From 8463f1cf9634654c4eb00e2b93da9c18a546b435 Mon Sep 17 00:00:00 2001
From: Hadrien Patte <hadrien.patte@protonmail.com>
Date: Sat, 23 Mar 2019 19:10:56 +0100
Subject: [PATCH 1/7] Feat: use ini_file module

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
---
 roles/baseconfig/tasks/apt-listchanges.yml    | 25 +++++++++++-----
 roles/basesecurity/tasks/main.yml             | 30 ++++++++++++++++---
 .../templates/fail2ban/jail.d/local.conf.j2   | 12 --------
 3 files changed, 43 insertions(+), 24 deletions(-)
 delete mode 100644 roles/basesecurity/templates/fail2ban/jail.d/local.conf.j2

diff --git a/roles/baseconfig/tasks/apt-listchanges.yml b/roles/baseconfig/tasks/apt-listchanges.yml
index ddfebb7..ec68e1f 100644
--- a/roles/baseconfig/tasks/apt-listchanges.yml
+++ b/roles/baseconfig/tasks/apt-listchanges.yml
@@ -12,11 +12,20 @@
 
 # Send email when there is something new
 - name: Configure apt-listchanges
-  lineinfile:
-    dest: /etc/apt/listchanges.conf
-    regexp: "^{{ item.key }}="
-    line: "{{ item.value }}"
-  with_dict:
-    confirm: 'confirm=true'
-    email_address: "email_address={{ monitoring_mail }}"
-    which: 'which=both'
+  ini_file:
+    path: /etc/apt/listchanges.conf
+    no_extra_spaces: true
+    section: apt
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    state: present
+  loop:
+    - option: confirm
+      value: "true"
+
+    - option: email_address
+      value: "{{ monitoring_mail }}"
+
+    - option: which
+      value: both
+...
diff --git a/roles/basesecurity/tasks/main.yml b/roles/basesecurity/tasks/main.yml
index 4fc922e..a08b869 100644
--- a/roles/basesecurity/tasks/main.yml
+++ b/roles/basesecurity/tasks/main.yml
@@ -47,11 +47,33 @@
   until: apt_result is succeeded
 
 - name: Configure fail2ban
-  template:
-    src: fail2ban/jail.d/local.conf.j2
-    dest: /etc/fail2ban/jail.d/local.conf
-    mode: 0644
+  ini_file:
+    path: /etc/fail2ban/jail.d/local.conf
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    state: present
   notify: Restart fail2ban service
+  loop:
+    - section: DEFAULT
+      option: ignoreip
+      value: 10.128.0.254  # Whitelist bastion
+
+    - section: sshd
+      option: enabled
+      value: "true"
+
+    - section: sshd
+      option: bantime
+      value: 600
+
+    - section: sshd
+      option: findtime
+      value: 600
+
+    - section: sshd
+      option: maxretry
+      value: 5
 
 # See altered packages and configurations with `debsums -ca`
 - name: Install debsums
diff --git a/roles/basesecurity/templates/fail2ban/jail.d/local.conf.j2 b/roles/basesecurity/templates/fail2ban/jail.d/local.conf.j2
deleted file mode 100644
index 844ace1..0000000
--- a/roles/basesecurity/templates/fail2ban/jail.d/local.conf.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-# {{ ansible_managed }}
-
-# Ban a host for 10mn
-# if it has failed 5 times during the last 10mn
-[sshd]
-enabled = true
-bantime  = 600
-findtime  = 600
-maxretry = 5
-
-# Whitelist bastion
-ignoreip = 10.128.0.254

From 5551fb5c16186b9acee3a9455c44b44dfa02e387 Mon Sep 17 00:00:00 2001
From: Hadrien Patte <hadrien.patte@protonmail.com>
Date: Sat, 23 Mar 2019 19:13:02 +0100
Subject: [PATCH 2/7] Fix: remove unnecessary quotes

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
---
 roles/baseconfig/tasks/main.yml                 |  8 ++++----
 roles/codimd/tasks/0_apt_dependencies.yml       |  2 +-
 roles/codimd/tasks/main.yml                     |  4 ++--
 roles/ldap-client/handlers/main.yml             |  2 +-
 roles/ldap-client/tasks/1_group_security.yml    |  8 ++++----
 roles/ldap-client/tasks/2_userland_scripts.yml  |  2 +-
 roles/ldap-replica/tasks/main.yml               |  6 +++---
 roles/matrix-appservice-discord/tasks/main.yml  |  4 ++--
 roles/matrix-appservice-irc/tasks/main.yml      |  4 ++--
 roles/matrix-appservice-webhooks/tasks/main.yml |  4 ++--
 roles/matrix-riot/tasks/main.yml                |  2 +-
 roles/nginx-reverse-proxy/tasks/main.yml        | 10 +++++-----
 12 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml
index 447b046..9cc21b1 100644
--- a/roles/baseconfig/tasks/main.yml
+++ b/roles/baseconfig/tasks/main.yml
@@ -23,8 +23,8 @@
 # Pimp my server
 - name: Customize motd
   copy:
-    src: 'update-motd.d/00-logo'
-    dest: '/etc/update-motd.d/00-logo'
+    src: update-motd.d/00-logo
+    dest: /etc/update-motd.d/00-logo
     mode: 0755
 
 # Configure APT mirrors on Debian Stretch
@@ -33,8 +33,8 @@
     - ansible_distribution == 'Debian'
     - ansible_distribution_release == 'stretch'
   template:
-    src: 'apt/sources.list.j2'
-    dest: '/etc/apt/sources.list'
+    src: apt/sources.list.j2
+    dest: /etc/apt/sources.list
     mode: 0644
 
 # Patriotisme
diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml
index 0fcacfb..76646e6 100644
--- a/roles/codimd/tasks/0_apt_dependencies.yml
+++ b/roles/codimd/tasks/0_apt_dependencies.yml
@@ -18,7 +18,7 @@
 
 - name: Configure Yarn repository
   apt_repository:
-    repo: "deb https://dl.yarnpkg.com/debian/ stable main"
+    repo: deb https://dl.yarnpkg.com/debian/ stable main
 
 # Install CodiMD dependencies
 - name: Install required packages
diff --git a/roles/codimd/tasks/main.yml b/roles/codimd/tasks/main.yml
index f3b349f..f176b95 100644
--- a/roles/codimd/tasks/main.yml
+++ b/roles/codimd/tasks/main.yml
@@ -47,8 +47,8 @@
 # Service file
 - name: Install CodiMD systemd unit
   template:
-    src: 'systemd/codimd.service.j2'
-    dest: '/etc/systemd/system/codimd.service'
+    src: systemd/codimd.service.j2
+    dest: /etc/systemd/system/codimd.service
     owner: root
     group: root
     mode: 0644
diff --git a/roles/ldap-client/handlers/main.yml b/roles/ldap-client/handlers/main.yml
index b233281..f0f3111 100644
--- a/roles/ldap-client/handlers/main.yml
+++ b/roles/ldap-client/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Reconfigure libnss-ldapd package
-  command: 'dpkg-reconfigure libnss-ldapd -f noninteractive'
+  command: dpkg-reconfigure libnss-ldapd -f noninteractive
 
 - name: Restart nslcd service
   service:
diff --git a/roles/ldap-client/tasks/1_group_security.yml b/roles/ldap-client/tasks/1_group_security.yml
index 9e01f03..d9bf2cb 100644
--- a/roles/ldap-client/tasks/1_group_security.yml
+++ b/roles/ldap-client/tasks/1_group_security.yml
@@ -3,8 +3,8 @@
 - name: Filter SSH on groups
   lineinfile:
     dest: /etc/ssh/sshd_config
-    regexp: '^AllowGroups'
-    line: "AllowGroups root sudoldap aurore ssh"
+    regexp: ^AllowGroups
+    line: AllowGroups root sudoldap aurore ssh
 
 # To gain root access with ldap rights
 - name: Install SUDO package
@@ -19,13 +19,13 @@
 - name: Configure sudoers sudo group
   lineinfile:
     dest: /etc/sudoers
-    regexp: "^%{{ sudo_group }}"
+    regexp: ^%{{ sudo_group }}
     line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL"
 
