
-# may wish to enable
-#
-# NOTE: Whenever you modify this file you should run the command "testparm"
-# to check that you have not made any basic syntactic errors.
-#
-#======================= Global Settings =====================================
-[global]
-
-# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
-   workgroup = WORKGROUP
-
-# server string is the equivalent of the NT Description field
-   server string = NFS Storage
-
-# Server role. Defines in which mode Samba will operate. Possible
-# values are "standalone server", "member server", "classic primary
-# domain controller", "classic backup domain controller", "active
-# directory domain controller".
-#
-# Most people will want "standalone server" or "member server".
-# Running as "active directory domain controller" will require first
-# running "samba-tool domain provision" to wipe databases and create a
-# new domain.
-   server role = standalone server
-
-# This option is important for security. It allows you to restrict
-# connections to machines which are on your local network. The
-# following example restricts access to two C class networks and
-# the "loopback" interface. For more examples of the syntax see
-# the smb.conf man page
-;   hosts allow = 192.168.1. 192.168.2. 127.
-
-# Uncomment this if you want a guest account, you must add this to /etc/passwd
-# otherwise the user "nobody" is used
-  guest account = nfs
-
-# this tells Samba to use a separate log file for each machine
-# that connects
-   log file = /var/log/samba/%m.log
-
-# Put a capping on the size of the log files (in Kb).
-   max log size = 50
-
-# Specifies the Kerberos or Active Directory realm the host is part of
-;   realm = MY_REALM
-
-# Backend to store user information in. New installations should
-# use either tdbsam or ldapsam. smbpasswd is available for backwards
-# compatibility. tdbsam requires no further configuration.
-;   passdb backend = tdbsam
-
-# Using the following line enables you to customise your configuration
-# on a per machine basis. The %m gets replaced with the netbios name
-# of the machine that is connecting.
-# Note: Consider carefully the location in the configuration file of
-#       this line.  The included file is read at that point.
-;   include = /usr/local/samba/lib/smb.conf.%m
-
-# Configure Samba to use multiple interfaces
-# If you have multiple network interfaces then you must list them
-# here. See the man page for details.
-   interfaces = 192.168.1.0/24
-
-# Where to store roving profiles (only for Win95 and WinNT)
-#        %L substitutes for this servers netbios name, %U is username
-#        You must uncomment the [Profiles] share below
-;   logon path = \\%L\Profiles\%U
-
-# Windows Internet Name Serving Support Section:
-# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
-;   wins support = yes
-
-# WINS Server - Tells the NMBD components of Samba to be a WINS Client
-#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
-;   wins server = w.x.y.z
-
-# WINS Proxy - Tells Samba to answer name resolution queries on
-# behalf of a non WINS capable client, for this to work there must be
-# at least one	WINS Server on the network. The default is NO.
-;   wins proxy = yes
-
-# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
-# via DNS nslookups. The default is NO.
-   dns proxy = no
-
-# These scripts are used on a domain controller or stand-alone
-# machine to add or delete corresponding unix accounts
-;  add user script = /usr/sbin/useradd %u
-;  add group script = /usr/sbin/groupadd %g
-;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
-;  delete user script = /usr/sbin/userdel %u
-;  delete user from group script = /usr/sbin/deluser %u %g
-;  delete group script = /usr/sbin/groupdel %g
-
-
-#============================ Share Definitions ==============================
-[homes]
-   comment = Home Directories
-   browseable = no
-   writable = no
-
-# Un-comment the following and create the netlogon directory for Domain Logons
-; [netlogon]
-;   comment = Network Logon Service
-;   path = /usr/local/samba/lib/netlogon
-;   guest ok = yes
-;   writable = no
-;   share modes = no
-
-
-# Un-comment the following to provide a specific roving profile share
-# the default is to use the user's home directory
-;[Profiles]
-;    path = /usr/local/samba/profiles
-;    browseable = no
-;    guest ok = yes
-
-
-# NOTE: If you have a BSD-style print system there is no need to
-# specifically define each individual printer
-;[printers]
-;   comment = All Printers
-;   path = /usr/spool/samba
-;   browseable = no
-;# Set public = yes to allow user 'guest account' to print
-;   guest ok = no
-;   writable = no
-;   printable = no
-
-# This one is useful for people to share files
-;[tmp]
-;   comment = Temporary file space
-;   path = /tmp
-;   read only = no
-;   public = yes
-
-# A publicly accessible directory, but read only, except for people in
-# the "staff" group
-;[public]
-;   comment = NFS Store
-;   path = /srv/nfs
-;   public = yes
-;   writable = yes
-;   printable = no
-;   write list = @staff
-
-# Other examples.
-#
-# A private printer, usable only by fred. Spool data will be placed in fred's
-# home directory. Note that fred must have write access to the spool directory,
-# wherever it is.
-;[fredsprn]
-;   comment = Fred's Printer
-;   valid users = fred
-;   path = /homes/fred
-;   printer = freds_printer
-;   public = no
-;   writable = no
-;   printable = yes
-
-# A private directory, usable only by fred. Note that fred requires write
-# access to the directory.
-;[fredsdir]
-;   comment = Fred's Service
-;   path = /usr/somewhere/private
-;   valid users = fred
-;   public = no
-;   writable = yes
-;   printable = no
-
-# a service which has a different directory for each machine that connects
-# this allows you to tailor configurations to incoming machines. You could
-# also use the %U option to tailor it by user name.
-# The %m gets replaced with the machine name that is connecting.
-;[pchome]
-;  comment = PC Directories
-;  path = /usr/pc/%m
-;  public = no
-;  writable = yes
-
-# A publicly accessible directory, read/write to all users. Note that all files
-# created in the directory by users will be owned by the default user, so
-# any user with access can delete any other user's files. Obviously this
-# directory must be writable by the default user. Another user could of course
-# be specified, in which case all files would be owned by that user instead.
-[public]
-   path = /srv/nfs
-   public = yes
-   only guest = yes
-   writable = yes
-   printable = no
-
-# The following two entries demonstrate how to share a directory so that two
-# users can place files there that will be owned by the specific users. In this
-# setup, the directory should be writable by both users and should have the
-# sticky bit set on it to prevent abuse. Obviously this could be extended to
-# as many users as required.
-;[myshare]
-;   comment = Mary's and Fred's stuff
-;   path = /usr/somewhere/shared
-;   valid users = mary fred
-;   public = no
-;   writable = yes
-;   printable = no
-;   create mask = 0765
-
-

