Make ansible-lint happy

yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.

.ansible-lint

@@ -1,8 +1,12 @@
 exclude_paths:
   - misc
+  # FIXME: parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
+  - playbooks/tasks
 skip_list:
   # line too long (x > 80 characters) (line-length)
   - 'line-length'
+  # yaml: too many spaces inside braces (braces)
+  - 'braces'
   # Do not recommend running tasks as handlers
   - 'no-handler'
   # Do not force galaxy info in meta/main.yml

.gitlab-ci.yml

@@ -11,7 +11,8 @@ ansible-lint:
     # Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
     - sed "s/,hcloud_inventory.py//" -i ansible.cfg
     - sed "/^vault_password_file/d" -i ansible.cfg
-    - ansible-lint
+    # Fix load-failure: Failed to load or parse file
+    - ansible-lint $(printf -- "--exclude %s " */*/vault_*)
 
 terraform-validate:
   script:

playbooks/aur-dev.archlinux.org.yml

@@ -10,7 +10,7 @@
     - { role: root_ssh }
     - { role: certbot }
     - { role: nginx }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: sudo }
     - { role: php_fpm, php_extensions: ['iconv', 'memcached', 'mysqli', 'pdo_mysql'], zend_extensions: ['opcache'] }
     - { role: memcached }

playbooks/aur.archlinux.org.yml

@@ -11,7 +11,7 @@
     - { role: prometheus_exporters }
     - { role: certbot }
     - { role: nginx }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True, mariadb_innodb_buffer_pool_size: '1G' }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true, mariadb_innodb_buffer_pool_size: '1G' }
     - { role: sudo }
     - { role: php_fpm, php_extensions: ['iconv', 'memcached', 'mysqli', 'pdo_mysql'], zend_extensions: ['opcache'] }
     - { role: memcached }

playbooks/bbs.archlinux.org.yml

@@ -10,7 +10,7 @@
     - { role: root_ssh }
     - { role: certbot }
     - { role: nginx }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: sudo }
     - { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
     - { role: fluxbb }

playbooks/bugs.archlinux.org.yml

@@ -10,7 +10,7 @@
     - { role: root_ssh }
     - { role: certbot }
     - { role: nginx }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: sudo }
     - { role: php7_fpm, php_extensions: ['mysqli'], zend_extensions: ['opcache'] }
     - { role: flyspray }

playbooks/gitlab.archlinux.org.yml

@@ -13,8 +13,7 @@
         gitlab_domain: "gitlab.archlinux.org",
         gitlab_primary_addresses: ['159.69.41.129', '[2a01:4f8:c2c:5d2d::1]', '127.0.0.1', '[::1]'],
         gitlab_pages_http_addresses: ['116.203.6.156:80', '[2a01:4f8:c2c:5d2d::2]:80'],
-        gitlab_pages_https_addresses: ['116.203.6.156:443', '[2a01:4f8:c2c:5d2d::2]:443']
+        gitlab_pages_https_addresses: ['116.203.6.156:443', '[2a01:4f8:c2c:5d2d::2]:443']}
-      }
     - { role: borg_client, tags: ["borg"] }
     - { role: prometheus_exporters }
     - { role: fail2ban }

playbooks/hetzner_storagebox.yml

@@ -2,6 +2,6 @@
 
 - name: setup Hetzner storagebox account
   hosts: u236610.your-storagebox.de
-  gather_facts: False
+  gather_facts: false
   roles:
     - { role: hetzner_storagebox, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }

playbooks/luna.yml

@@ -27,7 +27,7 @@
   roles:
     - nginx
     - rspamd
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: prometheus_exporters }
 # luna is hosting mailman lists; this postfix role does not cater to this yet
 # TODO: make postfix role handle mailman config?

