linting

handlers/main.yml

@@ -6,12 +6,12 @@
   command: localectl set-keymap {{ arch_base_keymap }}
 
 - name: Update_pacman_repos
-  become: yes
+  become: true
-  pacman: update_cache=yes
+  pacman: update_cache=true
 
 - name: Restart sshd
   service: name=sshd state=restarted
-  become: yes
+  become: true
 
 - name: restart_sysctl
   service: name=systemd-sysctl state=restarted

tasks/AUR_builder.yml

@@ -1,29 +1,30 @@
 - name: install base-devel package
   pacman:
     state: present # not required. choices: absent;latest;present. Desired state of the package.
-    name: ['base-devel'] # not required. Name or list of names of the packages to install, upgrade, or remove.
+    name: ["base-devel"] # not required. Name or list of names of the packages to install, upgrade, or remove.
-    update_cache: yes
+    update_cache: true
-  become: yes
+  become: true
 
 - name: Create aur_builder user
   user:
     name: aur_builder
     group: wheel
-  become: yes
+  become: true
 
 - name: Allow aur_builder to run pacman as root
   lineinfile:
     path: /etc/sudoers.d/11-install-aur_builder
-    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
+    line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman"
-    create: yes
+    create: true
-    validate: 'visudo -cf %s'
+    validate: "visudo -cf %s"
-  become: yes
+    mode: 0600
+  become: true
 
 - name: install yay
   aur:
     state: present
     name: yay
     use: makepkg
-    skip_pgp_check: yes
+    skip_pgp_check: true
-  become: yes
+  become: true
   become_user: aur_builder

tasks/base_software.yml

@@ -1,19 +1,19 @@
 - name: upgrade arch-keyring
   pacman:
-    state: latest # not required. choices: absent;latest;present. Desired state of the package.
+    state: latest # noqa package-latest
     name: archlinux-keyring
-    force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases.
+    force: true
     update_cache: false
-  become: yes
+  become: true
   when: system_upgrade and  ansible_facts['os_family'] == "Archlinux"
 
 - name: upgrade system
   pacman:
-    state: latest # not required. choices: absent;latest;present. Desired state of the package.
+    state: latest # noqa package-latest
-    upgrade: true # not required. Whether or not to upgrade whole system.
+    upgrade: true
-    force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases.
+    force: true
     update_cache: false
-  become: yes
+  become: true
   when: system_upgrade and  ansible_facts['os_family'] == "Archlinux"
   register: upgrade
 
@@ -21,33 +21,34 @@
   reboot:
     reboot_timeout: 3600
   when: upgrade.changed and "linux" in upgrade.packages and system_upgrade and  ansible_facts['os_family'] == "Archlinux"
-  become: yes
+  become: true
 
 - name: launch arch base install software
   pacman:
-    state: present # not required. choices: absent;latest;present. Desired state of the package.
+    state: present
-    name: "{{system_base_softwares_arch}}"
+    name: "{{ system_base_softwares_arch }}"
-  become: yes
+  become: true
   when: ansible_facts['os_family'] == "Archlinux"
 
 - name: install aur workstation soft
   aur:
     name: "{{ system_base_aur_soft }}"
     state: present
-  become: yes
+  become: true
   become_user: aur_builder
   when: ansible_facts['os_family'] == "Archlinux" and system_base_aur_soft
 
 - name: launch debian base install software
   apt:
-    state: present # not required. choices: absent;latest;present. Desired state of the package.
+    state: present
-    name: "{{system_base_softwares_debian}}"
+    name: "{{ system_base_softwares_debian }}"
-    update_cache: yes
+    update_cache: true
-  become: yes
+  become: true
   when: ansible_facts['os_family'] == "Debian"
 
 - name: GITHUB | Get current version of bat
   shell: >
+    set -o pipefail
     warn=False
     curl --silent https://github.com/sharkdp/bat/releases/latest |
     grep 'tag' |
@@ -66,12 +67,12 @@
 - name: DEBIAN | Install deb from github
   become: true
   apt:
-    deb: "{{debian_url}}"
+    deb: "{{ debian_url }}"
   when: ansible_facts['os_family'] == "Debian"
 