ansible/roles/nfs/handlers/main.yml

@@ -1,11 +0,0 @@
----
-- name: restart_nfs
-  become: true
-  service:
-    name: nfs-server.service
-    state: restarted
-    enabled: true
-
-- name: reload_exports
-  become: true
-  command: exportfs -arv

ansible/roles/nfs/tasks/deps.yml

@@ -1,7 +0,0 @@
----
-- name: install nfs dependencies
-  become: true
-  pacman:
-    name: "{{ deps }}"
-    state: present
-  tags: deps

ansible/roles/nfs/tasks/main.yml

@@ -1,5 +0,0 @@
----
-- import_tasks: deps.yml
-- import_tasks: user.yml
-- import_tasks: nfs.yml
-- import_tasks: samba.yml

ansible/roles/nfs/tasks/nfs.yml

@@ -1,32 +0,0 @@
----
-- name: create nfs folder/ensure ownership
-  become: true
-  file:
-    path: "{{ nfs_root }}"
-    state: directory
-    owner: "{{ nfs_user }}"
-    group: "{{ nfs_group }}"
-    mode: 0777
-    recurse: true
-
-- name: enable and start nfs server
-  become: true
-  service:
-    name: nfs-server.service
-    state: started
-    enabled: true
-
-- name: enable and start nfs idmap service
-  become: true
-  service:
-    name: nfs-idmapd.service
-    state: started
-    enabled: true
-
-- name: create exports
-  become: true
-  copy:
-    src: files/exports
-    dest: /etc/exports
-    mode: 0644
-  notify: reload_exports

