Introduce yamllint

2022-12-18 23:43:40 +01:00 · 2022-12-18 23:43:40 +01:00 · 69c5bd067e
commit 69c5bd067e
parent 2794486fef
100 changed files with 186 additions and 18 deletions
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,38 @@
+---
+
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+ignore: |
+  vault.yml
+
+rules:
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines: enable
+  empty-values: disable
+  float-values: disable
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length:
+    max: 100
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    level: warning
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -1,3 +1,4 @@
+---
 # --------------------------------------------------------------------------------------------------
 # ansible
 # --------------------------------------------------------------------------------------------------
--- a/group_vars/asgard/vars.yml
+++ b/group_vars/asgard/vars.yml
@ -1,3 +1,4 @@
+---
 # --------------------------------------------------------------------------------------------------
 # system:base
 # --------------------------------------------------------------------------------------------------
--- a/group_vars/bifrost/vars.yml
+++ b/group_vars/bifrost/vars.yml
@ -1,3 +1,4 @@
+---
 # --------------------------------------------------------------------------------------------------
 # vpn:wireguard
 # --------------------------------------------------------------------------------------------------
--- a/group_vars/home/vars.yml
+++ b/group_vars/home/vars.yml
@ -1,3 +1,4 @@
+---
 # --------------------------------------------------------------------------------------------------
 # network
 # --------------------------------------------------------------------------------------------------
--- a/group_vars/remote/vars.yml
+++ b/group_vars/remote/vars.yml
@ -1,3 +1,4 @@
+---
 # --------------------------------------------------------------------------------------------------
 # system:base
 # --------------------------------------------------------------------------------------------------
--- a/host_vars/heimdall/vars.yml
+++ b/host_vars/heimdall/vars.yml
@ -1,3 +1,4 @@
+---
 # --------------------------------------------------------------------------------------------------
 # system:mail
 # --------------------------------------------------------------------------------------------------
--- a/host_vars/valkyrie/vars.yml
+++ b/host_vars/valkyrie/vars.yml
@ -1,3 +1,4 @@
+---
 # --------------------------------------------------------------------------------------------------
 # system:mail
 # --------------------------------------------------------------------------------------------------
--- a/host_vars/yggdrasil/vars.yml
+++ b/host_vars/yggdrasil/vars.yml
@ -1,3 +1,4 @@
+---
 # --------------------------------------------------------------------------------------------------
 # system:zfs
 # --------------------------------------------------------------------------------------------------
--- a/2
+++ b/2
@ -2,7 +2,7 @@ ansible-lint:
 	@ansible-lint

 ansible-syntax:
-	@ansible --syntax-check main.yml -i production
+	@ansible-playbook --syntax-check main.yml -i production

 yamllint:
 	@yamllint .
--- a/playbooks/roles/backups/restic/tasks/main.yml
+++ b/playbooks/roles/backups/restic/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "check if restic is installed"
  ansible.builtin.stat:
    path: "/usr/local/bin/restic"
@ -7,7 +8,8 @@

    - name: "download restic binary"
      ansible.builtin.get_url:
-        url: "https://github.com/restic/restic/releases/download/v0.14.0/restic_0.14.0_linux_amd64.bz2"
+        url: "\
+          https://github.com/restic/restic/releases/download/v0.14.0/restic_0.14.0_linux_amd64.bz2"
        dest: "/usr/local/bin/restic.bz2"
        mode: 0644