 # Set sudo location group
 - name: Configure sudoers sudo location group
   lineinfile:
     dest: /etc/sudoers
-    regexp: "^%{{ sudo_group_location }}"
+    regexp: ^%{{ sudo_group_location }}
     line: "%{{ sudo_group_location }} ALL=(ALL:ALL) ALL"
   when: sudo_group_location is defined
diff --git a/roles/ldap-client/tasks/2_userland_scripts.yml b/roles/ldap-client/tasks/2_userland_scripts.yml
index 34d0098..4799765 100644
--- a/roles/ldap-client/tasks/2_userland_scripts.yml
+++ b/roles/ldap-client/tasks/2_userland_scripts.yml
@@ -3,7 +3,7 @@
 - name: Copy passwd and chsh scripts
   template:
     src: "{{ item }}.j2"
-    dest: "/usr/local/bin/{{ item }}"
+    dest: /usr/local/bin/{{ item }}
     mode: 0755
   with_items:
     - chsh
diff --git a/roles/ldap-replica/tasks/main.yml b/roles/ldap-replica/tasks/main.yml
index 45f99c5..bb31e09 100644
--- a/roles/ldap-replica/tasks/main.yml
+++ b/roles/ldap-replica/tasks/main.yml
@@ -43,7 +43,7 @@
 # Install schema as root
 # We can't do a `become_user` here
 - name: Install LDAP schema
-  command: 'slapadd -n 0 -l /etc/ldap/schema.ldiff -F /etc/ldap/slapd.d'
+  command: slapadd -n 0 -l /etc/ldap/schema.ldiff -F /etc/ldap/slapd.d
 
 # then fix permissions
 - name: Fix permissions
@@ -53,8 +53,8 @@
     group: openldap
     recurse: true
   with_items:
-    - '/var/lib/ldap'
-    - '/etc/ldap/slapd.d'
+    - /var/lib/ldap
+    - /etc/ldap/slapd.d
 
 # Save the day
 - name: Start LDAP server
diff --git a/roles/matrix-appservice-discord/tasks/main.yml b/roles/matrix-appservice-discord/tasks/main.yml
index f043ae3..d4f4cb5 100644
--- a/roles/matrix-appservice-discord/tasks/main.yml
+++ b/roles/matrix-appservice-discord/tasks/main.yml
@@ -44,8 +44,8 @@
 # Service file
 - name: Install matrix-appservice-discord systemd unit
   template:
-    src: 'systemd/matrix-appservice-discord.service.j2'
-    dest: '/etc/systemd/system/matrix-appservice-discord.service'
+    src: systemd/matrix-appservice-discord.service.j2
+    dest: /etc/systemd/system/matrix-appservice-discord.service
     owner: root
     group: root
     mode: 0644
diff --git a/roles/matrix-appservice-irc/tasks/main.yml b/roles/matrix-appservice-irc/tasks/main.yml
index 54c8394..5db1c1b 100644
--- a/roles/matrix-appservice-irc/tasks/main.yml
+++ b/roles/matrix-appservice-irc/tasks/main.yml
@@ -33,8 +33,8 @@
 # Service file
 - name: Install matrix-appservice-irc systemd unit
   template:
-    src: 'systemd/matrix-appservice-irc.service.j2'
-    dest: '/etc/systemd/system/matrix-appservice-irc.service'
+    src: systemd/matrix-appservice-irc.service.j2
+    dest: /etc/systemd/system/matrix-appservice-irc.service
     owner: root
     group: root
     mode: 0644
diff --git a/roles/matrix-appservice-webhooks/tasks/main.yml b/roles/matrix-appservice-webhooks/tasks/main.yml
index 7cf9e02..a0b9e43 100644
--- a/roles/matrix-appservice-webhooks/tasks/main.yml
+++ b/roles/matrix-appservice-webhooks/tasks/main.yml
@@ -33,8 +33,8 @@
 # Service file
 - name: Install matrix-appservice-webhooks systemd unit
   template:
-    src: 'systemd/matrix-appservice-webhooks.service.j2'
-    dest: '/etc/systemd/system/matrix-appservice-webhooks.service'
+    src: systemd/matrix-appservice-webhooks.service.j2
+    dest: /etc/systemd/system/matrix-appservice-webhooks.service
     owner: root
     group: root
     mode: 0644
diff --git a/roles/matrix-riot/tasks/main.yml b/roles/matrix-riot/tasks/main.yml
index 04be56f..8b83ef1 100644
--- a/roles/matrix-riot/tasks/main.yml
+++ b/roles/matrix-riot/tasks/main.yml
@@ -11,7 +11,7 @@
 # Add the repository into source list
 - name: Configure riot repository
   apt_repository:
-    repo: "deb https://riot.im/packages/debian/ {{ ansible_distribution_release }} main"
+    repo: deb https://riot.im/packages/debian/ {{ ansible_distribution_release }} main
 