playbooks/rsync.net.yml

@@ -2,6 +2,6 @@
 
 - name: setup rsync.net account
   hosts: prio.ch-s012.rsync.net
-  gather_facts: False
+  gather_facts: false
   roles:
     - { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }

playbooks/tasks/pacman-website.yml

@@ -30,4 +30,3 @@
       - name: upload website
         unarchive: src={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc/website.tar.gz dest={{ archweb_dir }}/archlinux.org/pacman mode=0644
         delegate_to: archlinux.org
-

playbooks/wiki.archlinux.org.yml

@@ -12,7 +12,7 @@
     - { role: certbot }
     - { role: nginx }
     - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
-    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
+    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
     - { role: sudo }
     - { role: php_fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'sockets', 'zip'], zend_extensions: ['opcache'] }
     - { role: memcached }

roles/arch32_mirror/tasks/main.yml

@@ -22,9 +22,9 @@
 - name: start and enable syncrepo unit
   systemd:
     name: syncrepo_arch32.timer
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: make nginx log dir
   file: path=/var/log/nginx/{{ arch32_mirror_domain }} state=directory owner=root group=root mode=0755

roles/archbuild/handlers/main.yml

@@ -2,4 +2,4 @@
 
 - name: daemon reload
   systemd:
-    daemon-reload: yes
+    daemon-reload: true

roles/archive/tasks/main.yml

@@ -32,12 +32,12 @@
 
 - name: configure archive.org client
   command: ia configure --username={{ vault_archive_username }} --password={{ vault_archive_password }} creates={{ archive_user_home }}/.config/ia.ini
-  become: yes
+  become: true
   become_user: "{{ archive_user_name }}"
 
 - name: clone archive uploader code
   git: repo=https://github.com/archlinux/arch-historical-archive.git dest="{{ archive_repo }}" version="{{ archive_uploader_version }}"
-  become: yes
+  become: true
   become_user: "{{ archive_user_name }}"
 
 - name: install system service
@@ -49,6 +49,6 @@
 - name: start uploader timer
   systemd:
     name: archive-uploader.timer
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true

roles/archweb/handlers/main.yml

@@ -2,7 +2,7 @@
 
 - name: daemon reload
   systemd:
-    daemon-reload: yes
+    daemon-reload: true
 
 - name: restart archweb memcached
   service: name=archweb-memcached state=restarted

roles/archweb/tasks/main.yml

@@ -216,9 +216,9 @@
 - name: start and enable archweb memcached service and archweb-rsync_iso timer
   systemd:
     name: "{{ item }}"
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
   with_items:
     - archweb-memcached.service
     - archweb-rsync_iso.timer

roles/archwiki/tasks/main.yml

@@ -105,9 +105,9 @@
 - name: start and enable archwiki timers and services
   systemd:
     name: "{{ item }}"
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
   with_items:
     - archwiki-runjobs.timer
     - archwiki-prune-cache.timer
@@ -118,7 +118,7 @@
   systemd:
     name: archwiki-question-updater.service
     state: started
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: ensure question answer file exists and set permissions
   file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644

roles/aurweb/handlers/main.yml

@@ -2,7 +2,7 @@
 
 - name: daemon reload
   systemd:
-    daemon-reload: yes
+    daemon-reload: true
 
 - name: restart php-fpm@{{ aurweb_user }}
   service: name=php-fpm@{{ aurweb_user }} state=restarted

roles/aurweb/tasks/main.yml

@@ -104,7 +104,7 @@
 
 - name: Check python module availability
   command: "python3 -c 'import aurweb'"
-  ignore_errors: yes
+  ignore_errors: true
   register: aurweb_installed
   tags:
     - skip_ansible_lint

roles/borg_client/tasks/main.yml

@@ -7,7 +7,7 @@
   environment:
     BORG_RELOCATED_REPO_ACCESS_IS_OK: "yes"
   register: borg_list
-  ignore_errors: True
+  ignore_errors: true
   loop: "{{ backup_hosts }}"
   changed_when: borg_list.stdout | length > 0
 
@@ -16,7 +16,7 @@
   when: borg_list is failed
   environment:
     BORG_PASSPHRASE: ""
-  ignore_errors: True # This can sometimes fail if a backup is in progress :/
+  ignore_errors: true  # This can sometimes fail if a backup is in progress :/
   loop: "{{ backup_hosts }}"
 
 - name: install convenience scripts
@@ -34,7 +34,7 @@
 - name: check whether postgres user exists
   command: getent passwd postgres
   register: check_postgres_user
-  ignore_errors: True
+  ignore_errors: true
   changed_when: check_postgres_user.stdout | length > 0
 
