Ansible upgrade 6.1 (#14500)

* linting * update ansible * linters
2 years ago · 347f864abb
parent a43de09437
commit 347f864abb
59 changed files with 1157 additions and 1156 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -1,6 +1,10 @@
 skip_list:
  - yaml
  - '204'
 verbosity: 1
 warn_list:
  - no-changed-when
  - no-handler
  - fqcn-builtins
  - var-spacing
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -18,7 +18,7 @@ jobs:
          python -m pip install --upgrade pip
          pip install -r requirements.txt
          sudo snap install shellcheck
-          pip install ansible-lint
+          pip install ansible-lint==6.3.0
      - name: Checks and linters
        run: |
--- a/deploy_client.yml
+++ b/deploy_client.yml
@ -13,7 +13,7 @@
        ansible_ssh_user: "{{ 'root' if client_ip == 'localhost' else ssh_user }}"
        vpn_user: "{{ vpn_user }}"
        IP_subject_alt_name: "{{ server_ip }}"
-        ansible_python_interpreter: "/usr/bin/python3"
+        ansible_python_interpreter: /usr/bin/python3
 - name: Configure the client and install required software
  hosts: client-host
--- a/input.yml
+++ b/input.yml
@ -22,7 +22,7 @@
      - { name: OpenStack (DreamCompute optimised), alias: openstack }
      - { name: CloudStack (Exoscale optimised), alias: cloudstack }
      - { name: Linode, alias: linode }
-      - { name: "Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)", alias: local }
+      - { name: Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users), alias: local }
  vars_files:
    - config.cfg
@ -78,8 +78,7 @@
          register: _ondemand_wifi_exclude
          when:
            - ondemand_wifi_exclude is undefined
-          - (ondemand_wifi|default(false)|bool) or
+            - (ondemand_wifi|default(false)|bool) or (booleans_map[_ondemand_wifi.user_input|default(omit)]|default(false))
            (booleans_map[_ondemand_wifi.user_input|default(omit)]|default(false))
        - name: Retain the PKI prompt
          pause:
--- a/main.yml
+++ b/main.yml
@ -23,12 +23,15 @@
    - name: Set required ansible version as a fact
      set_fact:
-        required_ansible_version:
+        required_ansible_version: "{{ item |  regex_replace('^ansible[\\s+]?(?P<op>[=,>,<]+)[\\s+]?(?P<ver>\\d.\\d+(.\\d+)?)$', '{\"op\": \"\\g<op>\",\"ver\"\
-          "{{ item |  regex_replace('^ansible-core[\\s+]?(?P<op>[=,>,<]+)[\\s+]?(?P<ver>\\d.\\d+(.\\d+)?)$',
+          : \"\\g<ver>\" }') }}"
-                      '{\"op\": \"\\g<op>\",\"ver\": \"\\g<ver>\" }') }}"
+      when: '"ansible" in item'
      when: '"ansible-core" in item'
      with_items: "{{ lookup('file', 'requirements.txt').splitlines() }}"
    - name: Just get the list from default pip
      community.general.pip_package_info:
      register: pip_package_info
    - name: Verify Python meets Algo VPN requirements
      assert:
        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.8', '>=')
@ -40,10 +43,10 @@
    - name: Verify Ansible meets Algo VPN requirements
      assert:
        that:
-          - ansible_version.full is version(required_ansible_version.ver, required_ansible_version.op)
+          - pip_package_info.packages.pip.ansible.0.version is version(required_ansible_version.ver, required_ansible_version.op)
          - not ipaddr.failed
        msg: >
-          Ansible version is {{ ansible_version.full }}.
+          Ansible version is {{ pip_package_info.packages.pip.ansible.0.version }}.
          You must update the requirements to use this version of Algo.