 # Add the key
 - name: Configure the apt key
diff --git a/roles/nginx-reverse-proxy/tasks/main.yml b/roles/nginx-reverse-proxy/tasks/main.yml
index c646a23..a570a9f 100644
--- a/roles/nginx-reverse-proxy/tasks/main.yml
+++ b/roles/nginx-reverse-proxy/tasks/main.yml
@@ -13,8 +13,8 @@
 # Install proxy snippets
 - name: Configure NGINX proxy snippets
   template:
-    src: "nginx/snippets/{{ item }}.j2"
-    dest: "/etc/nginx/snippets/{{ item }}"
+    src: nginx/snippets/{{ item }}.j2
+    dest: /etc/nginx/snippets/{{ item }}
     mode: 0644
   loop:
     - proxy-common.conf
@@ -25,7 +25,7 @@
 - name: Configure NGINX sites
   template:
     src: nginx/nginx-sites-available.j2
-    dest: "/etc/nginx/sites-available/{{ item.name }}"
+    dest: /etc/nginx/sites-available/{{ item.name }}
     mode: 0644
   loop: "{{ reversed_proxy_subdomains }}"
   notify: Reload NGINX service
@@ -40,8 +40,8 @@
 # Activate sites
 - name: Activate sites
   file:
-    src: "/etc/nginx/sites-available/{{ item.name }}"
-    dest: "/etc/nginx/sites-enabled/{{ item.name }}"
+    src: /etc/nginx/sites-available/{{ item.name }}
+    dest: /etc/nginx/sites-enabled/{{ item.name }}
     state: link
   loop: "{{ reversed_proxy_subdomains }}"
   notify: Reload NGINX service

From e4a60341c54f5dcafdae9644ab6f2fed981358ec Mon Sep 17 00:00:00 2001
From: Hadrien Patte <hadrien.patte@protonmail.com>
Date: Sat, 23 Mar 2019 19:13:41 +0100
Subject: [PATCH 3/7] Feat: simplify one item lists

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
---
 roles/baseconfig/tasks/main.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml
index 9cc21b1..59cd77b 100644
--- a/roles/baseconfig/tasks/main.yml
+++ b/roles/baseconfig/tasks/main.yml
@@ -50,8 +50,7 @@
     question: locales/default_environment_locale
     value: fr_FR.UTF-8
     vtype: select
-  notify:
-    - Reconfigure locales
+  notify: Reconfigure locales
 
 # Molly-Guard : prevent accidental shutdowns
 - include_tasks: molly-guard.yml

From 737ca7b9965f7c44b3e032372a76d57844990e3a Mon Sep 17 00:00:00 2001
From: Hadrien Patte <hadrien.patte@protonmail.com>
Date: Sat, 23 Mar 2019 19:25:04 +0100
Subject: [PATCH 4/7] Feat: add state