 - name: make postgres backup directory

roles/borg_server/tasks/main.yml

@@ -36,6 +36,6 @@
   authorized_key:
     user: borg
     key: "{{ item.stdout }}"
-    manage_dir: yes
+    manage_dir: true
     key_options: "command=\"/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"
   with_items: "{{ ssh_keys.results }}"

roles/certbot/tasks/main.yml

@@ -18,9 +18,9 @@
 - name: activate letsencrypt renewal service
   systemd:
     name: certbot-renewal.timer
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: open firewall holes for certbot standalone authenticator
   ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes

roles/common/handlers/main.yml

@@ -4,17 +4,17 @@
   systemd:
     name: systemd-networkd
     state: restarted
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: restart journald
   systemd:
     name: systemd-journald
     state: restarted
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: systemd daemon-reload
   systemd:
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: restart syslog-ng
   service: name=syslog-ng@default state=restarted

roles/common/tasks/main.yml

@@ -91,7 +91,7 @@
   sysctl:
     name: net.ipv4.tcp_rmem
     value: "{{ tcp_rmem }}"
-    sysctl_set: yes
+    sysctl_set: true
     sysctl_file: /etc/sysctl.d/net.conf
   when: tcp_rmem is defined
 
@@ -99,7 +99,7 @@
   sysctl:
     name: net.ipv4.tcp_wmem
     value: "{{ tcp_wmem }}"
-    sysctl_set: yes
+    sysctl_set: true
     sysctl_file: /etc/sysctl.d/net.conf
   when: tcp_wmem is defined
 

roles/dbscripts/defaults/main.yml

@@ -1,4 +1,4 @@
 ---
 dbscripts_commit: HEAD
-dbscripts_update: yes
+dbscripts_update: true
 dbscripts_pgp_emails: ['eschwartz@archlinux.org']

roles/dbscripts/tasks/main.yml

@@ -218,7 +218,7 @@
 
 - name: configure svntogit git user name
   command: git config --global user.name = 'svntogit'
-  become: yes
+  become: true
   become_user: svntogit
   register: git_config_username
   changed_when: "git_config_username.rc == 0"
@@ -227,7 +227,7 @@
 
 - name: configure svntogit git user email
   command: git config --global user.name = 'svntogit@repos.archlinux.org'
-  become: yes
+  become: true
   become_user: svntogit
   register: git_config_email
   changed_when: "git_config_email.rc == 0"
@@ -245,7 +245,7 @@
   with_items:
     - community
     - packages
-  become: yes
+  become: true
   become_user: svntogit
   tags:
     - skip_ansible_lint
@@ -255,9 +255,9 @@
   with_items:
     - community
     - packages
-  become: yes
+  become: true
   become_user: svntogit
-  ignore_errors: yes
+  ignore_errors: true
   register: git_public_remote
   changed_when: "git_public_remote.rc == 0"
   tags:
@@ -269,7 +269,7 @@
   with_items:
     - community
     - packages
-  become: yes
+  become: true
   become_user: svntogit
   register: git_pull_upstream
   changed_when: "git_pull_upstream.rc == 0"
@@ -281,7 +281,7 @@
   with_items:
     - community
     - packages
-  become: yes
+  become: true
   become_user: svntogit
   register: git_push_master
   changed_when: "git_push_master.rc == 0"

roles/dovecot/tasks/main.yml

@@ -52,7 +52,7 @@
   systemd:
     name: "{{ item }}"
     state: started
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true
   with_items:
     - dovecot-cleanup.timer

roles/fail2ban/tasks/main.yml

@@ -80,6 +80,6 @@
 - name: start and enable service
   systemd:
     name: "fail2ban.service"
-    enabled: yes
+    enabled: true
     state: started
-    daemon-reload: yes
+    daemon-reload: true

roles/firewalld/tasks/main.yml

@@ -20,5 +20,5 @@
   ansible.posix.firewalld:
     service: dhcpv6-client
     state: disabled
-    immediate: yes
+    immediate: true
   when: configure_firewall

roles/fluxbb/tasks/main.yml

@@ -12,7 +12,7 @@
 
 - name: fix home permissions
   file: state=directory owner=fluxbb group=fluxbb mode=0750 recurse=yes path="{{ fluxbb_dir }}"
-  changed_when: False
+  changed_when: false
 