--- a/playbooks/roles/backups/snapshots/meta/argument_specs.yml
+++ b/playbooks/roles/backups/snapshots/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/backups/snapshots/tasks/main.yml
+++ b/playbooks/roles/backups/snapshots/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "install sanoid and syncoid"
  ansible.builtin.apt:
    name:
--- a/playbooks/roles/services/backups/meta/argument_specs.yml
+++ b/playbooks/roles/services/backups/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/backups/tasks/include/restic.yml
+++ b/playbooks/roles/services/backups/tasks/include/restic.yml
@ -1,3 +1,4 @@
+---
 - name: "{{ services_service_name }} : restic : create restic password file"
  ansible.builtin.template:
    src: "./restic/restic.password.j2"
--- a/playbooks/roles/services/backups/tasks/include/snapshots.yml
+++ b/playbooks/roles/services/backups/tasks/include/snapshots.yml
@ -1,3 +1,4 @@
+---
 - name: "{{ services_service_name }} : snapshots : configure service sanoid snapshots"
  ansible.builtin.blockinfile:
    path: "/etc/sanoid/sanoid.conf"
--- a/playbooks/roles/services/backups/tasks/main.yml
+++ b/playbooks/roles/services/backups/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "play:services : role:backups:{{ services_service_name }} : tasks:vars"
  ansible.builtin.import_role:
    name: "services/include"
--- a/playbooks/roles/services/backups/vars/main.yml
+++ b/playbooks/roles/services/backups/vars/main.yml
@ -1 +1,2 @@
+---
 services_backups_user_data_dataset: "{{ services_data_dataset }}/{{ services_service_user_name }}"
--- a/playbooks/roles/services/datasets/backups/system/meta/argument_specs.yml
+++ b/playbooks/roles/services/datasets/backups/system/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/datasets/backups/system/tasks/main.yml
+++ b/playbooks/roles/services/datasets/backups/system/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "create root backup dataset"
  community.general.zfs:
    name: "{{ services_backups_snapshots_dataset }}"
--- a/playbooks/roles/services/datasets/backups/user/meta/argument_specs.yml
+++ b/playbooks/roles/services/datasets/backups/user/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/datasets/backups/user/tasks/main.yml
+++ b/playbooks/roles/services/datasets/backups/user/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "{{ services_service_name }} : set variables"
  ansible.builtin.import_role:
    name: "services/include"
--- a/playbooks/roles/services/datasets/system/meta/argument_specs.yml
+++ b/playbooks/roles/services/datasets/system/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/datasets/system/tasks/main.yml
+++ b/playbooks/roles/services/datasets/system/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "create containers dataset"
  community.general.zfs:
    name: "rpool/var/lib/containers"
--- a/playbooks/roles/services/datasets/user/meta/argument_specs.yml
+++ b/playbooks/roles/services/datasets/user/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/datasets/user/tasks/main.yml
+++ b/playbooks/roles/services/datasets/user/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "{{ services_service_name }} : set variables"
  ansible.builtin.import_role:
    name: "services/include"
--- a/playbooks/roles/services/deploy/cloud/meta/argument_specs.yml
+++ b/playbooks/roles/services/deploy/cloud/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/deploy/cloud/tasks/main.yml
+++ b/playbooks/roles/services/deploy/cloud/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "set the user variables"
  ansible.builtin.import_role:
    name: "services/include"
--- a/playbooks/roles/services/deploy/database/meta/argument_specs.yml
+++ b/playbooks/roles/services/deploy/database/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/deploy/database/tasks/main.yml
+++ b/playbooks/roles/services/deploy/database/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "set the user variables"
  ansible.builtin.import_role:
    name: "services/include"
@ -13,7 +14,9 @@
    - name: "configure postgres password"
      ansible.builtin.template:
        src: "./postgres/database.password.j2"
-        dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/database.password"
+        dest: "\
+          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
+          database.password"
        mode: 0600
      register: services_deploy_database_password_file

--- a/playbooks/roles/services/deploy/git/meta/argument_specs.yml
+++ b/playbooks/roles/services/deploy/git/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/deploy/git/tasks/main.yml
+++ b/playbooks/roles/services/deploy/git/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "set the user variables"
  ansible.builtin.import_role:
    name: "services/include"
--- a/playbooks/roles/services/deploy/include/vars/versions.yml
+++ b/playbooks/roles/services/deploy/include/vars/versions.yml
@ -1,3 +1,4 @@
+---
 services_deploy_versions:
  rproxy:
    nginx: "stable"
--- a/playbooks/roles/services/deploy/lrproxy/meta/argument_specs.yml
+++ b/playbooks/roles/services/deploy/lrproxy/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/deploy/lrproxy/tasks/main.yml
+++ b/playbooks/roles/services/deploy/lrproxy/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "set the user variables"
  ansible.builtin.import_role:
    name: "services/include"
@ -16,7 +17,8 @@