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
---
 roles/basesecurity/tasks/main.yml            | 2 ++
 roles/codimd/tasks/0_apt_dependencies.yml    | 8 ++++++--
 roles/dokuwiki/tasks/main.yml                | 3 ++-
 roles/etherpad/tasks/main.yml                | 3 ++-
 roles/ldap-client/tasks/0_install_ldap.yml   | 3 ++-
 roles/ldap-client/tasks/1_group_security.yml | 3 +++
 roles/matrix-mxisd/tasks/main.yml            | 1 +
 roles/matrix-riot/tasks/main.yml             | 9 +++++++--
 roles/matrix-synapse/tasks/main.yml          | 3 ++-
 roles/nginx-reverse-proxy/tasks/main.yml     | 3 ++-
 roles/nodejs/tasks/main.yml                  | 3 ++-
 11 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/roles/basesecurity/tasks/main.yml b/roles/basesecurity/tasks/main.yml
index a08b869..6ff69e8 100644
--- a/roles/basesecurity/tasks/main.yml
+++ b/roles/basesecurity/tasks/main.yml
@@ -42,6 +42,7 @@
 - name: Install fail2ban
   apt:
     name: fail2ban
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -79,6 +80,7 @@
 - name: Install debsums
   apt:
     name: debsums
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml
index 76646e6..c698390 100644
--- a/roles/codimd/tasks/0_apt_dependencies.yml
+++ b/roles/codimd/tasks/0_apt_dependencies.yml
@@ -2,8 +2,9 @@
 # For HTTPS apt
 - name: Install HTTPS apt
   apt:
-    name: apt-transport-https
     update_cache: true
+    name: apt-transport-https
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -12,6 +13,7 @@
   apt_key:
     url: https://dl.yarnpkg.com/debian/pubkey.gpg
     id: 1646B01B86E50310
+    state: present
   register: apt_key_result
   retries: 3
   until: apt_key_result is succeeded
@@ -19,12 +21,14 @@
 - name: Configure Yarn repository
   apt_repository:
     repo: deb https://dl.yarnpkg.com/debian/ stable main
+    state: present
 
 # Install CodiMD dependencies
 - name: Install required packages
   apt:
-    name: yarn
     update_cache: true
+    name: yarn
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml
index 4e1722f..76321ba 100644
--- a/roles/dokuwiki/tasks/main.yml
+++ b/roles/dokuwiki/tasks/main.yml
@@ -22,8 +22,9 @@
 # Install
 - name: Install DokuWiki
   apt:
-    name: dokuwiki
     update_cache: true
+    name: dokuwiki
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/etherpad/tasks/main.yml b/roles/etherpad/tasks/main.yml
index ab5e3b1..21667ec 100644
--- a/roles/etherpad/tasks/main.yml
+++ b/roles/etherpad/tasks/main.yml
@@ -2,8 +2,9 @@
 # Install EtherPad dependencies
 - name: Install required packages
   apt:
-    name: curl
     update_cache: true
+    name: curl
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/ldap-client/tasks/0_install_ldap.yml b/roles/ldap-client/tasks/0_install_ldap.yml
index 5905d4a..31665cc 100644
--- a/roles/ldap-client/tasks/0_install_ldap.yml
+++ b/roles/ldap-client/tasks/0_install_ldap.yml
@@ -2,11 +2,12 @@
 # Install LDAP client packages
 - name: Install LDAP client packages
   apt:
+    update_cache: true
     name:
       - nslcd
       - libnss-ldapd
       - libpam-ldapd
-    update_cache: true
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/ldap-client/tasks/1_group_security.yml b/roles/ldap-client/tasks/1_group_security.yml
index d9bf2cb..607dce7 100644
--- a/roles/ldap-client/tasks/1_group_security.yml
+++ b/roles/ldap-client/tasks/1_group_security.yml
@@ -5,6 +5,7 @@
     dest: /etc/ssh/sshd_config
     regexp: ^AllowGroups
     line: AllowGroups root sudoldap aurore ssh
+    state: present
 
 # To gain root access with ldap rights
 - name: Install SUDO package
@@ -21,6 +22,7 @@
     dest: /etc/sudoers
     regexp: ^%{{ sudo_group }}
     line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL"
+    state: present
 
 # Set sudo location group
 - name: Configure sudoers sudo location group
@@ -28,4 +30,5 @@
     dest: /etc/sudoers
     regexp: ^%{{ sudo_group_location }}
     line: "%{{ sudo_group_location }} ALL=(ALL:ALL) ALL"
+    state: present
   when: sudo_group_location is defined
diff --git a/roles/matrix-mxisd/tasks/main.yml b/roles/matrix-mxisd/tasks/main.yml
index 422243f..ad40117 100644
--- a/roles/matrix-mxisd/tasks/main.yml
+++ b/roles/matrix-mxisd/tasks/main.yml
@@ -2,6 +2,7 @@
 - name: Install mxisd
   apt:
     deb: "{{ mxisd_deb }}"
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/matrix-riot/tasks/main.yml b/roles/matrix-riot/tasks/main.yml
index 8b83ef1..2214777 100644
--- a/roles/matrix-riot/tasks/main.yml
+++ b/roles/matrix-riot/tasks/main.yml
@@ -2,8 +2,9 @@
 # Install HTTPS support for APT
 - name: Install apt-transport-https
   apt:
-    name: apt-transport-https
     update_cache: true
+    name: apt-transport-https
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -12,12 +13,14 @@
 - name: Configure riot repository
   apt_repository:
     repo: deb https://riot.im/packages/debian/ {{ ansible_distribution_release }} main
+    state: present
 