 - name: create uploads directory
   file: state=directory owner=fluxbb group=fluxbb mode=0755 path="{{ fluxbb_dir }}/uploads"

roles/flyspray/tasks/main.yml

@@ -31,7 +31,7 @@
 
 - name: create setup dir with write permissions
   file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=755
-  when: not user_created.changed
+  when: falset user_created.changed
 
 - name: clone flyspray repo
   git:

roles/gitlab/tasks/main.yml

@@ -17,7 +17,7 @@
     hostname: "{{ gitlab_domain }}"
     container_default_behavior: compatibility
     network_mode: host
-    pull: yes
+    pull: true
     restart_policy: always
     env:
       # See https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template

roles/gitlab_runner/tasks/main.yml

@@ -20,7 +20,7 @@
     zone: public
     permanent: true
     state: enabled
-    immediate: yes
+    immediate: true
     rich_rule: rule family="ipv6" destination not address="fd00::1/80" source address="fd00::/80" masquerade
   when: configure_firewall
   tags:

roles/hedgedoc/tasks/main.yml

@@ -5,13 +5,13 @@
 
 - name: add hedgedoc postgres db
   postgresql_db: db=hedgedoc
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 
 - name: add hedgedoc postgres user
   postgresql_user: db=hedgedoc name=hedgedoc password={{ vault_postgres_users.hedgedoc }} encrypted=true
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 

roles/install_arch/tasks/main.yml

@@ -51,11 +51,11 @@
   unarchive:
     src: /tmp/archlinux-bootstrap-{{ bootstrap_version }}-x86_64.tar.gz
     dest: /tmp
-    remote_src: yes
+    remote_src: true
     creates: /tmp/root.x86_64
 
 - name: copy resolv.conf to bootstrap chroot
-  copy: remote_src=True src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf owner=root group=root mode=0644
+  copy: remote_src=true src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf owner=root group=root mode=0644
 
 - name: mount /proc to bootstrap chroot
   command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime  # noqa 303
@@ -124,11 +124,11 @@
 
 - name: configure network (static)
   template: src=10-static-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
-  when: not dhcp|default(False)
+  when: not dhcp|default(false)
 
 - name: configure network (dhcp)
   template: src=10-dhcp-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
-  when: dhcp|default(False)
+  when: dhcp|default(false)
 
 - name: install hcloud-init
   copy: src=hcloud-init dest=/mnt/usr/local/bin/hcloud-init owner=root group=root mode=0755

roles/keycloak/tasks/main.yml

@@ -28,7 +28,7 @@
       password: "{{ vault_keycloak_admin_password }}"
       grant_type: password
       client_id: admin-cli
-  ignore_errors: True
+  ignore_errors: true
   register: token
 
 - name: create an admin user
@@ -49,14 +49,14 @@
 
 - name: create postgres keycloak user
   postgresql_user: name="{{ keycloak_db_user }}" password="{{ keycloak_db_password }}"
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
-  no_log: True
+  no_log: true
 
 - name: create keycloak db
   postgresql_db: name=keycloak owner="{{ keycloak_db_user }}"
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 

roles/mailman/tasks/main.yml

@@ -12,4 +12,3 @@
   when: archweb_site
   tags:
     - nginx
-

roles/mariadb/defaults/main.yml

@@ -1,5 +1,5 @@
-mariadb_skip_name_resolve: False
+mariadb_skip_name_resolve: false
-mariadb_skip_networking: False
+mariadb_skip_networking: false
 
 mariadb_key_buffer_size: '16M'
 mariadb_max_allowed_packet: '16M'
@@ -22,7 +22,7 @@ mariadb_innodb_log_buffer_size: '16M'
 mariadb_innodb_flush_log_at_trx_commit: '1'
 mariadb_innodb_stats_sample_pages: '32'
 mariadb_innodb_thread_concurrency: '8'
-mariadb_innodb_file_per_table: False
+mariadb_innodb_file_per_table: false
 
 mysql_backup_dir: '/root/backup-mysql'
 mysql_backup_defaults: '/root/.backup-my.cnf'

roles/matrix/handlers/main.yml

@@ -4,33 +4,33 @@
   systemd:
     name: synapse
     state: restarted
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: restart pantalaimon
   systemd:
     name: pantalaimon
     state: restarted
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: restart mjolnir
   systemd:
     name: mjolnir
     state: restarted
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: restart matrix-appservice-irc
   systemd:
     name: matrix-appservice-irc
     state: restarted
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true
 
