harmonized yaml syntax

13 files changed, 110 insertions, 70 deletions

diff --git a/README_vault.md b/README_vault.md
index 4b623e46..680a50d8 100644
--- a/README_vault.md
+++ b/README_vault.md
@@ -94,20 +94,20 @@ Working with Vault files
 
  * create new vault:
    ```
-# ansible-vault create secrets/foo.vault.yml
+# ansible-vault create group_vars/mygroup/vault.yml
    ```
    This will open up an editor which allows you to add variables. Once you
    store and close the file the content is automatically encrypted.
 
  * edit a vault file:
    ```
-# ansible-vault edit secrets/foo.vault.yml
+# ansible-vault edit group_vars/mygroup/vault.yml
    ```
    This will open up an editor which allows you to add/remove/change variables.
    Once you store and close the file the content is automatically encrypted.
 
  * show the contents of a vault file:
    ```
-# ansible-vault view secrets/foo.vault.yml
+# ansible-vault view group_vars/mygroup/vault.yml
    ```
    This will automatially decrypt the file and print it's contents.
diff --git a/roles/base/defaults/main.yaml b/roles/base/defaults/main.yaml
index 282c4fd7..22599b1c 100644
--- a/roles/base/defaults/main.yaml
+++ b/roles/base/defaults/main.yaml
@@ -2,6 +2,22 @@
 sysctl_config_user: {}
 
 modules_blacklist:
-  net: [dccp, sctp, rds, tipc]
-  fs: [cramfs, freevxfs, hfs, hfsplus, jffs2]
-  misc: [bluetooth, firewire-core, n_hdlc, net-pf-31, soundcore, thunderbolt, usb-midi]
+  net:
+  - dccp
+  - sctp
+  - rds
+  - tipc
+  fs:
+  - cramfs
+  - freevxfs
+  - hfs
+  - hfsplus
+  - jffs2
+  misc:
+  - bluetooth
+  - firewire-core
+  - n_hdlc
+  - net-pf-31
+  - soundcore
+  - thunderbolt
+  - usb-midi
diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml
index 91349e50..2828a2e0 100644
--- a/roles/base/tasks/main.yaml
+++ b/roles/base/tasks/main.yaml
@@ -1,25 +1,27 @@
 ---
 - name: apt - Install base system tools
-  apt: name={{ item }} state=present
+  apt:
+    name: "{{ item }}"
+    state: present
   with_items:
-    - htop
-    - dstat
-    - lsof
-    - gawk
-    - psmisc
-    - less
-    - debian-goodies
-    - screen
-    - mtr-tiny
-    - tcpdump
-    - unp
-    - sudo
-    - haveged
-    - dbus
-    - libpam-systemd
-    - aptitude
-    - ca-certificates
-    - file
+  - htop
+  - dstat
+  - lsof
+  - gawk
+  - psmisc
+  - less
+  - debian-goodies
+  - screen
+  - mtr-tiny
+  - tcpdump
+  - unp
+  - sudo
+  - haveged
+  - dbus
+  - libpam-systemd
+  - aptitude
+  - ca-certificates
+  - file
 
 - name: Remove startup message from screen
   lineinfile:
@@ -28,7 +30,7 @@
     dest: /etc/screenrc
     mode: 0644
   tags:
-    - screen
+  - screen
 
 - name: Ensure /root is not world accessible
   file:
@@ -50,10 +52,10 @@
 
 - name: Change various sysctl-settings, look at the sysctl-vars file for documentation
   sysctl:
-    name: '{{ item.key }}'
-    value: '{{ item.value }}'
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
     sysctl_set: yes
     state: present
     reload: yes
     ignoreerrors: yes
-  with_dict: '{{ sysctl_config | combine(sysctl_config_user) }}'
+  with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}"
diff --git a/roles/sshserver/handlers/main.yaml b/roles/sshserver/handlers/main.yaml
index 9b95e27d..822887e3 100644
--- a/roles/sshserver/handlers/main.yaml
+++ b/roles/sshserver/handlers/main.yaml
@@ -1,3 +1,5 @@
 ---
 - name: restart ssh
-  service: name=ssh state=restarted
+  service:
+    name: ssh
+    state: restarted
diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml
index 52a36343..d2c5c9f0 100644
--- a/roles/sshserver/tasks/main.yaml
+++ b/roles/sshserver/tasks/main.yaml
@@ -1,6 +1,8 @@
 ---
 - name: install ssh-server
-  apt: name=openssh-server state=present
+  apt:
+    name: openssh-server
+    state: present
 