 # Add the key
 - name: Configure the apt key
   apt_key:
     url: https://riot.im/packages/debian/repo-key.asc
     id: E019645248E8F4A1
+    state: present
   register: apt_key_result
   retries: 3
   until: apt_key_result is succeeded
@@ -25,8 +28,9 @@
 # Install riot
 - name: Install riot-web
   apt:
-    name: riot-web
     update_cache: true
+    name: riot-web
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -35,6 +39,7 @@
 - name: Install nginx
   apt:
     name: nginx
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml
index 196611f..91b66c8 100644
--- a/roles/matrix-synapse/tasks/main.yml
+++ b/roles/matrix-synapse/tasks/main.yml
@@ -1,8 +1,9 @@
 ---
 - name: Install matrix-synapse
   apt:
-    name: matrix-synapse
     update_cache: true
+    name: matrix-synapse
+    state: present
     default_release: stretch-backports
   register: apt_result
   retries: 3
diff --git a/roles/nginx-reverse-proxy/tasks/main.yml b/roles/nginx-reverse-proxy/tasks/main.yml
index a570a9f..aac1af3 100644
--- a/roles/nginx-reverse-proxy/tasks/main.yml
+++ b/roles/nginx-reverse-proxy/tasks/main.yml
@@ -4,8 +4,9 @@
 # but also reduces the surface of attack
 - name: Install NGINX server
   apt:
-    name: nginx-light
     update_cache: true
+    name: nginx-light
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml
index af8fe52..0f17fa8 100644
--- a/roles/nodejs/tasks/main.yml
+++ b/roles/nodejs/tasks/main.yml
@@ -10,11 +10,12 @@
 
 - name: Install required packages
   apt:
+    update_cache: true
     name:
       - nodejs
       - npm
       - build-essential  # To build npm packages
-    update_cache: true
+    state: present
   register: apt_result
   retries: 3
   until: apt_result is succeeded

From 8a48110c2157af36e9023804b4c9f390d14e5000 Mon Sep 17 00:00:00 2001
From: Hadrien Patte <hadrien.patte@protonmail.com>
Date: Sat, 23 Mar 2019 19:42:09 +0100
Subject: [PATCH 5/7] Feat: add validate for sudoers

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
---
 roles/ldap-client/tasks/1_group_security.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/ldap-client/tasks/1_group_security.yml b/roles/ldap-client/tasks/1_group_security.yml
index 607dce7..8477ac4 100644
--- a/roles/ldap-client/tasks/1_group_security.yml
+++ b/roles/ldap-client/tasks/1_group_security.yml
@@ -23,6 +23,7 @@
     regexp: ^%{{ sudo_group }}
     line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL"
     state: present
+    validate: /usr/sbin/visudo -cf %s
 
 # Set sudo location group
 - name: Configure sudoers sudo location group
@@ -31,4 +32,5 @@
     regexp: ^%{{ sudo_group_location }}
     line: "%{{ sudo_group_location }} ALL=(ALL:ALL) ALL"
     state: present
+    validate: /usr/sbin/visudo -cf %s
   when: sudo_group_location is defined

From c20d4fbf1886d9f83612fa1101dce5434f192b82 Mon Sep 17 00:00:00 2001
From: Hadrien Patte <hadrien.patte@protonmail.com>
Date: Sat, 23 Mar 2019 19:47:59 +0100
Subject: [PATCH 6/7] Feat: expand YAML syntax

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
---
 roles/ldap-replica/tasks/main.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/roles/ldap-replica/tasks/main.yml b/roles/ldap-replica/tasks/main.yml
index bb31e09..ce19bdb 100644
--- a/roles/ldap-replica/tasks/main.yml
+++ b/roles/ldap-replica/tasks/main.yml
@@ -28,14 +28,18 @@
 