 - name: restart turnserver
   systemd:
     name: turnserver
     state: restarted
-    enabled: yes
+    enabled: true
-    daemon_reload: yes
+    daemon_reload: true

roles/matrix/tasks/main.yml

@@ -68,7 +68,7 @@
     state: latest
     extra_args: '--upgrade-strategy=eager'
     virtualenv: '{{ item }}'
-  become: yes
+  become: true
   become_user: synapse
   become_method: sudo
   with_items:
@@ -82,7 +82,7 @@
     state: latest
     extra_args: '--upgrade-strategy=eager'
     virtualenv: /var/lib/synapse/venv
-  become: yes
+  become: true
   become_user: synapse
   become_method: sudo
   register: synapse_pip
@@ -96,7 +96,7 @@
     state: latest
     extra_args: '--upgrade-strategy=eager'
     virtualenv: /var/lib/synapse/venv-pantalaimon
-  become: yes
+  become: true
   become_user: synapse
   become_method: sudo
   notify:
@@ -107,7 +107,7 @@
     repo: https://github.com/matrix-org/mjolnir
     dest: /var/lib/synapse/mjolnir
     version: v0.1.17
-  become: yes
+  become: true
   become_user: synapse
   become_method: sudo
   register: mjolnir_git
@@ -117,7 +117,7 @@
 - name: install mjolnir
   community.general.yarn:
     path: /var/lib/synapse/mjolnir
-  become: yes
+  become: true
   become_user: synapse
   become_method: sudo
   when: mjolnir_git.changed
@@ -137,7 +137,7 @@
       - /var/lib/synapse/mjolnir/synapse_antispam
     state: latest
     virtualenv: /var/lib/synapse/venv
-  become: yes
+  become: true
   become_user: synapse
   become_method: sudo
   when: synapse_pip.changed or mjolnir_git.changed
@@ -149,7 +149,7 @@
     repo: https://github.com/matrix-org/matrix-appservice-irc
     dest: /var/lib/synapse/matrix-appservice-irc
     version: 0.23.0
-  become: yes
+  become: true
   become_user: synapse
   become_method: sudo
   register: irc_git
@@ -159,7 +159,7 @@
 - name: install matrix-appservice-irc
   npm:
     path: /var/lib/synapse/matrix-appservice-irc
-  become: yes
+  become: true
   become_user: synapse
   become_method: sudo
   when: irc_git.changed
@@ -171,19 +171,19 @@
 
 - name: add synapse postgres db
   postgresql_db: db=synapse
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 
 - name: add synapse postgres user
   postgresql_user: db=synapse user=synapse password={{ vault_postgres_users.synapse }}
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 
 - name: add irc postgres db
   postgresql_db: db=irc
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 

roles/patchwork/defaults/main.yml

@@ -3,7 +3,7 @@ patchwork_dir: '/srv/http/patchwork'
 patchwork_domain: 'patchwork.archlinux.org'
 patchwork_nginx_conf: '/etc/nginx/nginx.d/patchwork.conf'
 patchwork_forced_deploy: false
-patchwork_admins: ["('Giancarlo Razzolini', 'grazzolini@archlinux.org')", "('Frederik Schwan', "freswa@archlinux.org")"]
+patchwork_admins: ["('Giancarlo Razzolini', 'grazzolini@archlinux.org')", "('Frederik Schwan', 'freswa@archlinux.org')"]
 patchwork_version: 'v3.0.0'
 patchwork_from_email: 'Arch Linux Patchwork <patchwork@patchwork.archlinux.org>'
 patchwork_notification_frequency: '10m'

roles/patchwork/handlers/main.yml

@@ -2,7 +2,7 @@
 
 - name: daemon reload
   systemd:
-    daemon-reload: yes
+    daemon-reload: true
 