          Try to run python3 -m pip install -U -r requirements.txt
--- a/playbooks/cloud-post.yml
+++ b/playbooks/cloud-post.yml
@ -10,7 +10,7 @@
    ansible_connection: "{% if cloud_instance_ip == 'localhost' %}local{% else %}ssh{% endif %}"
    ansible_ssh_user: "{{ ansible_ssh_user|default('root') }}"
    ansible_ssh_port: "{{ ansible_ssh_port|default(22) }}"
-    ansible_python_interpreter: "/usr/bin/python3"
+    ansible_python_interpreter: /usr/bin/python3
    algo_provider: "{{ algo_provider }}"
    algo_server_name: "{{ algo_server_name }}"
    algo_ondemand_cellular: "{{ algo_ondemand_cellular }}"
@ -33,7 +33,7 @@
  wait_for:
    port: "{{ ansible_ssh_port|default(22) }}"
    host: "{{ cloud_instance_ip }}"
-    search_regex: "OpenSSH"
+    search_regex: OpenSSH
    delay: 10
    timeout: 320
    state: present
@ -44,8 +44,7 @@
  when:
    - pki_in_tmpfs
    - not algo_store_pki
-    - ansible_system == "Darwin" or
+    - ansible_system == "Darwin" or ansible_system == "Linux"
      ansible_system == "Linux"
 - debug:
    var: IP_subject_alt_name
--- a/playbooks/cloud-pre.yml
+++ b/playbooks/cloud-pre.yml
@ -47,7 +47,7 @@
        src: "{{ SSH_keys.private }}"
        dest: "{{ SSH_keys.private_tmp }}"
        force: true
-      mode: '0600'
+        mode: "0600"
      delegate_to: localhost
      become: false
  when: algo_provider != "local"
--- a/playbooks/tmpfs/linux.yml
+++ b/playbooks/tmpfs/linux.yml
@ -1,5 +1,5 @@
 ---
 - name: Linux | set OS specific facts
  set_fact:
-    tmpfs_volume_name: "AlgoVPN-{{ IP_subject_alt_name }}"
+    tmpfs_volume_name: AlgoVPN-{{ IP_subject_alt_name }}
    tmpfs_volume_path: /dev/shm
--- a/playbooks/tmpfs/macos.yml
+++ b/playbooks/tmpfs/macos.yml
@ -1,7 +1,7 @@
 ---
 - name: MacOS | set OS specific facts
  set_fact:
-    tmpfs_volume_name: "AlgoVPN-{{ IP_subject_alt_name }}"
+    tmpfs_volume_name: AlgoVPN-{{ IP_subject_alt_name }}
    tmpfs_volume_path: /Volumes
 - name: MacOS | mount a ram disk
@ -9,4 +9,4 @@
    /usr/sbin/diskutil info "/{{ tmpfs_volume_path }}/{{ tmpfs_volume_name }}/" ||
    /usr/sbin/diskutil erasevolume HFS+ "{{ tmpfs_volume_name }}" $(hdiutil attach -nomount ram://64000)
  args:
-    creates: "/{{ tmpfs_volume_path }}/{{ tmpfs_volume_name }}"
+    creates: /{{ tmpfs_volume_path }}/{{ tmpfs_volume_name }}
--- a/playbooks/tmpfs/main.yml
+++ b/playbooks/tmpfs/main.yml
@ -9,7 +9,7 @@
 - name: Set config paths as facts
  set_fact:
-    ipsec_pki_path: "/{{ tmpfs_volume_path }}/{{ tmpfs_volume_name }}/IPsec/"
+    ipsec_pki_path: /{{ tmpfs_volume_path }}/{{ tmpfs_volume_name }}/IPsec/
 - name: Update config paths
  add_host:
--- a/playbooks/tmpfs/umount.yml
+++ b/playbooks/tmpfs/umount.yml
@ -1,7 +1,7 @@
 ---
 - name: Linux | Delete the PKI directory
  file:
-    path: "/{{ facts.tmpfs_volume_path }}/{{ facts.tmpfs_volume_name }}/"
+    path: /{{ facts.tmpfs_volume_path }}/{{ facts.tmpfs_volume_name }}/
    state: absent
  when: facts.ansible_system == "Linux"
--- a/requirements.txt
+++ b/requirements.txt
@ -1,4 +1,3 @@
-ansible-core==2.12.3
+ansible==6.1.0
 ansible==5.0.1
 jinja2~=3.0.3
 netaddr
--- a/roles/client/tasks/main.yml
+++ b/roles/client/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - name: Gather Facts
  setup:
 - name: Include system based facts and tasks
  import_tasks: systems/main.yml
@ -22,9 +22,9 @@
 - name: Setup the ipsec config
  template:
-    src: "roles/strongswan/templates/client_ipsec.conf.j2"
+    src: roles/strongswan/templates/client_ipsec.conf.j2
    dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
-    mode: '0644'
+    mode: "0644"
  with_items:
    - "{{ vpn_user }}"
  notify:
@ -32,9 +32,9 @@
 - name: Setup the ipsec secrets
  template:
-    src: "roles/strongswan/templates/client_ipsec.secrets.j2"
+    src: roles/strongswan/templates/client_ipsec.secrets.j2
    dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
-    mode: '0600'
+    mode: "0600"
  with_items:
    - "{{ vpn_user }}"
  notify:
@ -44,12 +44,12 @@
  lineinfile:
    dest: "{{ item.dest }}"
    line: "{{ item.line }}"
