nginx: ansible-lint fixes

roles/nginx/server/handlers/main.yml

@@ -1,6 +1,5 @@
 ---
-
+- name: Restart nginx
-- name: restart nginx
+  ansible.builtin.service:
-  service:
     name: nginx
     state: restarted

roles/nginx/server/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
-- name: include os-specific variables
+- name: Include OS-specific variables
-  include_vars: "{{ ansible_os_family }}.yml"
+  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
 
-- name: enable nginx:120 module
+- name: Enable nginx:120 module
-  command:
+  ansible.builtin.command:
     argv:
       - dnf
       - module
@@ -17,19 +17,19 @@
     - ansible_distribution != "Fedora"
     - ansible_distribution_major_version|int >= 8
 
-- name: install packages
+- name: Install packages
-  package:
+  ansible.builtin.package:
     name: nginx
     state: installed
 
-- name: fix selinux contexts from data directory
+- name: Fix selinux contexts from data directory
-  sefcontext:
+  community.general.sefcontext:
     path: /srv/web(/.*)?
     setype: httpd_sys_content_t
   when: ansible_selinux_python_present
 
-- name: create nginx data and config directories
+- name: Create nginx data and config directories
-  file:
+  ansible.builtin.file:
     state: directory
     path: "{{ item }}"
     mode: 0755
@@ -42,8 +42,8 @@
     - "/srv/web/{{ inventory_hostname }}"
     - "/etc/nginx/conf.d/{{ inventory_hostname }}"
 
-- name: create nginx base config
+- name: Create nginx base config
-  template:
+  ansible.builtin.template:
     src: nginx.conf.j2
     dest: /etc/nginx/nginx.conf
     mode: 0644
@@ -51,16 +51,16 @@
     group: "{{ ansible_wheel }}"
   notify: restart nginx
 
-- name: fix logdir permissions
+- name: Fix logdir permissions
-  file:
+  ansible.builtin.file:
     path: "{{ nginx_logdir }}"
     state: directory
     mode: 0755
     owner: root
     group: "{{ ansible_wheel }}"
 
-- name: disable system log rotate
+- name: Disable system log rotate
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/newsyslog.conf
     state: absent
     regexp: '^/var/www/logs/{{ item }}\s+.*'
@@ -69,8 +69,8 @@
     - error.log
   when: ansible_os_family == "OpenBSD"
 
-- name: install custom logrotate
+- name: Install custom logrotate
-  template:
+  ansible.builtin.template:
     dest: /usr/local/sbin/nginx-logrotate
     src: nginx-logrotate.sh
     mode: 0755
@@ -78,16 +78,16 @@
     group: "{{ ansible_wheel }}"
   when: ansible_os_family == "OpenBSD"
 
-- name: add logrotate cron job
+- name: Add logrotate cron job
-  cron:
+  ansible.builtin.cron:
     name: nginx-logrotate
     hour: "0"
     minute: "0"
     job: /usr/local/sbin/nginx-logrotate
   when: ansible_os_family == "OpenBSD"
 
-- name: set logdir permissions
+- name: Set logdir permissions
-  file:
+  ansible.builtin.file:
     path: /var/log/nginx
     mode: 0755
     owner: root
@@ -96,8 +96,8 @@
     - ansible_distribution == "CentOS"
     - ansible_distribution_major_version == "7"
 
-- name: set logfile permissions
+- name: Set logfile permissions
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/logrotate.d/nginx
     regexp: '^\s+create '
     line: "    create 0644 nginx root"
@@ -105,8 +105,8 @@
     - ansible_distribution == "CentOS"
     - ansible_distribution_major_version == "7"
 
-- name: import sftpuser role
+- name: Import sftpuser role
-  import_role:
+  ansible.builtin.import_role:
     name: sftpuser
   vars:
     chroot: "{{ nginx_logdir }}"
@@ -114,17 +114,17 @@
     publickeys: "{{ logsync_publickeys }}"
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1725248
-- block:
+- name: Create drop-in directory for service
-    - name: create drop-in directory for service
+  ansible.builtin.file:
-      file:
     dest: /etc/systemd/system/nginx.service.d
     state: directory
     mode: 0755
     owner: root
     group: "{{ ansible_wheel }}"
+  when: ansible_os_family == "RedHat"
 
-    - name: configure service startup dependencies
+- name: Configure service startup dependencies
-      copy:
+  ansible.builtin.copy:
     dest: /etc/systemd/system/nginx.service.d/dependency.conf
     src: dependency.conf
     mode: 0644
@@ -132,8 +132,8 @@
     group: "{{ ansible_wheel }}"
   when: ansible_os_family == "RedHat"
 
-- name: enable nginx service
+- name: Enable nginx service
-  service:
+  ansible.builtin.service:
     name: nginx
     arguments: -u
     state: started

roles/nginx/site/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
-- name: "create site data directory for {{ site }}"
+- name: "Create site data directory for {{ site }}"
-  file:
+  ansible.builtin.file:
     path: "/srv/web/{{ site }}"
     state: directory
     mode: 0755
@@ -8,17 +8,17 @@
     group: "{{ ansible_wheel }}"
   when: redirect is not defined and proxy is not defined
 
-- name: "create site config for {{ site }}"
+- name: "Create site config for {{ site }}"
-  template:
+  ansible.builtin.template:
     dest: /etc/nginx/conf.d/{{ site }}.conf
     src: site.conf.j2
     mode: 0644
     owner: root
     group: "{{ ansible_wheel }}"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: "copy site private key for {{ site }}"
+- name: "Copy site private key for {{ site }}"
-  copy:
+  ansible.builtin.copy:
     dest: "{{ tls_private }}/{{ site }}.key"
     src: "{{ item }}"
     mode: 0600
@@ -29,10 +29,10 @@
     - "/srv/ca/private/{{ site }}.key"
     - "/srv/ca/private/{{ inventory_hostname }}.key"
   tags: certificates
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: "copy site certificate for {{ site }}"
+- name: "Copy site certificate for {{ site }}"
-  copy:
+  ansible.builtin.copy:
     src: "{{ item }}"
     dest: "{{ tls_certs }}/{{ site }}-fullchain.crt"
     mode: 0644
@@ -44,4 +44,4 @@
     - "/srv/ca/certs/hosts/{{ site }}.crt"
     - "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
   tags: certificates
-  notify: restart nginx
+  notify: Restart nginx