 - name: hardening ssh-server config
   lineinfile:
@@ -9,17 +11,17 @@
     dest: /etc/ssh/sshd_config
     mode: 0644
   with_items:
-    - { "regexp": "^#?\\s*IgnoreRhosts", "line": "IgnoreRhosts yes" }
-    - { "regexp": "^#?\\s*PermitRootLogin", "line": "PermitRootLogin without-password" }
-    - { "regexp": "^#?\\s*PubkeyAuthentication", "line": "PubkeyAuthentication yes" }
-    - { "regexp": "^#?\\s*HostbasedAuthentication", "line": "HostbasedAuthentication no"  }
-    - { "regexp": "^#?\\s*PermitEmptyPasswords", "line": "PermitEmptyPasswords no" }
-    - { "regexp": "^#?\\s*UseDNS", "line": "UseDNS no" }
+  - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" }
+  - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" }
+  - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" }
+  - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no"  }
+  - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" }
+  - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" }
   notify: restart ssh
 
 - name: limit allowed users
   lineinfile:
-     dest: /etc/ssh/sshd_config
-     regexp: "^AllowUsers"
-     line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}"
+    dest: /etc/ssh/sshd_config
+    regexp: "^AllowUsers"
+    line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}"
   notify: restart ssh
diff --git a/roles/upgrade/tasks/main.yaml b/roles/upgrade/tasks/main.yaml
index f145bb04..f6aa211a 100644
--- a/roles/upgrade/tasks/main.yaml
+++ b/roles/upgrade/tasks/main.yaml
@@ -1,6 +1,7 @@
 ---
 - name: Update packages list
-  apt: update_cache=yes
+  apt:
+    update_cache: yes
 
 - name: List packages to upgrade (1/2)
   command: aptitude -q -F%p --disable-columns search "~U"
@@ -9,11 +10,13 @@
   failed_when: updates.rc != 0 and updates.rc != 1
 
 - name: List packages to upgrade (2/2)
-  debug: msg="{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})"
+  debug:
+    msg: "{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})"
   when: updates.stdout_lines
 
 - name: Upgrade packages
-  apt: upgrade=safe
+  apt:
+   upgrade: safe
 
 - name: List services to restart (1/2)
   shell: checkrestart | grep ^service | awk '{print $2}'
@@ -21,7 +24,8 @@
   changed_when: False
 
 - name: List services to restart (2/2)
-  debug: msg="{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})"
+  debug:
+    msg: "{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})"
   when: services.stdout_lines
 
 - name: clean apt-cache
diff --git a/roles/vm-grub/tasks/main.yaml b/roles/vm-grub/tasks/main.yaml
index 970cd9b4..bd48a470 100644
--- a/roles/vm-grub/tasks/main.yaml
+++ b/roles/vm-grub/tasks/main.yaml
@@ -1,10 +1,12 @@
 ---
 - name: enable serial console in grub and for kernel
-  lineinfile: dest=/etc/default/grub regexp={{ item.regexp }} line={{ item.line }}
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
   with_items:
-    - { 'regexp': '^GRUB_TIMEOUT=', 'line': 'GRUB_TIMEOUT=2' }
-    - { 'regexp': '^GRUB_CMDLINE_LINUX=', 'line': 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' }
-    - { 'regexp': '^GRUB_TERMINAL=', 'line': 'GRUB_TERMINAL=serial' }
-    - { 'regexp': '^GRUB_SERIAL_COMMAND=', 'line': 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' }
+  - { regexp: '^GRUB_TIMEOUT=', line: 'GRUB_TIMEOUT=2' }
+  - { regexp: '^GRUB_CMDLINE_LINUX=', line: 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' }
+  - { regexp: '^GRUB_TERMINAL=', line: 'GRUB_TERMINAL=serial' }
+  - { regexp: '^GRUB_SERIAL_COMMAND=', line: 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' }
   notify: update grub
-
diff --git a/roles/vm-install/tasks/main.yaml b/roles/vm-install/tasks/main.yaml
index 2e914ebc..0c95e599 100644
--- a/roles/vm-install/tasks/main.yaml
+++ b/roles/vm-install/tasks/main.yaml
@@ -99,9 +99,16 @@
   virt:
     name: "{{ inventory_hostname }}"
     state: running
-    autostart: "{{ vm_install.autostart | default(omit) }}"
   delegate_to: "{{ vm_install.host }}"
 
