nginx: ansible-lint fixes

2022-10-30 16:32:45 +00:00 · 2022-10-30 16:32:45 +00:00 · 0745d3a635
commit 0745d3a635
parent e65fc46d5b
3 changed files with 57 additions and 58 deletions
--- a/roles/nginx/server/handlers/main.yml
+++ b/roles/nginx/server/handlers/main.yml
@ -1,6 +1,5 @@
 ---
-
- name: restart nginx
-  service:
+- name: Restart nginx
+  ansible.builtin.service:
    name: nginx
    state: restarted
--- a/roles/nginx/server/tasks/main.yml
+++ b/roles/nginx/server/tasks/main.yml
@ -1,9 +1,9 @@
 ---
- name: include os-specific variables
-  include_vars: "{{ ansible_os_family }}.yml"
+- name: Include OS-specific variables
+  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"

- name: enable nginx:120 module
-  command:
+- name: Enable nginx:120 module
+  ansible.builtin.command:
    argv:
      - dnf
      - module
@ -17,19 +17,19 @@
    - ansible_distribution != "Fedora"
    - ansible_distribution_major_version|int >= 8

- name: install packages
-  package:
+- name: Install packages
+  ansible.builtin.package:
    name: nginx
    state: installed

- name: fix selinux contexts from data directory
-  sefcontext:
+- name: Fix selinux contexts from data directory
+  community.general.sefcontext:
    path: /srv/web(/.*)?
    setype: httpd_sys_content_t
  when: ansible_selinux_python_present

- name: create nginx data and config directories
-  file:
+- name: Create nginx data and config directories
+  ansible.builtin.file:
    state: directory
    path: "{{ item }}"
    mode: 0755
@ -42,8 +42,8 @@
    - "/srv/web/{{ inventory_hostname }}"
    - "/etc/nginx/conf.d/{{ inventory_hostname }}"

- name: create nginx base config
-  template:
+- name: Create nginx base config
+  ansible.builtin.template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    mode: 0644
@ -51,16 +51,16 @@
    group: "{{ ansible_wheel }}"
  notify: restart nginx

- name: fix logdir permissions
-  file:
+- name: Fix logdir permissions
+  ansible.builtin.file:
    path: "{{ nginx_logdir }}"
    state: directory
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"

- name: disable system log rotate
-  lineinfile:
+- name: Disable system log rotate
+  ansible.builtin.lineinfile:
    path: /etc/newsyslog.conf
    state: absent
    regexp: '^/var/www/logs/{{ item }}\s+.*'
@ -69,8 +69,8 @@
    - error.log
  when: ansible_os_family == "OpenBSD"

- name: install custom logrotate
-  template:
+- name: Install custom logrotate
+  ansible.builtin.template:
    dest: /usr/local/sbin/nginx-logrotate
    src: nginx-logrotate.sh
    mode: 0755
@ -78,16 +78,16 @@
    group: "{{ ansible_wheel }}"
  when: ansible_os_family == "OpenBSD"

- name: add logrotate cron job
-  cron:
+- name: Add logrotate cron job
+  ansible.builtin.cron:
    name: nginx-logrotate
    hour: "0"
    minute: "0"
    job: /usr/local/sbin/nginx-logrotate
  when: ansible_os_family == "OpenBSD"

- name: set logdir permissions
-  file:
+- name: Set logdir permissions
+  ansible.builtin.file:
    path: /var/log/nginx
    mode: 0755
    owner: root
@ -96,8 +96,8 @@
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "7"

- name: set logfile permissions
-  lineinfile:
+- name: Set logfile permissions
+  ansible.builtin.lineinfile:
    path: /etc/logrotate.d/nginx
    regexp: '^\s+create '
    line: "    create 0644 nginx root"
@ -105,8 +105,8 @@
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "7"

- name: import sftpuser role
-  import_role:
+- name: Import sftpuser role
+  ansible.builtin.import_role:
    name: sftpuser
  vars:
    chroot: "{{ nginx_logdir }}"
@ -114,17 +114,17 @@
    publickeys: "{{ logsync_publickeys }}"

 # https://bugzilla.redhat.com/show_bug.cgi?id=1725248
- block:
-    - name: create drop-in directory for service
-      file:
+- name: Create drop-in directory for service
+  ansible.builtin.file:
    dest: /etc/systemd/system/nginx.service.d
    state: directory
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"
+  when: ansible_os_family == "RedHat"

-    - name: configure service startup dependencies
-      copy:
+- name: Configure service startup dependencies
+  ansible.builtin.copy:
    dest: /etc/systemd/system/nginx.service.d/dependency.conf
    src: dependency.conf
    mode: 0644
@ -132,8 +132,8 @@
    group: "{{ ansible_wheel }}"
  when: ansible_os_family == "RedHat"

- name: enable nginx service
-  service:
+- name: Enable nginx service
+  ansible.builtin.service:
    name: nginx
    arguments: -u
    state: started
--- a/roles/nginx/site/tasks/main.yml
+++ b/roles/nginx/site/tasks/main.yml
@ -1,6 +1,6 @@
 ---
- name: "create site data directory for {{ site }}"
-  file:
+- name: "Create site data directory for {{ site }}"
+  ansible.builtin.file:
    path: "/srv/web/{{ site }}"
    state: directory
    mode: 0755
@ -8,17 +8,17 @@
    group: "{{ ansible_wheel }}"
  when: redirect is not defined and proxy is not defined

- name: "create site config for {{ site }}"
-  template:
+- name: "Create site config for {{ site }}"
+  ansible.builtin.template:
    dest: /etc/nginx/conf.d/{{ site }}.conf
    src: site.conf.j2
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
-  notify: restart nginx
+  notify: Restart nginx

- name: "copy site private key for {{ site }}"
-  copy:
+- name: "Copy site private key for {{ site }}"
+  ansible.builtin.copy:
    dest: "{{ tls_private }}/{{ site }}.key"
    src: "{{ item }}"
    mode: 0600
@ -29,10 +29,10 @@
    - "/srv/ca/private/{{ site }}.key"
    - "/srv/ca/private/{{ inventory_hostname }}.key"
  tags: certificates
-  notify: restart nginx
+  notify: Restart nginx

- name: "copy site certificate for {{ site }}"
-  copy:
+- name: "Copy site certificate for {{ site }}"
+  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "{{ tls_certs }}/{{ site }}-fullchain.crt"
    mode: 0644
@ -44,4 +44,4 @@
    - "/srv/ca/certs/hosts/{{ site }}.crt"
    - "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
  tags: certificates
-  notify: restart nginx
+  notify: Restart nginx