Merge branch 'fix-ci' into 'master'

Fix CI See merge request aurore/ansible!48
2020-11-04 20:54:55 +01:00 · 2020-11-04 20:54:55 +01:00 · 61f78f5bd3
parent 0daaf14f62 ae1510ccbb
commit 61f78f5bd3
86 changed files with 115 additions and 74 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,19 @@
 ---
 kind: pipeline
 type: docker
 name: check
 steps:
  - name: yamllint
    image: python:3.9-alpine
    commands:
      - pip install yamllint==1.25.0
      - yamllint -c .yamllint.yml .
  - name: ansible-lint
    image: python:3.9-alpine
    commands:
      - apk add --no-cache gcc libc-dev libffi-dev openssl-dev
      - pip install ansible-lint==4.3.7
      - ansible-lint *.yml
 ...
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,5 +1,5 @@
 ---
-image: python:3.6
+image: python:3.9-alpine
 stages:
  - lint
@ -7,12 +7,13 @@ stages:
 yamllint:
  stage: lint
  script:
-    - pip install yamllint==1.15.0
+    - pip install yamllint==1.25.0
    - yamllint -c .yamllint.yml .
 ansible-lint:
  stage: lint
  script:
-    - pip install ansible-lint==4.0.0
+    - apk add gcc libc-dev libffi-dev openssl-dev
    - pip install ansible-lint==4.3.7
    - ansible-lint *.yml
 ...
--- a/.yamllint.yml
+++ b/.yamllint.yml
@ -3,5 +3,6 @@ extends: default
 rules:
  line-length:
    max: 120
    level: warning
 ...
--- a/base.yml
+++ b/base.yml
@ -9,5 +9,4 @@
 # Plug LDAP on all servers
 - hosts: all,!unifi
  roles:
-    - ldap-client
+    - ldap_client
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -48,7 +48,7 @@ dns_host_suffix_main: 253
 dns_host_suffix_backup: 153
 backup_dns_servers:
-  - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr)
+  - "80.67.169.12"  # French Data Network (FDN) (ns0.fdn.fr)
 # Finally raised!
 mtu: 1500
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,3 +1,4 @@
 ---
 $ANSIBLE_VAULT;1.1;AES256
 61333538366635353537346231363235653162356330396434383631656465616330363136306563
 3861333166386536633437386335613461646466346239360a643139303037613937373631313661
--- a/group_vars/edc/ldap_local_replica.yml
+++ b/group_vars/edc/ldap_local_replica.yml
@ -1,4 +1,3 @@
 ---
 ldap_local_replica_uri:
  - 'ldap://ldap-replica-edc.adm.auro.re'
--- a/ldap_replica.yml
+++ b/ldap_replica.yml
@ -4,4 +4,4 @@
 # DON'T DO THIS AS IT RECREATES THE REPLICA
 - hosts: ldap_replica
  roles:
-    - ldap-replica
+    - ldap_replica
--- a/matrix.yml
+++ b/matrix.yml
@ -6,13 +6,13 @@
    mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
    mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
  roles:
-    - debian-backports
+    - debian_backports
    - nodejs
-    - matrix-synapse
+    - matrix_synapse
-    - matrix-appservice-irc
+    - matrix_appservice_irc
-    - matrix-appservice-webhooks
+    - matrix_appservice_webhooks
 # Install Matrix services
 - hosts: matrix-services.adm.auro.re
  roles:
-    - debian-backports
+    - debian_backports
--- a/monitoring.yml
+++ b/monitoring.yml
@ -59,4 +59,4 @@
 # Monitor all hosts
 - hosts: all,!unifi,!ovh
  roles:
-    - prometheus-node
+    - prometheus_node
--- a/network.yml
+++ b/network.yml
@ -3,7 +3,7 @@
 # Set up DHCP servers.
 - hosts: dhcp-*.adm.auro.re
  roles:
-    - isc-dhcp-server
+    - isc_dhcp_server
 # Deploy unbound DNS server (recursive).
@ -24,7 +24,7 @@
 - hosts: ~routeur-aurore.*\.adm\.auro\.re
  roles:
    - router
-    - ipv6-edge-router
+    - ipv6_edge_router
 # Radius (backup only for now)
 - hosts: radius-*.adm.auro.re
@ -47,19 +47,19 @@
 # Deploy Unifi Controller
-#- hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
+# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
-#  roles:
+#   roles:
-#    - unifi-controller
+#     - unifi-controller
 # Deploy Re2o switch service
-#- hosts: switchs-manager.adm.auro.re
+# - hosts: switchs-manager.adm.auro.re
-#  vars:
+#   vars:
-#    service_repo: https://gitlab.federez.net/re2o/switchs.git
+#     service_repo: https://gitlab.federez.net/re2o/switchs.git
-#    service_name: switchs
+#     service_name: switchs
-#    service_version: master
+#     service_version: master
-#    service_config:
+#     service_config:
-#      hostname: re2o-server.adm.auro.re
+#       hostname: re2o-server.adm.auro.re
-#      username: service-user
+#       username: service-user
-#      password: "{{ vault_serviceuser_passwd }}"
+#       password: "{{ vault_serviceuser_passwd }}"
-#  roles:
+#   roles:
-#    - re2o-service
+#     - re2o-service
--- a/nuke_radius_dbs.yml
+++ b/nuke_radius_dbs.yml
--- a/roles/baseconfig/tasks/apt-listchanges.yml
+++ b/roles/baseconfig/tasks/apt-listchanges.yml
@ -19,6 +19,7 @@
    option: "{{ item.option }}"
    value: "{{ item.value }}"
    state: present
    mode: 0644
  loop:
    - option: confirm
      value: "true"
--- a/roles/baseconfig/tasks/main.yml
+++ b/roles/baseconfig/tasks/main.yml
@ -77,6 +77,7 @@
  copy:
    src: "skel/dot_{{ item }}"
    dest: "/etc/skel/.{{ item }}"
    mode: 0644
  loop:
    - zshrc
    - zshrc.local
--- a/roles/basesecurity/tasks/main.yml
+++ b/roles/basesecurity/tasks/main.yml
@ -54,6 +54,7 @@
    option: "{{ item.option }}"
    value: "{{ item.value }}"
    state: present
    mode: 0644
  notify: Restart fail2ban service
  loop:
    - section: sshd
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -26,6 +26,7 @@
  file:
    path: /etc/letsencrypt/conf.d
    state: directory
    mode: 0755
 - name: Add Certbot configuration
  template:
--- a/roles/ipv6_edge_router/frr-apt-key.asc
+++ b/roles/ipv6_edge_router/frr-apt-key.asc
--- a/roles/ipv6_edge_router/handlers/main.yml
+++ b/roles/ipv6_edge_router/handlers/main.yml
--- a/roles/ipv6_edge_router/tasks/main.yml
+++ b/roles/ipv6_edge_router/tasks/main.yml
@ -1,5 +1,4 @@
 ---
 - name: install GPG
  apt:
    name: gnupg
@ -18,21 +17,23 @@
 - name: Install frr
  apt:
    name: frr
-  
+
 - name: setup frr daemons
  template:
    src: daemons.j2
    dest: /etc/frr/daemons
    mode: 0644
  notify: restart frr
 - name: setup frr.conf
  template:
    src: frr.conf.j2
    dest: /etc/frr/frr.conf
    mode: 0644
  notify: restart frr
 - name: enable+start frr
  service:
    name: frr
    state: started
-    enabled: yes
+    enabled: true
--- a/roles/ipv6_edge_router/templates/daemons.j2
+++ b/roles/ipv6_edge_router/templates/daemons.j2
--- a/roles/ipv6_edge_router/templates/frr.conf.j2
+++ b/roles/ipv6_edge_router/templates/frr.conf.j2
--- a/roles/isc_dhcp_server/handlers/main.yml
+++ b/roles/isc_dhcp_server/handlers/main.yml
@ -1,5 +1,6 @@
 ---
 - name: force run dhcp re2o-service
-  shell: /var/local/re2o-services/dhcp/main.py --force
+  command: /var/local/re2o-services/dhcp/main.py --force
  become_user: re2o-services
 - name: restart dhcpd
@ -11,4 +12,3 @@
  systemd:
    name: rsyslog
    state: restarted
--- a/roles/isc_dhcp_server/tasks/main.yml
+++ b/roles/isc_dhcp_server/tasks/main.yml
@ -17,7 +17,8 @@
    state: directory
    owner: re2o-services
    group: nogroup
-    recurse: yes
+    recurse: true
    mode: u=rwX,g=rX,o=rX
 - name: Install isc-dhcp-server
  apt:
@ -101,7 +102,7 @@
  when: is_aurore_host
 - name: force run dhcp re2o-service
-  shell: /var/local/re2o-services/dhcp/main.py --force
+  command: /var/local/re2o-services/dhcp/main.py --force
 - name: Ensure dhcpd is running