 - name: pass user shell to zsh
   user:
-    name: "{{user.name}}" # required. Name of the user to create, remove or modify.
+    name: "{{ user.name }}"
-    shell: /bin/zsh # not required. Optionally set the user's shell.,On macOS, before version 2.5, the default shell for non-system users was /usr/bin/false. Since 2.5, the default shell for non-system users on macOS is /bin/bash.
+    shell: /bin/zsh
-    state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
+    state: present
-  become: yes
+  become: true

tasks/depot_debian.yml

@@ -1,6 +1,6 @@
 - name: add repo main contrib
   apt_repository:
-      repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free
+    repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free
-      state: present # not required. choices: absent;present. A source string state.
+    state: present
-      update_cache: yes # not required. Run the equivalent of C(apt-get update) when a change occurs.  Cache updates are run after making changes.
+    update_cache: true
-  become: yes
+  become: true

tasks/hostname.yml

@@ -1,6 +1,5 @@
-
 - name: Ensure hostname set
   hostname:
     name: "{{ inventory_hostname }}"
     use: systemd
-  become: yes
+  become: true

tasks/locales.yml

@@ -1,22 +1,30 @@
 ---
 - name: Set keymap
-  copy: content="KEYMAP={{ arch_base_keymap }}\n" dest=/etc/vconsole.conf
+  copy:
+    content: "KEYMAP={{ arch_base_keymap }}\n"
+    dest: /etc/vconsole.conf
+    mode: 0644
   notify: Update keymap
-  become: yes
+  become: true
 
 - name: Generate locales
   locale_gen:
     name: "{{ item }}"
     state: present
   with_items: "{{ arch_base_locales }}"
-  become: yes
+  become: true
 
 - name: Set locale
-  lineinfile: dest=/etc/locale.conf line="LANG={{ arch_base_locale }}" regexp="^LANG=" create=yes
+  lineinfile:
-  become: yes
+    dest: /etc/locale.conf
+    line: "LANG={{ arch_base_locale }}"
+    regexp: "^LANG="
+    create: true
+    mode: 0644
+  become: true
+
 - name: Set timezone
-  become: yes
+  become: true
   command: timedatectl set-timezone {{ arch_base_timezone }}
   args:
     creates: /etc/localtime
-

tasks/main.yml

@@ -1,4 +1,4 @@
-#- include_tasks: hostname.yml
+- include_tasks: hostname.yml
 - include_tasks: hosts.yml
 - include_tasks: tasks.sysctl.yml
 - include_tasks: dhcpcd.yml

tasks/pacman.yml

@@ -1,34 +1,33 @@
 ---
 - name: Configure pacman color
   replace: dest=/etc/pacman.conf regexp="^#(Color)" replace="\1"
-  become: yes
+  become: true
 
 - name: Configure more pacman visuals
   replace: dest=/etc/pacman.conf regexp="#(VerbosePkgLists)" replace="\1\nILoveCandy"
-  become: yes
+  become: true
 
 - name: Configure pacman multilib repo
-  become: yes
+  become: true
   replace: dest=/etc/pacman.conf regexp="^#(\[multilib\])\n^#(.*)$" replace="\1\n\2"
   notify: Update_pacman_repos
   when: ansible_architecture == "x86_64"
 
 - name: add local repo to mirrorlist
-  become: yes
+  become: true
   lineinfile:
     path: /etc/pacman.d/mirrorlist
-    line: "Server= {{system_arch_local_mirror}}/$repo/os/$arch"
+    line: "Server= {{ system_arch_local_mirror }}/$repo/os/$arch"
     state: present
     insertbefore: BOF
   when: system_arch_local_mirror is defined
 
 - name: stat ca-certificates
   stat:
-      path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of.
+    path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of.
   register: cacertificates
 
-
 - name: reinstall certificate for old system
   command: "pacman -Sy ca-certificates-utils openssl --noconfirm"
-  become: yes
+  become: true
   when: not cacertificates.stat.exists

tasks/ssh.yml

@@ -1,15 +1,15 @@
 - name: copy  ssh config for user
-  become: yes
+  become: true
   copy:
-    dest: /home/{{item}}/.ssh/ # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist.
+    dest: /home/{{ item }}/.ssh/
-    src: "ssh/config" # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync.
+    src: "ssh/config"
-    force: yes # not required. the default is C(yes), which will replace the remote file when contents are different than the source. If C(no), the file will only be transferred if the destination does not exist.
+    force: true
-    remote_src: no # not required. If C(no), it will search for I(src) at originating/master machine.,If C(yes) it will go to the remote/target machine for the I(src). Default is C(no).,Currently I(remote_src) does not support recursive copying.,I(remote_src) only works with C(mode=preserve) as of version 2.6.
+    remote_src: false
-    mode: "600" # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number.  Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.  As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)).  As of version 2.3, the mode may also be the special string C(preserve).  C(preserve) means that the file will be given the same permissions as the source file.
+    mode: "600"
-    selevel: s0 # not required. Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the C(range). C(_default) feature works as for I(seuser).
+    selevel: s0
-    owner: "{{item}}" # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
+    owner: "{{ item }}"
   with_items:
-    - "{{user.name}}"
+    - "{{ user.name }}"
 - name: ensure root ssh directory exist
   become: true
   file:
@@ -19,44 +19,44 @@
     mode: 0700
 
