From 0745d3a63545338c7d574e9a43ffce316c8d118a Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 30 Oct 2022 16:32:45 +0000
Subject: [PATCH] nginx: ansible-lint fixes

---
 roles/nginx/server/handlers/main.yml |  5 +-
 roles/nginx/server/tasks/main.yml    | 88 ++++++++++++++--------------
 roles/nginx/site/tasks/main.yml      | 22 +++----
 3 files changed, 57 insertions(+), 58 deletions(-)

diff --git a/roles/nginx/server/handlers/main.yml b/roles/nginx/server/handlers/main.yml
index f7639fd..3ba7687 100644
--- a/roles/nginx/server/handlers/main.yml
+++ b/roles/nginx/server/handlers/main.yml
@@ -1,6 +1,5 @@
 ---
-
-- name: restart nginx
-  service:
+- name: Restart nginx
+  ansible.builtin.service:
     name: nginx
     state: restarted
diff --git a/roles/nginx/server/tasks/main.yml b/roles/nginx/server/tasks/main.yml
index 5edd82f..af00679 100644
--- a/roles/nginx/server/tasks/main.yml
+++ b/roles/nginx/server/tasks/main.yml
@@ -1,9 +1,9 @@
 ---
-- name: include os-specific variables
-  include_vars: "{{ ansible_os_family }}.yml"
+- name: Include OS-specific variables
+  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
 
-- name: enable nginx:120 module
-  command:
+- name: Enable nginx:120 module
+  ansible.builtin.command:
     argv:
       - dnf
       - module
@@ -17,19 +17,19 @@
     - ansible_distribution != "Fedora"
     - ansible_distribution_major_version|int >= 8
 
-- name: install packages
-  package:
+- name: Install packages
+  ansible.builtin.package:
     name: nginx
     state: installed
 
-- name: fix selinux contexts from data directory
-  sefcontext:
+- name: Fix selinux contexts from data directory
+  community.general.sefcontext:
     path: /srv/web(/.*)?
     setype: httpd_sys_content_t
   when: ansible_selinux_python_present
 
-- name: create nginx data and config directories
-  file:
+- name: Create nginx data and config directories
+  ansible.builtin.file:
     state: directory
     path: "{{ item }}"
     mode: 0755
@@ -42,8 +42,8 @@
     - "/srv/web/{{ inventory_hostname }}"
     - "/etc/nginx/conf.d/{{ inventory_hostname }}"
 
-- name: create nginx base config
-  template:
+- name: Create nginx base config
+  ansible.builtin.template:
     src: nginx.conf.j2
     dest: /etc/nginx/nginx.conf
     mode: 0644
@@ -51,16 +51,16 @@
     group: "{{ ansible_wheel }}"
   notify: restart nginx
 
-- name: fix logdir permissions
-  file:
+- name: Fix logdir permissions
+  ansible.builtin.file:
     path: "{{ nginx_logdir }}"
     state: directory
     mode: 0755
     owner: root
     group: "{{ ansible_wheel }}"
 
-- name: disable system log rotate
-  lineinfile:
+- name: Disable system log rotate
+  ansible.builtin.lineinfile:
     path: /etc/newsyslog.conf
     state: absent
     regexp: '^/var/www/logs/{{ item }}\s+.*'
@@ -69,8 +69,8 @@
     - error.log
   when: ansible_os_family == "OpenBSD"
 
-- name: install custom logrotate
-  template:
+- name: Install custom logrotate
+  ansible.builtin.template:
     dest: /usr/local/sbin/nginx-logrotate
     src: nginx-logrotate.sh
     mode: 0755
@@ -78,16 +78,16 @@
     group: "{{ ansible_wheel }}"
   when: ansible_os_family == "OpenBSD"
 
-- name: add logrotate cron job
-  cron:
+- name: Add logrotate cron job
+  ansible.builtin.cron:
     name: nginx-logrotate
     hour: "0"
     minute: "0"
     job: /usr/local/sbin/nginx-logrotate
   when: ansible_os_family == "OpenBSD"
 