 - name: restart patchwork memcached
   service: name=patchwork-memcached state=restarted

roles/patchwork/tasks/main.yml

@@ -128,9 +128,9 @@
 - name: start and enable patchwork memcached service and notification timer
   systemd:
     name: "{{ item }}"
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
   with_items:
     - patchwork-memcached.service
     - patchwork-notification.timer

roles/php7_fpm/handlers/main.yaml

@@ -1,4 +1,4 @@
 ---
 - name: daemon reload
   systemd:
-    daemon-reload: yes
+    daemon-reload: true

roles/php_fpm/handlers/main.yaml

@@ -1,4 +1,4 @@
 ---
 - name: daemon reload
   systemd:
-    daemon-reload: yes
+    daemon-reload: true

roles/phrik/tasks/main.yml

@@ -33,9 +33,9 @@
 - name: start and enable pkgfile and phrikservice
   systemd:
     name: "{{ item }}"
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
   with_items:
     - pkgfile-update.timer
     - phrik.service

roles/postfix/tasks/main.yml

@@ -100,7 +100,7 @@
     shell: /sbin/nologin
     update_password: always
     home: /home/"{{ inventory_hostname }}"  # Set home directory so shadow.service does not fail
-    create_home: yes
+    create_home: true
 
 - name: open firewall holes
   ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
@@ -111,5 +111,3 @@
   when: postfix_smtpd_public and configure_firewall
   tags:
     - firewall
-
-

roles/postfwd/handlers/main.yml

@@ -2,4 +2,3 @@
 
 - name: reload postfwd
   service: name=postfwd state=reloaded
-

roles/postfwd/tasks/main.yml

@@ -10,4 +10,3 @@
 
 - name: start and enable postfwd
   service: name=postfwd enabled=yes state=started
-

roles/postgres/tasks/main.yml

@@ -20,7 +20,7 @@
   when: filesystem == "btrfs"
 
 - name: initialize postgres
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
   command: initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'
@@ -58,7 +58,7 @@
 
 - name: set postgres user password
   postgresql_user: name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 

roles/quassel/tasks/main.yml

@@ -5,18 +5,18 @@
 
 - name: add quassel postgres db
   postgresql_db: db=quassel
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 
 - name: add quassel postgres user
   postgresql_user: db=quassel name=quassel password={{ vault_postgres_users.quassel }} encrypted=true
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 
 - name: initialize quassel
-  become: yes
+  become: true
   become_user: quassel
   become_method: sudo
   expect:

roles/redirects/defaults/main.yml

@@ -1,8 +1,7 @@
 # Every entry creates a redirect listening on port 80 and 443 with the following parameters:
 #   - domain: the domain to listen on
 #   - to: the redirect target as defined by the nginx return statement
-#   - type: HTTP status code to use (302 = temporary redirect, 301 = permanent redirect
+#   - type: HTTP status code to use (302 = temporary redirect, 301 = permanent redirect)
-#)
 redirects:
   - mailman:
     domain: mailman.archlinux.org

roles/security_tracker/tasks/main.yml

@@ -102,7 +102,7 @@
 - name: start and enable security-tracker timer
   systemd:
     name: security-tracker-update.timer
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
   when: maintenance is not defined

roles/syncarchive/tasks/main.yml

@@ -14,8 +14,8 @@
 - name: start and enable syncarchive units
   systemd:
     name: "{{ item }}"
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
   with_items:
     - syncarchive.timer

roles/syncrepo/tasks/main.yml

@@ -25,9 +25,9 @@
 - name: start and enable syncrepo units
   systemd:
     name: "{{ item }}"
-    enabled: yes
+    enabled: true
     state: started
-    daemon_reload: yes
+    daemon_reload: true
   with_items:
     - syncrepo.timer
     - rsyncd.socket

roles/terraform_state/tasks/main.yml

@@ -2,7 +2,7 @@
 
 - name: create terraform state db
   postgresql_db: db="{{ terraform_db }}"
-  become: yes
+  become: true
   become_user: postgres
   become_method: su
 
@@ -13,6 +13,6 @@
     password: "{{ vault_terraform_db_password }}"
     encrypted: true
     priv: "ALL"
-  become: yes
+  become: true
   become_user: postgres
   become_method: su