ansible/roles/nfs/tasks/samba.yml

@@ -1,21 +0,0 @@
----
-- name: copy samba smb.conf
-  become: true
-  copy:
-    src: files/smb.conf
-    dest: /etc/samba/smb.conf
-    mode: 0644
-
-- name: start and enable samba service
-  become: true
-  service:
-    name: smb.service
-    state: started
-    enabled: true
-
-- name: start and enabme samba name service
-  become: true
-  service:
-    name: nmb.service
-    state: started
-    enabled: true

ansible/roles/nfs/tasks/user.yml

@@ -1,17 +0,0 @@
----
-- name: create nfs group
-  become: true
-  group:
-    name: "{{ nfs_group }}"
-    gid: 2021
-    state: present
-
-- name: create nfs user
-  become: true
-  user:
-    name: "{{ nfs_user }}"
-    group: "{{ nfs_group }}"
-    uid: 2021
-    create_home: false
-    home: "{{ nfs_root }}"
-    shell: /bin/sh

ansible/roles/partkeepr/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: create required partkeepr volumes
-  docker_volume:
+  community.general.docker_volume:
     name: "{{ item }}"
   with_items:
     - partkeepr-web-vol
@@ -9,12 +9,12 @@
     - partkeepr-db-vol
 
 - name: create partkeepr network
-  docker_network:
+  community.general.docker_network:
     name: "partkeepr"
 
 - name: create partkeepr-db container
   diff: false
-  docker_container:
+  community.general.docker_container:
     name: partkeepr-db
     image: mariadb:10.0
     recreate: false
@@ -24,7 +24,7 @@
     networks:
       - name: "partkeepr"
     env:
-      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
       MYSQL_DATABASE: partkeepr
       MYSQL_USER: partkeepr
       MYSQL_PASSWORD: partkeepr
@@ -33,7 +33,7 @@
 
 - name: create partkeepr container
   diff: false
-  docker_container:
+  community.general.docker_container:
     name: partkeepr
     image: mhubig/partkeepr:latest
     recreate: false
@@ -49,7 +49,7 @@
 
 - name: create partkeepr-cron container
   diff: false
-  docker_container:
+  community.general.docker_container:
     name: partkeepr-cron
     image: mhubig/partkeepr:latest
     entrypoint: []
@@ -65,7 +65,7 @@
 
 - name: create partkeepr container
   diff: false
-  docker_container:
+  community.general.docker_container:
     name: partkeepr
     image: mhubig/partkeepr:latest
     recreate: false

ansible/roles/pihole/tasks/deps.yml

@@ -1,11 +1,11 @@
 ---
 - name: install pi-hole-server
-  command: yay -S --noconfirm pi-hole-server
+  ansible.builtin.command: yay -S --noconfirm pi-hole-server
   args:
     creates: /bin/pihole
 
 - name: install pi-hole-server dependencies
   become: true
-  pacman:
+  community.general.pacman:
     name: "{{ deps }}"
     state: present

ansible/roles/pihole/tasks/php.yml

@@ -1,7 +1,7 @@
 ---
 - name: replace pi.hole hostname
   become: true
-  replace:
+  ansible.builtin.replace:
     path: "{{ item }}"
     regexp: "pi\\.hole"
     replace: "pi.bdebyl.net"

ansible/roles/ssl/tasks/certbot.yml

@@ -1,14 +1,14 @@
 ---
 - name: stat dhparam
   become: true
-  stat:
+  ansible.builtin.stat:
     path: /etc/ssl/certs/dhparam.pem
   register: dhparam
   tags: ssl
 
 - name: generate openssl dhparam for nginx
   become: true
-  command: |
+  ansible.builtin.command: |
     openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
   when: not dhparam.stat.exists
   args:
@@ -17,7 +17,7 @@
 
 - name: create ssl certificate for ci server
   become: true
-  command: |
+  ansible.builtin.command: |
     certbot certonly --webroot --webroot-path=/srv/http/letsencrypt \
     -m {{ ssl_email }} --agree-tos \
     -d {{ item }}

ansible/roles/ssl/tasks/cron.yml

@@ -1,7 +1,7 @@
 ---
 - name: renew certbot ssl certificates weekly
   become: true
-  cron:
+  ansible.builtin.cron:
     name: certbot_renew
     special_time: weekly
     job: >-