    - name: "create nginx conf.d"
      ansible.builtin.file:
-        path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
+        path: "\
+          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
        state: "directory"
        mode: 0755

@ -55,9 +57,13 @@
      register: services_deploy_lrproxy_rsync_certificates_timer

    - name: "generate diffie hellman ephemeral parameters"
-      ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem 4096"
+      ansible.builtin.command: >-
+        openssl dhparam
+        --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
+        4096
      args:
-        creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
+        creates: "\
+          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
      register: services_deploy_lrproxy_dhparam

    - name: "create the .ssh directory"
@ -79,7 +85,11 @@
        user: "pod-rproxy"
        state: "present"
        key: "{{ services_deploy_lrproxy_keypair.public_key }}"
-        key_options: "command=\"rsync --server --sender -avz . {{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"
+        key_options: "\
+          command=\"rsync --server --sender -avz . \
+          {{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/\
+          \",from=\"{{ vpn_wireguard_address }}\",\
+          no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"

    - name: "enable the service"
      ansible.builtin.systemd:
--- a/playbooks/roles/services/deploy/notes/meta/argument_specs.yml
+++ b/playbooks/roles/services/deploy/notes/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/deploy/notes/tasks/main.yml
+++ b/playbooks/roles/services/deploy/notes/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "set the user variables"
  ansible.builtin.import_role:
    name: "services/include"
--- a/playbooks/roles/services/deploy/rproxy/meta/argument_specs.yml
+++ b/playbooks/roles/services/deploy/rproxy/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/deploy/rproxy/tasks/main.yml
+++ b/playbooks/roles/services/deploy/rproxy/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "set the user variables"
  ansible.builtin.import_role:
    name: "services/include"
@ -16,7 +17,8 @@

    - name: "create nginx conf.d"
      ansible.builtin.file:
-        path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
+        path: "\
+          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
        state: "directory"
        mode: 0755

@ -55,9 +57,13 @@
      register: services_deploy_rproxy_certbot_timer

    - name: "generate diffie hellman ephemeral parameters"
-      ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem 4096"
+      ansible.builtin.command: >-
+        openssl dhparam
+        --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
+        4096
      args:
-        creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
+        creates: "\
+          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
      register: services_deploy_rproxy_dhparam

    - name: "enable the service"
--- a/playbooks/roles/services/deploy/rproxy/vars/nginx.yml
+++ b/playbooks/roles/services/deploy/rproxy/vars/nginx.yml
@ -1,3 +1,4 @@
+---
 services_rproxy_nginx_add_hosts: "\
  {% set add_host_list = [] %}\
  {% for service in ( services_all_services | dict2items ) %}\
--- a/playbooks/roles/services/deploy/www/meta/argument_specs.yml
+++ b/playbooks/roles/services/deploy/www/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/deploy/www/tasks/main.yml
+++ b/playbooks/roles/services/deploy/www/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "set the user variables"
  ansible.builtin.import_role:
    name: "services/include"
@ -17,7 +18,10 @@

    - name: "install hugo"
      ansible.builtin.apt:
-        deb: "https://github.com/gohugoio/hugo/releases/download/v{{ services_deploy_www_hugo_version }}/hugo_extended_{{ services_deploy_www_hugo_version }}_Linux-64bit.deb"
+        deb: "\
+          https://github.com/gohugoio/hugo/releases/download/\
+          v{{ services_deploy_www_hugo_version }}/\
+          hugo_extended_{{ services_deploy_www_hugo_version }}_Linux-64bit.deb"
      when:
        not services_deploy_www_hugo_path.stat.exists