-    create: yes
+    create: true
  with_items:
    - dest: "{{ configs_prefix }}/ipsec.conf"
-      line: "include ipsec.{{ IP_subject_alt_name }}.conf"
+      line: include ipsec.{{ IP_subject_alt_name }}.conf
    - dest: "{{ configs_prefix }}/ipsec.secrets"
-      line: "include ipsec.{{ IP_subject_alt_name }}.secrets"
+      line: include ipsec.{{ IP_subject_alt_name }}.secrets
  notify:
    - restart strongswan
@ -66,11 +66,11 @@
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
-    - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/certs/{{ vpn_user }}.crt"
+    - src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/certs/{{ vpn_user }}.crt
      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt"
-    - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/cacert.pem"
+    - src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/cacert.pem
      dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
-    - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/private/{{ vpn_user }}.key"
+    - src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/private/{{ vpn_user }}.key
      dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key"
  notify:
    - restart strongswan
--- a/roles/client/tasks/systems/main.yml
+++ b/roles/client/tasks/systems/main.yml
@ -1,5 +1,4 @@
 ---
 - include_tasks: Debian.yml
  when: ansible_distribution == 'Debian'
--- a/roles/cloud-azure/defaults/main.yml
+++ b/roles/cloud-azure/defaults/main.yml
@ -208,4 +208,3 @@ azure_regions:
  - displayName: West US (Stage)
    name: westusstage
    regionalDisplayName: (US) West US (Stage)
--- a/roles/cloud-azure/tasks/venv.yml
+++ b/roles/cloud-azure/tasks/venv.yml
@ -1,6 +1,6 @@
 ---
 - name: Install requirements
  pip:
-    requirements: https://raw.githubusercontent.com/ansible-collections/azure/v1.9.0/requirements-azure.txt
+    requirements: https://raw.githubusercontent.com/ansible-collections/azure/v1.13.0/requirements-azure.txt
    state: latest
    virtualenv_python: python3
--- a/roles/cloud-cloudstack/tasks/main.yml
+++ b/roles/cloud-cloudstack/tasks/main.yml
@ -26,7 +26,7 @@
        end_port: "{{ item.end_port }}"
        cidr: "{{ item.range }}"
      with_items:
-        - { proto: tcp, start_port: '{{ ssh_port }}', end_port: '{{ ssh_port }}', range: 0.0.0.0/0 }
+        - { proto: tcp, start_port: "{{ ssh_port }}", end_port: "{{ ssh_port }}", range: 0.0.0.0/0 }
        - { proto: udp, start_port: 4500, end_port: 4500, range: 0.0.0.0/0 }
        - { proto: udp, start_port: 500, end_port: 500, range: 0.0.0.0/0 }
        - { proto: udp, start_port: "{{ wireguard_port }}", end_port: "{{ wireguard_port }}", range: 0.0.0.0/0 }
--- a/roles/cloud-cloudstack/tasks/prompts.yml
+++ b/roles/cloud-cloudstack/tasks/prompts.yml
@ -30,7 +30,8 @@
    - set_fact:
        algo_cs_key: "{{ cs_key | default(_cs_key.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_KEY'), true) }}"
        algo_cs_token: "{{ cs_secret | default(_cs_secret.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_SECRET'), true) }}"
-      algo_cs_url: "{{ cs_url | default(_cs_url.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_ENDPOINT'), true) | default('https://api.exoscale.com/compute', true) }}"
+        algo_cs_url: "{{ cs_url | default(_cs_url.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_ENDPOINT'), true) | default('https://api.exoscale.com/compute',\
          \ true) }}"
    - name: Get zones on cloud
      cs_zone_info:
@ -62,4 +63,3 @@
            [{{ default_zone }}]
      register: _algo_region
      when: region is undefined
--- a/roles/cloud-digitalocean/tasks/main.yml
+++ b/roles/cloud-digitalocean/tasks/main.yml
@ -2,14 +2,14 @@
 - name: Include prompts
  import_tasks: prompts.yml
- name: "Upload the SSH key"
+- name: Upload the SSH key
  digital_ocean_sshkey:
    oauth_token: "{{ algo_do_token }}"
    name: "{{ SSH_keys.comment }}"
    ssh_pub_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
  register: do_ssh_key
- name: "Creating a droplet..."
+- name: Creating a droplet...
  digital_ocean_droplet:
    state: present
    name: "{{ algo_server_name }}"
@ -31,7 +31,7 @@
    droplet: "{{ digital_ocean_droplet.data.droplet | default(digital_ocean_droplet.data) }}"
 - block:
-  - name: "Create a Floating IP"
+    - name: Create a Floating IP
      digital_ocean_floating_ip:
        state: present
        oauth_token: "{{ algo_do_token }}"
--- a/roles/cloud-digitalocean/tasks/prompts.yml
+++ b/roles/cloud-digitalocean/tasks/prompts.yml
@ -18,8 +18,8 @@
    method: GET
    status_code: 200
    headers:
-      Content-Type: "application/json"
+      Content-Type: application/json
-      Authorization: "Bearer {{ algo_do_token }}"
+      Authorization: Bearer {{ algo_do_token }}
  register: _do_regions
 - name: Set facts about the regions
--- a/roles/cloud-ec2/tasks/cloudformation.yml
+++ b/roles/cloud-ec2/tasks/cloudformation.yml
@ -4,7 +4,7 @@
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    stack_name: "{{ stack_name }}"
-    state: "present"
+    state: present
    region: "{{ algo_region }}"
    template: roles/cloud-ec2/files/stack.yaml
    template_parameters:
--- a/roles/cloud-ec2/tasks/main.yml
+++ b/roles/cloud-ec2/tasks/main.yml
@ -13,7 +13,7 @@
    region: "{{ algo_region }}"
    filters:
      architecture: "{{ cloud_providers.ec2.image.arch }}"
-      name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-*64-server-*"
+      name: ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-*64-server-*
  register: ami_search
 - name: Set the ami id as a fact
--- a/roles/cloud-gce/tasks/main.yml
+++ b/roles/cloud-gce/tasks/main.yml
@ -27,12 +27,12 @@
    allowed:
      - ip_protocol: udp
        ports:
-          - '500'
+          - "500"
-          - '4500'
+          - "4500"
-          - '{{ wireguard_port|string }}'
+          - "{{ wireguard_port|string }}"
      - ip_protocol: tcp
        ports:
-          - '{{ ssh_port }}'
+          - "{{ ssh_port }}"
      - ip_protocol: icmp
 - block:
@ -62,9 +62,9 @@
      - auto_delete: true
        boot: true
        initialize_params:
-          source_image: "projects/ubuntu-os-cloud/global/images/family/{{ cloud_providers.gce.image }}"
+          source_image: projects/ubuntu-os-cloud/global/images/family/{{ cloud_providers.gce.image }}
    metadata:
-      ssh-keys: "algo:{{ ssh_public_key_lookup }}"
+      ssh-keys: algo:{{ ssh_public_key_lookup }}
      user-data: "{{ lookup('template', 'files/cloud-init/base.yml') }}"
    network_interfaces:
      - network: "{{ gcp_compute_network }}"
@ -74,7 +74,7 @@
            type: ONE_TO_ONE_NAT
    tags:
      items:
-        - "environment-algo"
+        - environment-algo
  register: gcp_compute_instance
 - set_fact:
--- a/roles/cloud-gce/tasks/prompts.yml
+++ b/roles/cloud-gce/tasks/prompts.yml
@ -9,7 +9,8 @@
    - lookup('env','GCE_CREDENTIALS_FILE_PATH')|length <= 0
 - set_fact:
-    credentials_file_path: "{{ gce_credentials_file | default(_gce_credentials_file.user_input|default(None)) | default(lookup('env','GCE_CREDENTIALS_FILE_PATH'), true) }}"
+    credentials_file_path: "{{ gce_credentials_file | default(_gce_credentials_file.user_input|default(None)) | default(lookup('env','GCE_CREDENTIALS_FILE_PATH'),\
      \ true) }}"
    ssh_public_key_lookup: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
 - set_fact:
@ -70,8 +71,8 @@
    project: "{{ project_id }}"
    scope: zones
    filters:
-      - "name={{ algo_region }}-*"
+      - name={{ algo_region }}-*
-      - "status=UP"
+      - status=UP
  register: gcp_compute_zone_info
 - name: Set random available zone as a fact
--- a/roles/cloud-hetzner/tasks/main.yml
+++ b/roles/cloud-hetzner/tasks/main.yml
@ -7,7 +7,7 @@
 - name: Create an ssh key
  hcloud_ssh_key:
-    name: "algo-{{ 999999 | random(seed=lookup('file', SSH_keys.public)) }}"
+    name: algo-{{ 999999 | random(seed=lookup('file', SSH_keys.public)) }}
    public_key: "{{ lookup('file', SSH_keys.public) }}"
    state: present
    api_token: "{{ algo_hcloud_token }}"
--- a/roles/cloud-lightsail/tasks/cloudformation.yml
+++ b/roles/cloud-lightsail/tasks/cloudformation.yml
@ -4,7 +4,7 @@
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
    stack_name: "{{ stack_name }}"
-    state: "present"
+    state: present
    region: "{{ algo_region }}"
    template: roles/cloud-lightsail/files/stack.yaml
    template_parameters:
--- a/roles/cloud-linode/tasks/main.yml
+++ b/roles/cloud-linode/tasks/main.yml
@ -26,7 +26,7 @@
 - name: Update the stackscript
  uri:
-    url: "https://api.linode.com/v4/linode/stackscripts/{{ _linode_stackscript.stackscript.id }}"
+    url: https://api.linode.com/v4/linode/stackscripts/{{ _linode_stackscript.stackscript.id }}
    method: PUT
    body_format: json
    body:
@ -34,10 +34,10 @@
        {{ stackscript }}
    headers:
      Content-Type: application/json
-      Authorization: "Bearer {{ algo_linode_token }}"
+      Authorization: Bearer {{ algo_linode_token }}
  when: (_linode_stackscript.stackscript.script | hash('md5')) != (stackscript | hash('md5'))
- name: "Creating an instance..."
