Fix some ansible-lint-reported warnings

This mostly fixes `key-order` warnings around `block` statements.
2022-09-27 11:38:33 +03:00
parent 0ab5371ebd
commit 1ea1597020
64 changed files with 217 additions and 223 deletions
--- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml
+++ b/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml
@@ -15,7 +15,8 @@
 # See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module
 # We support various distros, with various versions of Python. Installing additional Python modules can be a hassle.
 # As a workaround, we run `htpasswd` from an Apache container image.
- block:
+- when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != ''
+  block:
    - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs)
      docker_image:
        name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}"
@@ -57,4 +58,3 @@
      ansible.builtin.file:
        path: /tmp/matrix-nginx-proxy-metrics-password
        state: absent
-  when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != ''
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
@@ -9,7 +9,8 @@
        follow_redirects: "{{ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects }}"
        validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"

- block:
+- when: matrix_well_known_matrix_server_enabled | bool
+  block:
    - ansible.builtin.set_fact:
        well_known_file_check_matrix_server:
          path: /.well-known/matrix/server
@@ -21,7 +22,6 @@
    - name: Determine domains that we require certificates for (ma1sd)
      ansible.builtin.set_fact:
        well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
-  when: matrix_well_known_matrix_server_enabled | bool

 - name: Perform well-known checks
  ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"
--- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
@@ -16,7 +16,8 @@
 # Tasks related to setting up Let's Encrypt's management of certificates
 #

- block:
+- when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
+  block:
    - name: Ensure certbot Docker image is pulled
      docker_image:
        name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
@@ -43,13 +44,13 @@
        mode: 0644
      when: "item.applicable | bool"
      with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
-  when: "matrix_ssl_retrieval_method == 'lets-encrypt'"

 #
 # Tasks related to getting rid of Let's Encrypt's management of certificates
 #

- block:
+- when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
+  block:
    - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
      ansible.builtin.file:
        path: "{{ matrix_systemd_path }}/{{ item.name }}"
@@ -61,4 +62,3 @@
      ansible.builtin.file:
        path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
        state: absent
-  when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
--- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
@@ -13,7 +13,8 @@
 - ansible.builtin.set_fact:
    domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}"

- block:
+- when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''"
+  block:
    - name: Ensure required service for obtaining is started
      ansible.builtin.service:
        name: "{{ matrix_ssl_pre_obtaining_required_service_name }}"
@@ -24,7 +25,6 @@
      ansible.builtin.wait_for:
        timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}"
      when: "matrix_ssl_pre_obtaining_required_service_start_result.changed | bool"
-  when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''"

 # This will fail if there is something running on port 80 (like matrix-nginx-proxy).
 # We suppress the error, as we'll try another method below.
--- a/roles/matrix-nginx-proxy/tasks/validate_config.yml
+++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml
@@ -35,7 +35,8 @@
      - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`)
  when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))"

- block:
+- when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
+  block:
    - name: (Deprecation) Catch and report renamed settings
      ansible.builtin.fail:
        msg: >-
@@ -57,7 +58,6 @@
        - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container"
        - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container"
      when: "vars[item] == '' or vars[item] is none"
-  when: "matrix_ssl_retrieval_method == 'lets-encrypt'"

 - name: (Deprecation) Catch and report old metrics usage
  ansible.builtin.fail: