roles: strict truthy values
According to Ansible we can use yes, true, True, "or any quoted st- ring" for a boolean true, but ansible-lint wants us to use either true or false. See: https://chronicler.tech/red-hat-ansible-yes-no-and/
This commit is contained in:
@ -20,6 +20,6 @@
|
||||
- restart fail2ban
|
||||
|
||||
- name: Start and enable fail2ban service
|
||||
ansible.builtin.systemd: name=fail2ban state=started enabled=yes
|
||||
ansible.builtin.systemd: name=fail2ban state=started enabled=true
|
||||
|
||||
# vim: set sw=2 ts=2:
|
||||
|
||||
@ -131,27 +131,27 @@
|
||||
|
||||
# need to reload to pick up service/timer/environment changes
|
||||
- name: Reload systemd daemon
|
||||
ansible.builtin.systemd: daemon_reload=yes
|
||||
ansible.builtin.systemd: daemon_reload=true
|
||||
when: spamhaus_firewalld_systemd_units is changed or
|
||||
nftables_systemd_units is changed
|
||||
|
||||
- name: Start and enable Spamhaus firewalld update timer
|
||||
when: ansible_distribution_version is version('10', '<=')
|
||||
ansible.builtin.systemd: name=update-spamhaus-lists.timer state=started enabled=yes
|
||||
ansible.builtin.systemd: name=update-spamhaus-lists.timer state=started enabled=true
|
||||
notify:
|
||||
- restart firewalld
|
||||
- restart fail2ban
|
||||
|
||||
- name: Start and enable nftables update timers
|
||||
when: ansible_distribution_version is version('11', '>=')
|
||||
ansible.builtin.systemd: name={{ item }} state=started enabled=yes
|
||||
ansible.builtin.systemd: name={{ item }} state=started enabled=true
|
||||
loop:
|
||||
- update-spamhaus-nftables.timer
|
||||
- update-abusech-nftables.timer
|
||||
|
||||
- name: Start and enable nftables
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
ansible.builtin.systemd: name=nftables state=started enabled=yes
|
||||
ansible.builtin.systemd: name=nftables state=started enabled=true
|
||||
|
||||
- ansible.builtin.include_tasks: fail2ban.yml
|
||||
when: ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
@ -109,27 +109,27 @@
|
||||
|
||||
# need to reload to pick up service/timer/environment changes
|
||||
- name: Reload systemd daemon
|
||||
ansible.builtin.systemd: daemon_reload=yes
|
||||
ansible.builtin.systemd: daemon_reload=true
|
||||
when: spamhaus_firewalld_systemd_units is changed or
|
||||
nftables_systemd_units is changed
|
||||
|
||||
- name: Start and enable Spamhaus firewalld update timer
|
||||
when: ansible_distribution_version is version('18.04', '<=')
|
||||
ansible.builtin.systemd: name=update-spamhaus-lists.timer state=started enabled=yes
|
||||
ansible.builtin.systemd: name=update-spamhaus-lists.timer state=started enabled=true
|
||||
notify:
|
||||
- restart firewalld
|
||||
- restart fail2ban
|
||||
|
||||
- name: Start and enable nftables update timers
|
||||
when: ansible_distribution_version is version('20.04', '>=')
|
||||
ansible.builtin.systemd: name={{ item }} state=started enabled=yes
|
||||
ansible.builtin.systemd: name={{ item }} state=started enabled=true
|
||||
loop:
|
||||
- update-spamhaus-nftables.timer
|
||||
- update-abusech-nftables.timer
|
||||
|
||||
- name: Start and enable nftables
|
||||
when: ansible_distribution_version is version('20.04', '>=')
|
||||
ansible.builtin.systemd: name=nftables state=started enabled=yes
|
||||
ansible.builtin.systemd: name=nftables state=started enabled=true
|
||||
|
||||
- ansible.builtin.include_tasks: fail2ban.yml
|
||||
when: ansible_distribution_version is version('16.04', '>=')
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
|
||||
- name: Start and enable systemd's NTP client
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
ansible.builtin.systemd: name=systemd-timesyncd state=started enabled=yes
|
||||
ansible.builtin.systemd: name=systemd-timesyncd state=started enabled=true
|
||||
|
||||
- name: Uninstall ntp on modern Ubuntu/Debian
|
||||
ansible.builtin.apt: name=ntp state=absent
|
||||
|
||||
@ -38,17 +38,17 @@
|
||||
- name: Remove lxd snap
|
||||
community.general.snap: name=lxd state=absent
|
||||
when: ansible_distribution_version is version('20.04', '==')
|
||||
ignore_errors: yes
|
||||
ignore_errors: true
|
||||
|
||||
- name: Remove core18 snap
|
||||
community.general.snap: name=core18 state=absent
|
||||
when: ansible_distribution_version is version('20.04', '==')
|
||||
ignore_errors: yes
|
||||
ignore_errors: true
|
||||
|
||||
- name: Remove snapd snap
|
||||
community.general.snap: name=snapd state=absent
|
||||
when: ansible_distribution_version is version('20.04', '==')
|
||||
ignore_errors: yes
|
||||
ignore_errors: true
|
||||
|
||||
- name: Set fact for packages to remove (Ubuntu <= 18.04)
|
||||
ansible.builtin.set_fact:
|
||||
@ -79,7 +79,7 @@
|
||||
when: ansible_distribution_version is version('20.04', '==')
|
||||
|
||||
- name: Remove packages
|
||||
ansible.builtin.apt: name={{ ubuntu_annoying_packages }} state=absent purge=yes
|
||||
ansible.builtin.apt: name={{ ubuntu_annoying_packages }} state=absent purge=true
|
||||
|
||||
- name: Disable annoying Canonical spam in MOTD
|
||||
ansible.builtin.file: path={{ item }} mode=0644 state=absent
|
||||
@ -89,7 +89,7 @@
|
||||
- /etc/update-motd.d/50-motd-news # Ubuntu 18.04+
|
||||
- /etc/update-motd.d/80-esm # Ubuntu 18.04+
|
||||
- /etc/update-motd.d/80-livepatch # Ubuntu 18.04+
|
||||
ignore_errors: yes
|
||||
ignore_errors: true
|
||||
|
||||
- name: Disable annoying Canonical spam in MOTD
|
||||
ansible.builtin.systemd: name={{ item }} state=stopped enabled=no
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
update_cache: true
|
||||
when:
|
||||
add_tarsnap_apt_key is changed or
|
||||
add_tarsnap_apt_repository is changed
|
||||
|
||||
Reference in New Issue
Block a user