 - name: copy  ssh config for root
-  become: yes
+  become: true
   copy:
-    dest: /root/.ssh/ # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist.
+    dest: /root/.ssh/
-    src: "ssh/config" # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync.
+    src: "ssh/config"
-    force: yes # not required. the default is C(yes), which will replace the remote file when contents are different than the source. If C(no), the file will only be transferred if the destination does not exist.
+    force: true
-    remote_src: no # not required. If C(no), it will search for I(src) at originating/master machine.,If C(yes) it will go to the remote/target machine for the I(src). Default is C(no).,Currently I(remote_src) does not support recursive copying.,I(remote_src) only works with C(mode=preserve) as of version 2.6.
+    remote_src: false
-    mode: "600" # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number.  Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.  As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)).  As of version 2.3, the mode may also be the special string C(preserve).  C(preserve) means that the file will be given the same permissions as the source file.
+    mode: "600"
-    selevel: s0 # not required. Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the C(range). C(_default) feature works as for I(seuser).
+    selevel: s0
-    owner: "root" # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
+    owner: "root"
 
 - name: ensure key directory exist
   become: true
   file:
     state: directory
     path: "{{ item.keyfile | dirname }}"
-    owner: "{{item.user}}"
+    owner: "{{ item.user }}"
     mode: 0700
-  with_items: "{{privatekeytodeploy}}"
+  with_items: "{{ privatekeytodeploy }}"
 
 - name: Install ssh private key
-  become: yes
+  become: true
   copy:
     content: "{{ item.privatekey }}"
     dest: "{{ item.keyfile }}"
     mode: 0600
-    owner: "{{item.user}}"
+    owner: "{{ item.user }}"
-  with_items: "{{privatekeytodeploy}}"
+  with_items: "{{ privatekeytodeploy }}"
 
 - name: Deploy SSH-Keys to remote host
   authorized_key:
-    user: "{{item.user}}"
+    user: "{{ item.user }}"
-    key: "{{item.sshkey}}"
+    key: "{{ item.sshkey }}"
-    exclusive: no
+    exclusive: false
-  with_items: "{{keystodeploy}}"
+  with_items: "{{ keystodeploy }}"
-  become: yes
+  become: true
 
 - name: les connexions par mot de passe sont désactivées
-  become: yes
+  become: true
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^#?PasswordAuthentication"
@@ -65,7 +65,7 @@
   notify: Restart sshd
 
 - name: Remove root SSH access
-  become: yes
+  become: true
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^PermitRootLogin"

tasks/tasks.sysctl.yml

@@ -7,4 +7,4 @@
     group: root
     mode: 0644
   notify: restart_sysctl
-  become: True
+  become: true

tasks/time.yml

@@ -1,12 +1,12 @@
 ---
 - name: Enable timesync
   command: timedatectl set-ntp true
-  become: yes
+  become: true
   args:
     creates: /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
 
 - name: Set timezone and hardware clock
   timezone:
-    hwclock: '{{ time.hwclock }}'
+    hwclock: "{{ time.hwclock }}"
-    name: '{{ time.timezone }}'
+    name: "{{ time.timezone }}"
-  become: yes
+  become: true

tasks/usergroup.yml

@@ -1,16 +1,15 @@
 ---
 - name: create system user
-  become: yes
+  become: true
   user:
-      name: "{{item.name}}"
+    name: "{{ item.name }}"
-      system: yes
+    system: true
-      home: "{{ item.home | default('/') }}"
+    home: "{{ item.home | default('/') }}"
-      shell: "{{ item.shell |default('/usr/bin/nologin') }}"
+    shell: "{{ item.shell |default('/usr/bin/nologin') }}"
-  with_items: "{{system_user}}"
+  with_items: "{{ system_user }}"
-
 
 - name: create system group
   group:
-      name: "{{item.name}}"
+    name: "{{ item.name }}"
-  with_items: "{{system_group}}"
+  with_items: "{{ system_group }}"
-  become: yes
+  become: true