 # Cry a bit
 - name: Remove old data
-  file: path={{ item }} state=absent
+  file:
+    path: "{{ item }}"
+    state: absent
   with_items:
     - /etc/ldap/slapd.d
     - /var/lib/ldap
 
 # Cry a lot
 - name: Recreate structure
-  file: path={{ item }} state=directory
+  file:
+    path: "{{ item }}"
+    state: directory
   with_items:
     - /etc/ldap/slapd.d
     - /var/lib/ldap
@@ -58,4 +62,6 @@
 
 # Save the day
 - name: Start LDAP server
-  service: name=slapd state=started
+  service:
+    name: slapd
+    state: started

From 66f7b1061a9ed5b0f3bbfcb847bc86444c73d35b Mon Sep 17 00:00:00 2001
From: Hadrien Patte <hadrien.patte@protonmail.com>
Date: Sat, 23 Mar 2019 19:49:13 +0100
Subject: [PATCH 7/7] Feat: migrate from with_X to loop

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
---
 roles/baseconfig/tasks/main.yml                | 10 +++++-----
 roles/ldap-client/tasks/0_install_ldap.yml     | 14 +++++++-------
 roles/ldap-client/tasks/2_userland_scripts.yml |  2 +-
 roles/ldap-replica/tasks/main.yml              |  6 +++---
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml
index 59cd77b..c3d548e 100644
--- a/roles/baseconfig/tasks/main.yml
+++ b/roles/baseconfig/tasks/main.yml
@@ -61,8 +61,8 @@
 # User skeleton
 - name: Configure user skeleton
   copy:
-    src: skel/{{ item.key }}
-    dest: /etc/skel/{{ item.value }}
-  with_dict:
-    dot_zshrc: .zshrc
-    dot_zshrc.local: .zshrc.local
+    src: skel/dot_{{ item.key }}
+    dest: /etc/skel/.{{ item.value }}
+  loop:
+    - zshrc
+    - zshrc.local
diff --git a/roles/ldap-client/tasks/0_install_ldap.yml b/roles/ldap-client/tasks/0_install_ldap.yml
index 31665cc..d21bbb9 100644
--- a/roles/ldap-client/tasks/0_install_ldap.yml
+++ b/roles/ldap-client/tasks/0_install_ldap.yml
@@ -32,11 +32,11 @@
 - name: Configure NSS to use LDAP
   lineinfile:
     dest: /etc/nsswitch.conf
-    regexp: "^{{ item.key }}:"
-    line: "{{ item.value }}"
-  with_dict:
-    passwd: 'passwd:         files ldap'
-    group: 'group:          files ldap'
-    shadow: 'shadow:         files ldap'
-    sudoers: 'sudoers:        files ldap'
+    regexp: "^{{ item }}:"
+    line: "{{ item }}:         files ldap"
+  loop:
+    - passwd
+    - group
+    - shadow
+    - sudoers
   notify: Restart nslcd service
diff --git a/roles/ldap-client/tasks/2_userland_scripts.yml b/roles/ldap-client/tasks/2_userland_scripts.yml
index 4799765..fa41780 100644
--- a/roles/ldap-client/tasks/2_userland_scripts.yml
+++ b/roles/ldap-client/tasks/2_userland_scripts.yml
@@ -5,7 +5,7 @@
     src: "{{ item }}.j2"
     dest: /usr/local/bin/{{ item }}
     mode: 0755
-  with_items:
+  loop:
     - chsh
     - passwd
 
diff --git a/roles/ldap-replica/tasks/main.yml b/roles/ldap-replica/tasks/main.yml
index ce19bdb..914ce4e 100644
--- a/roles/ldap-replica/tasks/main.yml
+++ b/roles/ldap-replica/tasks/main.yml
@@ -31,7 +31,7 @@
   file:
     path: "{{ item }}"
     state: absent
-  with_items:
+  loop:
     - /etc/ldap/slapd.d
     - /var/lib/ldap
 
@@ -40,7 +40,7 @@
   file:
     path: "{{ item }}"
     state: directory
-  with_items:
+  loop:
     - /etc/ldap/slapd.d
     - /var/lib/ldap
 
@@ -56,7 +56,7 @@
     owner: openldap
     group: openldap
     recurse: true
-  with_items:
+  loop:
     - /var/lib/ldap
     - /etc/ldap/slapd.d