-- name: set logdir permissions
-  file:
+- name: Set logdir permissions
+  ansible.builtin.file:
     path: /var/log/nginx
     mode: 0755
     owner: root
@@ -96,8 +96,8 @@
     - ansible_distribution == "CentOS"
     - ansible_distribution_major_version == "7"
 
-- name: set logfile permissions
-  lineinfile:
+- name: Set logfile permissions
+  ansible.builtin.lineinfile:
     path: /etc/logrotate.d/nginx
     regexp: '^\s+create '
     line: "    create 0644 nginx root"
@@ -105,8 +105,8 @@
     - ansible_distribution == "CentOS"
     - ansible_distribution_major_version == "7"
 
-- name: import sftpuser role
-  import_role:
+- name: Import sftpuser role
+  ansible.builtin.import_role:
     name: sftpuser
   vars:
     chroot: "{{ nginx_logdir }}"
@@ -114,26 +114,26 @@
     publickeys: "{{ logsync_publickeys }}"
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1725248
-- block:
-    - name: create drop-in directory for service
-      file:
-        dest: /etc/systemd/system/nginx.service.d
-        state: directory
-        mode: 0755
-        owner: root
-        group: "{{ ansible_wheel }}"
-
-    - name: configure service startup dependencies
-      copy:
-        dest: /etc/systemd/system/nginx.service.d/dependency.conf
-        src: dependency.conf
-        mode: 0644
-        owner: root
-        group: "{{ ansible_wheel }}"
+- name: Create drop-in directory for service
+  ansible.builtin.file:
+    dest: /etc/systemd/system/nginx.service.d
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
   when: ansible_os_family == "RedHat"
 
-- name: enable nginx service
-  service:
+- name: Configure service startup dependencies
+  ansible.builtin.copy:
+    dest: /etc/systemd/system/nginx.service.d/dependency.conf
+    src: dependency.conf
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  when: ansible_os_family == "RedHat"
+
+- name: Enable nginx service
+  ansible.builtin.service:
     name: nginx
     arguments: -u
     state: started
diff --git a/roles/nginx/site/tasks/main.yml b/roles/nginx/site/tasks/main.yml
index e4b65b7..fbb2793 100644
--- a/roles/nginx/site/tasks/main.yml
+++ b/roles/nginx/site/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
-- name: "create site data directory for {{ site }}"
-  file:
+- name: "Create site data directory for {{ site }}"
+  ansible.builtin.file:
     path: "/srv/web/{{ site }}"
     state: directory
     mode: 0755
@@ -8,17 +8,17 @@
     group: "{{ ansible_wheel }}"
   when: redirect is not defined and proxy is not defined
 
-- name: "create site config for {{ site }}"
-  template:
+- name: "Create site config for {{ site }}"
+  ansible.builtin.template:
     dest: /etc/nginx/conf.d/{{ site }}.conf
     src: site.conf.j2
     mode: 0644
     owner: root
     group: "{{ ansible_wheel }}"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: "copy site private key for {{ site }}"
-  copy:
+- name: "Copy site private key for {{ site }}"
+  ansible.builtin.copy:
     dest: "{{ tls_private }}/{{ site }}.key"
     src: "{{ item }}"
     mode: 0600
@@ -29,10 +29,10 @@
     - "/srv/ca/private/{{ site }}.key"
     - "/srv/ca/private/{{ inventory_hostname }}.key"
   tags: certificates
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: "copy site certificate for {{ site }}"
-  copy:
+- name: "Copy site certificate for {{ site }}"
+  ansible.builtin.copy:
     src: "{{ item }}"
     dest: "{{ tls_certs }}/{{ site }}-fullchain.crt"
     mode: 0644
@@ -44,4 +44,4 @@
     - "/srv/ca/certs/hosts/{{ site }}.crt"
     - "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
   tags: certificates
-  notify: restart nginx
+  notify: Restart nginx