+- name: Creating an instance...
  linode_v4:
    access_token: "{{ algo_linode_token }}"
    label: "{{ algo_server_name }}"
--- a/roles/cloud-openstack/tasks/main.yml
+++ b/roles/cloud-openstack/tasks/main.yml
@ -22,7 +22,7 @@
    port_range_max: "{{ item.port_max }}"
    remote_ip_prefix: "{{ item.range }}"
  with_items:
-    - { proto: tcp, port_min: '{{ ssh_port }}', port_max: '{{ ssh_port }}', range: 0.0.0.0/0 }
+    - { proto: tcp, port_min: "{{ ssh_port }}", port_max: "{{ ssh_port }}", range: 0.0.0.0/0 }
    - { proto: icmp, port_min: -1, port_max: -1, range: 0.0.0.0/0 }
    - { proto: udp, port_min: 4500, port_max: 4500, range: 0.0.0.0/0 }
    - { proto: udp, port_min: 500, port_max: 500, range: 0.0.0.0/0 }
--- a/roles/cloud-scaleway/tasks/main.yml
+++ b/roles/cloud-scaleway/tasks/main.yml
@ -1,3 +1,4 @@
 ---
 - name: Include prompts
  import_tasks: prompts.yml
@ -41,12 +42,12 @@
    - name: Patch the cloud-init
      uri:
-      url: "https://cp-{{ algo_region }}.scaleway.com/servers/{{ scaleway_compute.msg.id }}/user_data/cloud-init"
+        url: https://cp-{{ algo_region }}.scaleway.com/servers/{{ scaleway_compute.msg.id }}/user_data/cloud-init
        method: PATCH
        body: "{{ lookup('template', 'files/cloud-init/base.yml') }}"
        status_code: 204
        headers:
-        Content-Type: "text/plain"
+          Content-Type: text/plain
          X-Auth-Token: "{{ algo_scaleway_token }}"
    - name: Start the server
--- a/roles/cloud-vultr/tasks/main.yml
+++ b/roles/cloud-vultr/tasks/main.yml
@ -15,13 +15,13 @@
        ip_version: "{{ item.ip }}"
        cidr: "{{ item.cidr }}"
      with_items:
-    - { protocol: tcp, port: "{{ ssh_port }}", ip: v4, cidr: "0.0.0.0/0" }
+        - { protocol: tcp, port: "{{ ssh_port }}", ip: v4, cidr: 0.0.0.0/0 }
        - { protocol: tcp, port: "{{ ssh_port }}", ip: v6, cidr: "::/0" }
-    - { protocol: udp, port: 500, ip: v4, cidr: "0.0.0.0/0" }
+        - { protocol: udp, port: 500, ip: v4, cidr: 0.0.0.0/0 }
        - { protocol: udp, port: 500, ip: v6, cidr: "::/0" }
-    - { protocol: udp, port: 4500, ip: v4, cidr: "0.0.0.0/0" }
+        - { protocol: udp, port: 4500, ip: v4, cidr: 0.0.0.0/0 }
        - { protocol: udp, port: 4500, ip: v6, cidr: "::/0" }
-    - { protocol: udp, port: "{{ wireguard_port }}", ip: v4, cidr: "0.0.0.0/0" }
+        - { protocol: udp, port: "{{ wireguard_port }}", ip: v4, cidr: 0.0.0.0/0 }
        - { protocol: udp, port: "{{ wireguard_port }}", ip: v6, cidr: "::/0" }
    - name: Upload the startup script
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@ -1,3 +1,4 @@
 ---
 - name: restart rsyslog
  service: name=rsyslog state=restarted
--- a/roles/common/tasks/freebsd.yml
+++ b/roles/common/tasks/freebsd.yml
@ -13,13 +13,12 @@
 - name: Gather facts
  setup:
 - name: Gather additional facts
  import_tasks: facts.yml
 - name: Set OS specific facts
  set_fact:
-    config_prefix: "/usr/local/"
+    config_prefix: /usr/local/
    strongswan_shell: /usr/sbin/nologin
    strongswan_home: /var/empty
    root_group: wheel
@ -50,7 +49,7 @@
 - name: Loopback included into the rc config
  blockinfile:
    dest: /etc/rc.conf
-    create: yes
+    create: true
    block: |
      cloned_interfaces="lo100"
      ifconfig_lo100="inet {{ local_service_ip }} netmask 255.255.255.255"
--- a/roles/common/tasks/iptables.yml
+++ b/roles/common/tasks/iptables.yml
@ -1,5 +1,4 @@
 ---
 - name: Iptables configured
  template:
    src: "{{ item.src }}"
--- a/roles/common/tasks/ubuntu.yml
+++ b/roles/common/tasks/ubuntu.yml
@ -1,7 +1,6 @@
 ---
 - name: Gather facts
  setup:
 - name: Cloud only tasks
  block:
    - name: Install software updates
@ -42,8 +41,8 @@
 - name: Disable MOTD on login and SSHD
  replace: dest="{{ item.file }}" regexp="{{ item.regexp }}" replace="{{ item.line }}"
  with_items:
-    - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/login' }
+    - { regexp: ^session.*optional.*pam_motd.so.*, line: "# MOTD DISABLED", file: /etc/pam.d/login }
-    - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/sshd' }
+    - { regexp: ^session.*optional.*pam_motd.so.*, line: "# MOTD DISABLED", file: /etc/pam.d/sshd }