  service:
--- a/roles/isc_dhcp_server/templates/default/isc-dhcp-server.j2
+++ b/roles/isc_dhcp_server/templates/default/isc-dhcp-server.j2
--- a/roles/isc_dhcp_server/templates/dhcp/aurore-subnets.conf.j2
+++ b/roles/isc_dhcp_server/templates/dhcp/aurore-subnets.conf.j2
--- a/roles/isc_dhcp_server/templates/dhcp/dhcp-failover.conf.j2
+++ b/roles/isc_dhcp_server/templates/dhcp/dhcp-failover.conf.j2
--- a/roles/isc_dhcp_server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc_dhcp_server/templates/dhcp/dhcpd.conf.j2
--- a/roles/isc_dhcp_server/templates/dhcp/regular-subnets.conf.j2
+++ b/roles/isc_dhcp_server/templates/dhcp/regular-subnets.conf.j2
--- a/roles/isc_dhcp_server/templates/logrotate.d/dhcp.j2
+++ b/roles/isc_dhcp_server/templates/logrotate.d/dhcp.j2
--- a/roles/isc_dhcp_server/vars/main.yml
+++ b/roles/isc_dhcp_server/vars/main.yml
--- a/roles/ldap_client/handlers/main.yml
+++ b/roles/ldap_client/handlers/main.yml
--- a/roles/ldap_client/tasks/1_group_security.yml
+++ b/roles/ldap_client/tasks/1_group_security.yml
--- a/roles/ldap_client/tasks/2_userland_scripts.yml
+++ b/roles/ldap_client/tasks/2_userland_scripts.yml
--- a/roles/ldap_client/tasks/install_ldap.yml
+++ b/roles/ldap_client/tasks/install_ldap.yml
--- a/roles/ldap_client/tasks/main.yml
+++ b/roles/ldap_client/tasks/main.yml
--- a/roles/ldap_client/templates/chsh.j2
+++ b/roles/ldap_client/templates/chsh.j2
--- a/roles/ldap_client/templates/nslcd.conf.j2
+++ b/roles/ldap_client/templates/nslcd.conf.j2
--- a/roles/ldap_client/templates/passwd.j2
+++ b/roles/ldap_client/templates/passwd.j2
--- a/roles/ldap_replica/tasks/main.yml
+++ b/roles/ldap_replica/tasks/main.yml
@ -40,6 +40,7 @@
  file:
    path: "{{ item }}"
    state: directory
    mode: 0755
  loop:
    - /etc/ldap/slapd.d
    - /var/lib/ldap
--- a/roles/ldap_replica/templates/schema.ldiff.j2
+++ b/roles/ldap_replica/templates/schema.ldiff.j2
--- a/roles/matrix_appservice_irc/defaults/main.yml
+++ b/roles/matrix_appservice_irc/defaults/main.yml
--- a/roles/matrix_appservice_irc/tasks/main.yml
+++ b/roles/matrix_appservice_irc/tasks/main.yml
--- a/roles/matrix_appservice_irc/tasks/service_user.yml
+++ b/roles/matrix_appservice_irc/tasks/service_user.yml
--- a/roles/matrix_appservice_irc/templates/config.yaml.j2
+++ b/roles/matrix_appservice_irc/templates/config.yaml.j2
--- a/roles/matrix_appservice_irc/templates/systemd/appservice.service.j2
+++ b/roles/matrix_appservice_irc/templates/systemd/appservice.service.j2
--- a/roles/matrix_appservice_webhooks/defaults/main.yml
+++ b/roles/matrix_appservice_webhooks/defaults/main.yml
--- a/roles/matrix_appservice_webhooks/tasks/main.yml
+++ b/roles/matrix_appservice_webhooks/tasks/main.yml
--- a/roles/matrix_appservice_webhooks/tasks/service_user.yml
+++ b/roles/matrix_appservice_webhooks/tasks/service_user.yml
--- a/roles/matrix_appservice_webhooks/templates/config.yaml.j2
+++ b/roles/matrix_appservice_webhooks/templates/config.yaml.j2
--- a/roles/matrix_appservice_webhooks/templates/systemd/appservice.service.j2
+++ b/roles/matrix_appservice_webhooks/templates/systemd/appservice.service.j2
--- a/roles/matrix_synapse/files/rest_auth_provider.py
+++ b/roles/matrix_synapse/files/rest_auth_provider.py
--- a/roles/matrix_synapse/handlers/main.yml
+++ b/roles/matrix_synapse/handlers/main.yml
--- a/roles/matrix_synapse/tasks/main.yml
+++ b/roles/matrix_synapse/tasks/main.yml
--- a/roles/matrix_synapse/templates/matrix-synapse/conf.d/database.yaml.j2
+++ b/roles/matrix_synapse/templates/matrix-synapse/conf.d/database.yaml.j2
--- a/roles/matrix_synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2
+++ b/roles/matrix_synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2
--- a/roles/matrix_synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2
+++ b/roles/matrix_synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2
--- a/roles/matrix_synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2
+++ b/roles/matrix_synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2
--- a/roles/matrix_synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2
+++ b/roles/matrix_synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2
--- a/roles/matrix_synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2
+++ b/roles/matrix_synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2
--- a/roles/matrix_synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2
+++ b/roles/matrix_synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2
--- a/roles/nginx_reverseproxy/handlers/main.yml
+++ b/roles/nginx_reverseproxy/handlers/main.yml
--- a/roles/nginx_reverseproxy/tasks/main.yml
+++ b/roles/nginx_reverseproxy/tasks/main.yml
@ -11,6 +11,7 @@
  template:
    src: "nginx/snippets/{{ item }}.j2"
    dest: "/etc/nginx/snippets/{{ item }}"
    mode: 0644
  loop:
    - options-ssl.conf
    - options-proxypass.conf
@ -19,11 +20,13 @@
  template:
    src: letsencrypt/dhparam.j2
    dest: /etc/letsencrypt/dhparam
    mode: 0644
 - name: Copy reverse proxy sites
  template:
    src: "nginx/sites-available/{{ item }}.j2"
    dest: "/etc/nginx/sites-available/{{ item }}"
    mode: 0644
  loop:
    - reverseproxy
    - reverseproxy_redirect_dname
@ -35,6 +38,7 @@
    src: "/etc/nginx/sites-available/{{ item }}"
    dest: "/etc/nginx/sites-enabled/{{ item }}"
    state: link
    mode: 0644
  loop:
    - reverseproxy
    - reverseproxy_redirect_dname
@ -45,6 +49,7 @@
  template:
    src: www/html/50x.html.j2
    dest: /var/www/html/50x.html
    mode: 0644
 - name: Indicate role in motd
  template:
--- a/roles/nginx_reverseproxy/templates/letsencrypt/dhparam.j2
+++ b/roles/nginx_reverseproxy/templates/letsencrypt/dhparam.j2
--- a/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2
+++ b/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2
--- a/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2
+++ b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2
--- a/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2
+++ b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2
--- a/roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2
+++ b/roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2
--- a/roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2
+++ b/roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2
--- a/roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2
+++ b/roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2
--- a/roles/nginx_reverseproxy/templates/www/html/50x.html.j2
+++ b/roles/nginx_reverseproxy/templates/www/html/50x.html.j2
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@ -13,12 +13,14 @@
  template:
    src: prometheus/prometheus.yml.j2
    dest: /etc/prometheus/prometheus.yml
    mode: 0644
  notify: Restart Prometheus
 - name: Configure Prometheus alert rules
  template:
    src: "prometheus/{{ item }}.j2"
    dest: "/etc/prometheus/{{ item }}"
    mode: 0644
  notify: Restart Prometheus
  loop:
    - alert.rules.yml
@ -45,12 +47,14 @@
  copy:
    content: "{{ prometheus_targets | to_nice_json }}"
    dest: /etc/prometheus/targets.json
    mode: 0644
 # We don't need to restart Prometheus when updating nodes
 - name: Configure Prometheus Ubiquity Unifi SNMP devices
  copy:
    content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
    dest: /etc/prometheus/targets_unifi_snmp.json
    mode: 0644
 - name: Activate prometheus service
  systemd:
--- a/roles/prometheus_node/handlers/main.yml
+++ b/roles/prometheus_node/handlers/main.yml
--- a/roles/prometheus_node/tasks/main.yml
+++ b/roles/prometheus_node/tasks/main.yml
--- a/roles/radius/tasks/main.yml
+++ b/roles/radius/tasks/main.yml
@ -1,3 +1,4 @@
 ---
 - name: Add backports repositories
  apt_repository:
    repo: "{{ item }} http://deb.debian.org/debian buster-backports main contrib non-free"
@ -5,11 +6,11 @@
    - "deb"
    - "deb-src"
 - name: Ensure /var/www exists
  file:
    name: "/var/www"
-    state: directory 
+    state: directory
    mode: 0755
 - name: Clone re2o repo
  git:
@ -22,11 +23,11 @@
  template:
    src: "{{ item }}.j2"
    dest: "/var/www/re2o/re2o/{{ item }}"
    mode: 0644
  loop:
    - settings_local.py
    - local_routers.py
 # What follows is a hideous abomination.
 # Blame freeradius-python3 on backports.
@ -34,27 +35,28 @@
  apt:
    name: freeradius-python3
    default_release: buster-backports
-    update_cache: yes
+    update_cache: true
-  ignore_errors: yes
+  ignore_errors: true
 - name: fix freeradius-python3 postinstall script
  template:
    src: freeradius-python3.postinst.j2
    dest: /var/lib/dpkg/info/freeradius-python3.postinst
    mode: 0644
 - name: reinstall broken package (this might fail too, for different reasons)
  apt:
    name: freeradius-python3
    default_release: buster-backports
-    force: yes
+    force: true
-  ignore_errors: yes
+  ignore_errors: true
 - name: Setup radius symlinks
  file:
    src: "/var/www/re2o/freeradius_utils/{{ item.local_prefix }}{{ item.filename }}"
    dest: "/etc/freeradius/3.0/{{ item.filename }}"
    state: link
-    force: yes
+    force: true
  loop:
    - local_prefix: ""
      filename: auth.py
@ -69,6 +71,7 @@
  template:
    src: "{{ item }}.j2"
    dest: "/etc/freeradius/3.0/{{ item }}"
    mode: 0640
  loop:
    - sites-enabled/default
    - sites-enabled/inner-tunnel
@ -77,6 +80,7 @@
  template:
    src: "{{ item }}.j2"
    dest: "/etc/freeradius/3.0/{{ item }}"
    mode: 0640
  loop:
    - clients.conf
    - proxy.conf
@ -99,7 +103,7 @@
  when: "'aurore_vm' in group_names"
 - name: Install radius requirements (except freeradius-python3)
-  shell:
+  command:
    cmd: "{{ item }}"
    chdir: /var/www/re2o/
  loop:
@ -113,6 +117,7 @@
  template:
    src: "freeradius-logrotate.j2"
    dest: "/etc/logrotate.d/freeradius"
    mode: 0644
 # Database setup
@ -154,7 +159,7 @@
    state: absent
  become_user: postgres
  when: nuke_radius|default(false)
-  ignore_errors: yes
+  ignore_errors: true
 - name: Nuking - Destroy old local DB if it exists
  community.general.postgresql_db:
@ -244,13 +249,13 @@
      dbname: re2o
    db: re2o
    publications:
-       - re2o_pub
+      - re2o_pub
  become_user: postgres
 - name: Restart freeradius, ensure enabled
  systemd:
    name: freeradius
-    enabled: yes
+    enabled: true
    state: restarted
-    daemon_reload: yes
+    daemon_reload: true
--- a/roles/radvd/handlers/main.yml
+++ b/roles/radvd/handlers/main.yml
@ -1,5 +1,6 @@
 ---
 - name: restart radvd
  systemd:
    state: restarted
    name: radvd
-    enabled: yes
+    enabled: true
--- a/roles/radvd/tasks/main.yml
+++ b/roles/radvd/tasks/main.yml
@ -1,6 +1,4 @@
 ---
 # Warning: radvd installation seems to fail if the configuration
 # file doesn't already exist when the package is installed,
 # so the order is important.
@ -19,4 +17,3 @@
    name: radvd
    state: present
  notify: restart radvd
--- a/roles/re2o_service/defaults/main.yml
+++ b/roles/re2o_service/defaults/main.yml
--- a/roles/re2o_service/tasks/main.yml
+++ b/roles/re2o_service/tasks/main.yml
--- a/roles/re2o_service/tasks/service_user.yml
+++ b/roles/re2o_service/tasks/service_user.yml
--- a/roles/re2o_service/templates/update-motd.d/05-service.j2
+++ b/roles/re2o_service/templates/update-motd.d/05-service.j2
--- a/roles/router/handlers/main.yml
+++ b/roles/router/handlers/main.yml
@ -1,8 +1,9 @@
 ---
 - name: restart keepalived
  systemd:
    state: restarted
    name: keepalived
-    enabled: yes
+    enabled: true
 - name: run aurore-firewall
  command: python3 main.py --force
--- a/roles/router/tasks/main.yml
+++ b/roles/router/tasks/main.yml
@ -3,25 +3,25 @@
 # XXX: YES, this is ugly as fuck.
 - name: set IP suffix (main)
  set_fact:
-      router_hard_ip_suffix: 240
+    router_hard_ip_suffix: 240
  when: "'backup' not in ansible_hostname"
 - name: set IP suffix (backup)
  set_fact:
-      router_hard_ip_suffix: 140
+    router_hard_ip_suffix: 140
  when: "'backup' in ansible_hostname"
 - name: Enable IPv4 packet forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
-    sysctl_set: yes
+    sysctl_set: true
 - name: Enable IPv6 packet forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
-    sysctl_set: yes
+    sysctl_set: true
 - name: Configure /etc/network/interfaces for routeur-aurore*
  template:
--- a/roles/unbound/handlers/main.yml
+++ b/roles/unbound/handlers/main.yml
@ -1,3 +1,4 @@
 ---
 - name: restart unbound
  systemd:
    state: restarted
--- a/roles/unifi_controller/tasks/main.yml
+++ b/roles/unifi_controller/tasks/main.yml
--- a/roles/unifi_controller/templates/update-motd.d/05-service.j2
+++ b/roles/unifi_controller/templates/update-motd.d/05-service.j2
--- a/services_web.yml
+++ b/services_web.yml
@ -32,26 +32,26 @@
        - fede-aurore.net
      reverseproxy_sites:
-        - {from: re2o.auro.re,          to: 10.128.0.10}
+        - {from: re2o.auro.re, to: 10.128.0.10}
-        - {from: intranet.auro.re,      to: 10.128.0.10}
+        - {from: intranet.auro.re, to: 10.128.0.10}
-        - {from: phabricator.auro.re,   to: 10.128.0.50}
+        - {from: phabricator.auro.re, to: 10.128.0.50}
-        - {from: wiki.auro.re,          to: 10.128.0.51}
+        - {from: wiki.auro.re, to: 10.128.0.51}
-        - {from: www.auro.re,           to: 10.128.0.52}
+        - {from: www.auro.re, to: 10.128.0.52}
-        - {from: drone.auro.re,          to: "10.128.0.64:8000"}
+        - {from: drone.auro.re, to: "10.128.0.64:8000"}
-        - {from: re2o-test.auro.re,     to: 10.128.0.100}
+        - {from: re2o-test.auro.re, to: 10.128.0.100}
-        - {from: riot.auro.re,          to: "10.128.0.150:8080"}
+        - {from: riot.auro.re, to: "10.128.0.150:8080"}
-        - {from: codimd.auro.re,        to: "10.128.0.150:8081"}
+        - {from: codimd.auro.re, to: "10.128.0.150:8081"}
-        - {from: grafana.auro.re,       to: "10.128.0.150:8082"}
+        - {from: grafana.auro.re, to: "10.128.0.150:8082"}
-        - {from: privatebin.auro.re,    to: "10.128.0.150:8083"}
+        - {from: privatebin.auro.re, to: "10.128.0.150:8083"}
-        - {from: pad.auro.re,           to: "10.128.0.150:8084"}
+        - {from: pad.auro.re, to: "10.128.0.150:8084"}
-        - {from: cas.auro.re,           to: "10.128.0.150:8085"}
+        - {from: cas.auro.re, to: "10.128.0.150:8085"}
      redirect_sites:
-        - {from: auro.re,               to: www.auro.re}
+        - {from: auro.re, to: www.auro.re}
  roles:
    - certbot
-    - nginx-reverseproxy
+    - nginx_reverseproxy