+- name: mark vm as autostarted
+  virt:
+    name: "{{ inventory_hostname }}"
+    autostart: "{{ vm_install.autostart }}"
+    command: info ## virt module needs either command or state
+  delegate_to: "{{ vm_install.host }}"
+  when: vm_install.autostart is defined
+
 - name: wait for vm to start up
   wait_for_connection:
     delay: 5
diff --git a/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 b/roles/vm-install/templates/preseed_debian-stretch.cfg.j2
index c8f4b45f..267da58b 100644
--- a/roles/vm-install/templates/preseed_debian-stretch.cfg.j2
+++ b/roles/vm-install/templates/preseed_debian-stretch.cfg.j2
@@ -53,21 +53,18 @@ d-i partman-auto/expert_recipe string                                   \
               .                                                         \
               1536 10000 2048 ext4                                      \
                       $lvmok{ } in_vg{ {{ inventory_hostname }} }       \
-                      lv_name { root }                                  \
                       method{ format } format{ }                        \
                       use_filesystem{ } filesystem{ ext4 }              \
                       mountpoint{ / }                                   \
               .                                                         \
               1024 11000 1280 ext4                                      \
                       $lvmok{ } in_vg{ {{ inventory_hostname }} }       \
-                      lv_name { var }                                   \
                       method{ format } format{ }                        \
                       use_filesystem{ } filesystem{ ext4 }              \
                       mountpoint{ /var }                                \
               .                                                         \
               768 10000 768 ext4                                        \
                       $lvmok{ } in_vg{ {{ inventory_hostname }} }       \
-                      lv_name { varlog }                                \
                       method{ format } format{ }                        \
                       use_filesystem{ } filesystem{ ext4 }              \
                       mountpoint{ /var/log }                            \
diff --git a/roles/vm-network/tasks/public.yaml b/roles/vm-network/tasks/public.yaml
index 85a057d8..8b0e317a 100644
--- a/roles/vm-network/tasks/public.yaml
+++ b/roles/vm-network/tasks/public.yaml
@@ -1,8 +1,8 @@
 ---
 - name: set routing table names
   with_items:
-    - { 'regexp': '^89\s',  'line': '89      mur-default' }
-    - { 'regexp': '^212\s', 'line': '212     upc-default' }
+  - { regexp: '^89\s',  line: '89      mur-default' }
+  - { regexp: '^212\s', line: '212     upc-default' }
   lineinfile:
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
@@ -11,15 +11,15 @@
 - name: calculate address lists
   set_fact:
     srv_network_public_firewall_ipv4:
-      - "{{ srv_network.public.ip_mur }}"
-      - "{{ srv_network.public.ip_upc }}"
+    - "{{ srv_network.public.ip_mur }}"
+    - "{{ srv_network.public.ip_upc }}"
     srv_network_public_firewall_ipv6:
-      - "{{ srv_network.public.ip_mur6 }}"
+    - "{{ srv_network.public.ip_mur6 }}"
 
 - name: install firewall scripts
   with_items:
-    - 4
-    - 6
+  - 4
+  - 6
   template:
     src: firewall.sh_public.j2
     dest: "/etc/network/firewall{{ item }}.sh"
diff --git a/roles/vm-network/tasks/systemd-link.yaml b/roles/vm-network/tasks/systemd-link.yaml
index eb52474a..ad12cd37 100644
--- a/roles/vm-network/tasks/systemd-link.yaml
+++ b/roles/vm-network/tasks/systemd-link.yaml
@@ -4,8 +4,8 @@
     name: "/etc/systemd/network/{{ item }}"
     state: absent
   with_items:
-    - 50-virtio-kernel-names.link
-    - 99-default.link
+  - 50-virtio-kernel-names.link
+  - 99-default.link
 
 - name: install systemd network link units
   template:
diff --git a/roles/zsh/tasks/main.yaml b/roles/zsh/tasks/main.yaml
index 61aa7c83..93bb1abf 100644
--- a/roles/zsh/tasks/main.yaml
+++ b/roles/zsh/tasks/main.yaml
@@ -1,15 +1,21 @@
 ---
 - name: install zsh packages
-  apt: name={{ item }} state=present
+  apt:
+    name: "{{ item }}"
+    state: present
   with_items:
   - zsh
 
 - name: install zsh-config
-  copy: src={{ item.src }} dest={{ item.dest }}
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
   with_items:
-  - { "src": "zshrc", "dest": "/etc/zsh/zshrc" }
-  - { "src": "zshrc.skel", "dest": "/etc/skel/.zshrc" }
+  - { src: "zshrc", dest: "/etc/zsh/zshrc" }
+  - { src: "zshrc.skel", dest: "/etc/skel/.zshrc" }
 
 - name: set zsh as default shell
-  user: name="{{ item }}" shell=/bin/zsh
+  user:
+    name: "{{ item }}"
+    shell: /bin/zsh
   with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}"
diff --git a/vminstall.yaml b/vminstall.yaml
index 7db24d67..0f716d69 100644
--- a/vminstall.yaml
+++ b/vminstall.yaml
@@ -3,7 +3,7 @@
   hosts: "{{ vmname }}"
   gather_facts: no
   roles:
-    - role: vm-install
+  - role: vm-install
 
 - import_playbook: "playbooks/{{ vmname }}.yaml"
 
@@ -11,4 +11,6 @@
   hosts: "{{ vmname }}"
   gather_facts: no
   roles:
-    - { role: reboot-and-wait, reboot_delay: 10, reboot_timeout: 120 }
+  - role: reboot-and-wait
+    reboot_delay: 10
+    reboot_timeout: 120