 - name: Ensure fallback resolvers are set
  ini_file:
@ -75,7 +74,7 @@
 - name: Check apparmor support
  command: apparmor_status
-  ignore_errors: yes
+  ignore_errors: true
  changed_when: false
  register: apparmor_status
@ -117,7 +116,7 @@
  apt:
    name:
      - linux-headers-generic
-      - "linux-headers-{{ ansible_kernel }}"
+      - linux-headers-{{ ansible_kernel }}
    state: present
  when: install_headers | bool
--- a/roles/dns/tasks/freebsd.yml
+++ b/roles/dns/tasks/freebsd.yml
@ -6,4 +6,4 @@
 - name: Enable mac_portacl
  lineinfile:
    path: /etc/rc.conf
-    line: 'dnscrypt_proxy_mac_portacl_enable="YES"'
+    line: dnscrypt_proxy_mac_portacl_enable="YES"
--- a/roles/ssh_tunneling/defaults/main.yml
+++ b/roles/ssh_tunneling/defaults/main.yml
@ -1,2 +1,2 @@
 ---
-ssh_tunnels_config_path: "configs/{{ IP_subject_alt_name }}/ssh-tunnel/"
+ssh_tunnels_config_path: configs/{{ IP_subject_alt_name }}/ssh-tunnel/
--- a/roles/ssh_tunneling/handlers/main.yml
+++ b/roles/ssh_tunneling/handlers/main.yml
@ -1,2 +1,3 @@
 ---
 - name: restart ssh
  service: name="{{ ssh_service_name|default('ssh') }}" state=restarted
--- a/roles/ssh_tunneling/tasks/main.yml
+++ b/roles/ssh_tunneling/tasks/main.yml
@ -2,7 +2,7 @@
 - name: Ensure that the sshd_config file has desired options
  blockinfile:
    dest: /etc/ssh/sshd_config
-    marker: '# {mark} ANSIBLE MANAGED BLOCK ssh_tunneling_role'
+    marker: "# {mark} ANSIBLE MANAGED BLOCK ssh_tunneling_role"
    block: |
      Match Group algo
          AllowTcpForwarding local
@ -32,12 +32,12 @@
      user:
        name: "{{ item }}"
        group: algo
-      home: '/var/jail/{{ item }}'
+        home: /var/jail/{{ item }}
-      createhome: yes
+        createhome: true
        generate_ssh_key: false
        shell: /bin/false
        state: present
-      append: yes
+        append: true
      with_items: "{{ users }}"
    - block:
@ -51,8 +51,8 @@
          file:
            dest: "{{ ssh_tunnels_config_path }}"
            state: directory
-        recurse: yes
+            recurse: true
-        mode: '0700'
+            mode: "0700"
        - name: Check if the private keys exist
          stat:
@ -104,14 +104,14 @@
      getent:
        database: group
        key: algo
-      split: ':'
+        split: ":"
    - name: Delete non-existing users
      user:
        name: "{{ item }}"
        state: absent
-      remove: yes
+        remove: true
-      force: yes
+        force: true
      when: item not in users
      with_items: "{{ getent_group['algo'][2].split(',') }}"
  tags: update-users
--- a/roles/strongswan/defaults/main.yml
+++ b/roles/strongswan/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-ipsec_config_path: "configs/{{ IP_subject_alt_name }}/ipsec/"
+ipsec_config_path: configs/{{ IP_subject_alt_name }}/ipsec/
 ipsec_pki_path: "{{ ipsec_config_path }}/.pki/"
 strongswan_shell: /usr/sbin/nologin
 strongswan_home: /var/lib/strongswan
@ -7,7 +7,7 @@ strongswan_service: "{{ 'strongswan-starter' if ansible_facts['distribution_vers
 BetweenClients_DROP: true
 algo_ondemand_cellular: false
 algo_ondemand_wifi: false
-algo_ondemand_wifi_exclude: '_null'
+algo_ondemand_wifi_exclude: _null
 algo_dns_adblocking: false
 ipv6_support: false
 dns_encryption: true
@ -16,7 +16,7 @@ subjectAltName_type: "{{ 'DNS' if IP_subject_alt_name|regex_search('[a-z]') else
 subjectAltName: >-
  {{ subjectAltName_type }}:{{ IP_subject_alt_name }}
  {%- if ipv6_support -%},IP:{{ ansible_default_ipv6['address'] }}{%- endif -%}
-subjectAltName_USER: "email:{{ item }}@{{ openssl_constraint_random_id }}"
+subjectAltName_USER: email:{{ item }}@{{ openssl_constraint_random_id }}
 nameConstraints: >-
  critical,permitted;{{ subjectAltName_type }}:{{ IP_subject_alt_name }}{{- '/255.255.255.255' if subjectAltName_type == 'IP' else '' -}}
  {%- if subjectAltName_type == 'IP' -%}
--- a/roles/strongswan/handlers/main.yml
+++ b/roles/strongswan/handlers/main.yml
@ -1,3 +1,4 @@
 ---
 - name: restart strongswan
  service: name={{ strongswan_service }} state=restarted
--- a/roles/strongswan/tasks/distribute_keys.yml
+++ b/roles/strongswan/tasks/distribute_keys.yml
@ -1,5 +1,4 @@
 ---
 - name: Copy the keys to the strongswan directory
  copy:
    src: "{{ ipsec_pki_path }}/{{ item.src }}"
@ -8,18 +7,18 @@
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  with_items:
-    - src: "cacert.pem"
+    - src: cacert.pem
-      dest: "cacerts/ca.crt"
+      dest: cacerts/ca.crt
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
-    - src: "certs/{{ IP_subject_alt_name }}.crt"
+    - src: certs/{{ IP_subject_alt_name }}.crt
-      dest: "certs/{{ IP_subject_alt_name }}.crt"
+      dest: certs/{{ IP_subject_alt_name }}.crt
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
-    - src: "private/{{ IP_subject_alt_name }}.key"
+    - src: private/{{ IP_subject_alt_name }}.key
-      dest: "private/{{ IP_subject_alt_name }}.key"
+      dest: private/{{ IP_subject_alt_name }}.key
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
--- a/roles/strongswan/tasks/ipsec_configuration.yml
+++ b/roles/strongswan/tasks/ipsec_configuration.yml
@ -1,5 +1,4 @@
 ---
 - name: Setup the config files from our templates
  template:
    src: "{{ item.src }}"
@ -9,22 +8,22 @@
    mode: "{{ item.mode }}"
  with_items:
    - src: strongswan.conf.j2
-      dest: "strongswan.conf"
+      dest: strongswan.conf
      owner: root
      group: "{{ root_group|default('root') }}"
      mode: "0644"
    - src: ipsec.conf.j2
-      dest: "ipsec.conf"
+      dest: ipsec.conf
      owner: root
      group: "{{ root_group|default('root') }}"
      mode: "0644"
    - src: ipsec.secrets.j2
-      dest: "ipsec.secrets"
+      dest: ipsec.secrets
      owner: strongswan
      group: "{{ root_group|default('root') }}"
      mode: "0600"
    - src: charon.conf.j2
-      dest: "strongswan.d/charon.conf"
+      dest: strongswan.d/charon.conf
      owner: root
      group: "{{ root_group|default('root') }}"
      mode: "0644"
@ -44,8 +43,8 @@
 - name: Disable unneeded plugins
  lineinfile:
    dest: "{{ config_prefix|default('/') }}etc/strongswan.d/charon/{{ item }}.conf"
-    regexp: '.*load.*'
+    regexp: .*load.*
-    line: 'load = no'
+    line: load = no
    state: present
  notify:
    - restart strongswan
--- a/roles/strongswan/tasks/main.yml
+++ b/roles/strongswan/tasks/main.yml
@ -19,7 +19,7 @@
 - import_tasks: distribute_keys.yml
 - import_tasks: client_configs.yml
  delegate_to: localhost
-  become: no
+  become: false
  tags: update-users
 - name: strongSwan started
--- a/roles/strongswan/tasks/openssl.yml
+++ b/roles/strongswan/tasks/openssl.yml
@ -12,8 +12,8 @@
      file:
        dest: "{{ ipsec_pki_path }}/{{ item }}"
        state: directory
-      recurse: yes
+        recurse: true
-      mode: '0700'
+        mode: "0700"
      with_items:
        - ecparams
        - certs
@ -27,8 +27,8 @@
      file:
        dest: "{{ ipsec_config_path }}/{{ item }}"
        state: directory
-      recurse: yes
+        recurse: true
-      mode: '0700'
+        mode: "0700"
      with_items:
        - apple
        - manual
@ -38,11 +38,11 @@
        dest: "{{ ipsec_pki_path }}/{{ item }}"
        state: touch
      with_items:
-      - ".rnd"
+        - .rnd
-      - "private/.rnd"
+        - private/.rnd
-      - "index.txt"
+        - index.txt
-      - "index.txt.attr"
+        - index.txt.attr
-      - "serial"
+        - serial
    - name: Generate the openssl server configs
      template:
@ -233,7 +233,7 @@
        chdir: "{{ ipsec_pki_path }}"
        executable: bash
  delegate_to: localhost
-  become: no
+  become: false
  vars:
    ansible_python_interpreter: "{{ ansible_playbook_python }}"
--- a/roles/strongswan/tasks/ubuntu.yml
+++ b/roles/strongswan/tasks/ubuntu.yml
@ -2,20 +2,19 @@
 - name: Set OS specific facts
  set_fact:
    strongswan_additional_plugins: []
 - name: Ubuntu | Install strongSwan
  apt:
    name: strongswan
    state: present
-    update_cache: yes
+    update_cache: true
-    install_recommends: yes
+    install_recommends: true
 - block:
    # https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1826238
    - name: Ubuntu | Charon profile for apparmor configured
      copy:
        dest: /etc/apparmor.d/local/usr.lib.ipsec.charon
-      content: ' capability setpcap,'
+        content: " capability setpcap,"
        owner: root
        group: root
        mode: 0644
--- a/roles/wireguard/defaults/main.yml
+++ b/roles/wireguard/defaults/main.yml
@ -1,6 +1,6 @@
 ---
 wireguard_PersistentKeepalive: 0
-wireguard_config_path: "configs/{{ IP_subject_alt_name }}/wireguard/"
+wireguard_config_path: configs/{{ IP_subject_alt_name }}/wireguard/
 wireguard_pki_path: "{{ wireguard_config_path }}/.pki/"
 wireguard_interface: wg0
 wireguard_port_avoid: 53
@ -10,7 +10,8 @@ wireguard_dns_servers: >-
  {% if algo_dns_adblocking|default(false)|bool or dns_encryption|default(false)|bool %}
  {{ local_service_ip }}{{ ', ' + local_service_ipv6 if ipv6_support else '' }}
  {% else %}
-  {% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
+  {% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if
  not loop.last %},{% endif %}{% endfor %}{% endif %}
  {% endif %}
 wireguard_client_ip: >-
  {{ wireguard_network_ipv4 | ipmath(index|int+2) }}
--- a/roles/wireguard/tasks/ubuntu.yml
+++ b/roles/wireguard/tasks/ubuntu.yml
@ -7,5 +7,5 @@
 - name: Set OS specific facts
  set_fact:
-    service_name: "wg-quick@{{ wireguard_interface }}"
+    service_name: wg-quick@{{ wireguard_interface }}
  tags: always
--- a/server.yml
+++ b/server.yml
@ -19,13 +19,13 @@
        - block:
            - name: Ensure the config directory exists
              file:
-            dest: "configs/{{ IP_subject_alt_name }}"
+                dest: configs/{{ IP_subject_alt_name }}
                state: directory
                mode: "0700"
            - name: Dump the ssh config
              copy:
-            dest: "configs/{{ IP_subject_alt_name }}/ssh_config"
+                dest: configs/{{ IP_subject_alt_name }}/ssh_config
                mode: "0600"
                content: |
                  Host {{ IP_subject_alt_name }} {{ algo_server_name }}
@ -46,8 +46,7 @@
        - import_role:
            name: dns
          when:
-          - algo_dns_adblocking or
+            - algo_dns_adblocking or dns_encryption
            dns_encryption
          tags: dns
        - import_role:
@ -68,7 +67,7 @@
        - block:
            - name: Dump the configuration
              copy:
-            dest: "configs/{{ IP_subject_alt_name }}/.config.yml"
+                dest: configs/{{ IP_subject_alt_name }}/.config.yml
                content: |
                  server: {{ 'localhost' if inventory_hostname == 'localhost' else inventory_hostname }}
                  server_user: {{ ansible_ssh_user }}
--- a/users.yml
+++ b/users.yml
@ -1,6 +1,6 @@
 ---
 - hosts: localhost
-  gather_facts: False
+  gather_facts: false
  tags: always
  vars_files:
    - config.cfg
@ -13,7 +13,7 @@
            depth: 2
            recurse: true
            hidden: true
-            patterns: ".config.yml"
+            patterns: .config.yml
          register: _configs_list
        - name: Verify servers
@ -50,7 +50,7 @@
        - name: Import host specific variables
          include_vars:
-            file: "configs/{{ algo_server }}/.config.yml"
+            file: configs/{{ algo_server }}/.config.yml
        - when: ipsec_enabled
          block:
@ -78,7 +78,7 @@
            groups: vpn-host
            ansible_ssh_user: "{{ server_user|default('root') }}"
            ansible_connection: "{% if algo_server == 'localhost' %}local{% else %}ssh{% endif %}"
-            ansible_python_interpreter: "/usr/bin/python3"
+            ansible_python_interpreter: /usr/bin/python3
            CA_password: "{{ CA_password|default(omit) }}"
      rescue:
        - include_tasks: playbooks/rescue.yml
@ -89,7 +89,7 @@
  become: true
  vars_files:
    - config.cfg
-    - "configs/{{ inventory_hostname }}/.config.yml"
+    - configs/{{ inventory_hostname }}/.config.yml
  tasks:
    - block:
`@ -1,2 +1,2 @@`
	`---`	`---`
	`ssh_tunnels_config_path: "configs/{{ IP_subject_alt_name }}/ssh-tunnel/"`	`ssh_tunnels_config_path: configs/{{ IP_subject_alt_name }}/ssh-tunnel/`