@ -51,15 +55,22 @@

    - name: "clone website repository"
      ansible.builtin.git:
-        repo: "https://{{ services[services_service_name].repo_user }}:{{ services[services_service_name].repo_token }}@git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git"
-        dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/wojciechkozlowski.eu"
+        repo: "\
+          https://{{ services[services_service_name].repo_user }}:\
+          {{ services[services_service_name].repo_token }}@\
+          git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git"
+        dest: "\
+          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
+          wojciechkozlowski.eu"
        recursive: true
      register: services_deploy_www_webiste_git

    - name: "generate static page using hugo"
      ansible.builtin.command:
        cmd: "hugo"
-        chdir: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/wojciechkozlowski.eu"
+        chdir: "\
+          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
+          wojciechkozlowski.eu"
      when:
        services_deploy_www_webiste_git.changed

--- a/playbooks/roles/services/include/meta/argument_specs.yml
+++ b/playbooks/roles/services/include/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  daemon_reload:
    options:
--- a/playbooks/roles/services/include/tasks/daemon_reload.yml
+++ b/playbooks/roles/services/include/tasks/daemon_reload.yml
@ -1,3 +1,4 @@
+---
 - name: "daemon_reload : loop over services"
  ansible.builtin.include_tasks: "daemon_reload/main.yml"
  loop: "{{ services_host_services }}"
--- a/playbooks/roles/services/include/tasks/daemon_reload/main.yml
+++ b/playbooks/roles/services/include/tasks/daemon_reload/main.yml
@ -1,3 +1,4 @@
+---
 - name: "daemon_reload : {{ services_service_name }} : set variables"
  ansible.builtin.import_tasks: "../vars.yml"

--- a/playbooks/roles/services/include/vars/user.yml
+++ b/playbooks/roles/services/include/vars/user.yml
@ -1,4 +1,6 @@
+---
 services_service_user_name: "pod-{{ services_service_name }}"
 services_service_user_home: "{{ services_home_directory }}/{{ services_service_user_name }}"
 services_service_user_data: "{{ services_data_directory }}/{{ services_service_user_name }}"
-services_service_user_containers: "{{ services_containers_directory }}/{{ services_service_user_name }}"
+services_service_user_containers: "\
+  {{ services_containers_directory }}/{{ services_service_user_name }}"
--- a/playbooks/roles/services/include/vars/volumes.yml
+++ b/playbooks/roles/services/include/vars/volumes.yml
@ -1,3 +1,4 @@
+---
 services_volumes:
  rproxy:
    etc-letsencrypt:
--- a/playbooks/roles/services/setup/system/meta/argument_specs.yml
+++ b/playbooks/roles/services/setup/system/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/setup/system/meta/main.yml
+++ b/playbooks/roles/services/setup/system/meta/main.yml
@ -1,3 +1,4 @@
+---
 dependencies:
  - role: "system/nftables"
  - role: "vpn/bridge"
--- a/playbooks/roles/services/setup/system/tasks/include/auto_update.yml
+++ b/playbooks/roles/services/setup/system/tasks/include/auto_update.yml
@ -1,3 +1,4 @@
+---
 - name: "auto_update : pod-service update script"
  ansible.builtin.copy:
    src: "./auto_update/pod-service-auto-update"
--- a/playbooks/roles/services/setup/system/tasks/include/directories.yml
+++ b/playbooks/roles/services/setup/system/tasks/include/directories.yml
@ -1,3 +1,4 @@
+---
 - name: "directories : create services directory"
  ansible.builtin.file:
    path: "{{ services_root_directory }}"
--- a/playbooks/roles/services/setup/system/tasks/include/nameserver.yml
+++ b/playbooks/roles/services/setup/system/tasks/include/nameserver.yml
@ -1,3 +1,4 @@
+---
 - name: "nameserver : fetch valkyrie's resolv.conf"
  ansible.builtin.fetch:
    src: "/etc/resolv.conf"
--- a/playbooks/roles/services/setup/system/tasks/include/podman.yml
+++ b/playbooks/roles/services/setup/system/tasks/include/podman.yml
@ -1,3 +1,4 @@
+---
 - name: "podman : install podman"
  ansible.builtin.apt:
    name: "podman"
--- a/playbooks/roles/services/setup/system/tasks/include/veth.yml
+++ b/playbooks/roles/services/setup/system/tasks/include/veth.yml
@ -1,3 +1,4 @@
+---
 - name: "veth : configure connect-pod-service"
  ansible.builtin.copy:
    src: "./veth/connect-pod-service@.service"
--- a/playbooks/roles/services/setup/system/tasks/main.yml
+++ b/playbooks/roles/services/setup/system/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "play:services : role:setup:system : tasks:podman"
  ansible.builtin.import_tasks: "include/podman.yml"
  tags: "services:setup:system:podman"
--- a/playbooks/roles/services/setup/user/meta/argument_specs.yml
+++ b/playbooks/roles/services/setup/user/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/services/setup/user/tasks/include/auto_update.yml
+++ b/playbooks/roles/services/setup/user/tasks/include/auto_update.yml
@ -1,3 +1,4 @@
+---
 - block:

    - name: "{{ services_service_name }} : auto_update : enable auto-update timer"
--- a/playbooks/roles/services/setup/user/tasks/include/directories.yml
+++ b/playbooks/roles/services/setup/user/tasks/include/directories.yml
@ -1,3 +1,4 @@
+---
 - name: "{{ services_service_name }} : directories : create containers directory"
  ansible.builtin.file:
    path: "{{ services_service_user_containers }}"
--- a/playbooks/roles/services/setup/user/tasks/include/directories/volumes.yml
+++ b/playbooks/roles/services/setup/user/tasks/include/directories/volumes.yml
@ -1,4 +1,6 @@
- name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\""
+---
+- name: "\
+    {{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\""
  ansible.builtin.file:
    path: "{{ services_service_user_data }}/{{ services_service_volume.key }}"
    state: "directory"
@ -6,12 +8,15 @@
    group: "{{ services_service_user_name }}"
    mode: 0755

- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
+- name: "\
+    {{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" \
+    mount exists"
  ansible.builtin.stat:
    path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data"
  register: services_setup_user_volume_mount

- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
+- name: "\
+    {{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
  ansible.builtin.file:
    path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data"
    state: "directory"
--- a/playbooks/roles/services/setup/user/tasks/include/podman.yml
+++ b/playbooks/roles/services/setup/user/tasks/include/podman.yml
@ -1,3 +1,4 @@
+---
 - block:

    - name: "{{ services_service_name }} : podman : create container configuration directory"
--- a/playbooks/roles/services/setup/user/tasks/include/user.yml
+++ b/playbooks/roles/services/setup/user/tasks/include/user.yml
@ -1,3 +1,4 @@
+---
 - name: "{{ services_service_name }} : setup : create system user"
  ansible.builtin.user:
    name: "{{ services_service_user_name }}"
--- a/playbooks/roles/services/setup/user/tasks/include/veth.yml
+++ b/playbooks/roles/services/setup/user/tasks/include/veth.yml
@ -1,3 +1,4 @@
+---
 - name: "{{ services_service_name }} : veth : configure interface"
  ansible.builtin.template:
    src: "./veth/interface.j2"
--- a/playbooks/roles/services/setup/user/tasks/main.yml
+++ b/playbooks/roles/services/setup/user/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "play:services : role:setup:user:{{ services_service_name }} : tasks:vars"
  ansible.builtin.import_role:
    name: "services/include"
--- a/playbooks/roles/services/setup/user/vars/main.yml
+++ b/playbooks/roles/services/setup/user/vars/main.yml
@ -1,2 +1,3 @@
+---
 services_setup_user_shell:
  rproxy: "/usr/bin/rbash"
--- a/playbooks/roles/system/base/defaults/main.yml
+++ b/playbooks/roles/system/base/defaults/main.yml
@ -1 +1,2 @@
+---
 system_base_additional_ssh_users: []
--- a/playbooks/roles/system/base/meta/argument_specs.yml
+++ b/playbooks/roles/system/base/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/system/base/tasks/include/fail2ban.yml
+++ b/playbooks/roles/system/base/tasks/include/fail2ban.yml
@ -1,3 +1,4 @@
+---
 - name: "fail2ban : install fail2ban"
  ansible.builtin.apt:
    name: "fail2ban"
--- a/playbooks/roles/system/base/tasks/include/fstrim.yml
+++ b/playbooks/roles/system/base/tasks/include/fstrim.yml
@ -1,3 +1,4 @@
+---
 - name: "fstrim : enable fstrim.timer"
  ansible.builtin.systemd:
    name: "fstrim.timer"
--- a/playbooks/roles/system/base/tasks/include/logs.yml
+++ b/playbooks/roles/system/base/tasks/include/logs.yml
@ -1,3 +1,4 @@
+---
 - name: "logs : install logcheck and logrotate"
  ansible.builtin.apt:
    name:
--- a/playbooks/roles/system/base/tasks/include/motd.yml
+++ b/playbooks/roles/system/base/tasks/include/motd.yml
@ -1,3 +1,4 @@
+---
 - name: "motd : set motd"
  ansible.builtin.copy:
    src: "{{ item }}"
--- a/playbooks/roles/system/base/tasks/include/ntp.yml
+++ b/playbooks/roles/system/base/tasks/include/ntp.yml
@ -1,3 +1,4 @@
+---
 - name: "ntp : install systemd-timesyncd"
  ansible.builtin.apt:
    name: "systemd-timesyncd"
--- a/playbooks/roles/system/base/tasks/include/root.yml
+++ b/playbooks/roles/system/base/tasks/include/root.yml
@ -1,3 +1,4 @@
+---
 - name: "root : disable root shell"
  ansible.builtin.user:
    name: "root"
--- a/playbooks/roles/system/base/tasks/include/sshd.yml
+++ b/playbooks/roles/system/base/tasks/include/sshd.yml
@ -1,3 +1,4 @@
+---
 # SSH must be installed so we don't bother with installing it.

 - name: "sshd : configure sshd"
--- a/playbooks/roles/system/base/tasks/include/systemd_mail.yml
+++ b/playbooks/roles/system/base/tasks/include/systemd_mail.yml
@ -1,3 +1,4 @@
+---
 - name: "systemd_mail : systemd mail root script"
  ansible.builtin.template:
    src: "./systemd_mail/system/systemd-mail-systemctl-status.j2"
--- a/playbooks/roles/system/base/tasks/include/unattended_upgrades.yml
+++ b/playbooks/roles/system/base/tasks/include/unattended_upgrades.yml
@ -1,3 +1,4 @@
+---
 - name: "unattended_upgrades : install unattended-upgrades"
  ansible.builtin.apt:
    name: "unattended-upgrades"
--- a/playbooks/roles/system/base/tasks/include/user.yml
+++ b/playbooks/roles/system/base/tasks/include/user.yml
@ -1,3 +1,4 @@
+---
 - block:

    - name: "user : clone tmux dotfiles"
--- a/playbooks/roles/system/base/tasks/include/utils.yml
+++ b/playbooks/roles/system/base/tasks/include/utils.yml
@ -1,3 +1,4 @@
+---
 - name: "utils : install utility programs"
  ansible.builtin.apt:
    name:
--- a/playbooks/roles/system/base/tasks/main.yml
+++ b/playbooks/roles/system/base/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "play:system : role:base : tasks:sshd"
  ansible.builtin.import_tasks: "include/sshd.yml"
  tags: "system:base:sshd"
--- a/playbooks/roles/system/mail/meta/argument_specs.yml
+++ b/playbooks/roles/system/mail/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/system/mail/tasks/main.yml
+++ b/playbooks/roles/system/mail/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "configure mailname"
  ansible.builtin.template:
    src: "./mailname.j2"
--- a/playbooks/roles/system/nftables/defaults/main.yml
+++ b/playbooks/roles/system/nftables/defaults/main.yml
@ -1,2 +1,3 @@
+---
 system_base_additional_tcp_ports: []
 system_base_udp_ports: []
--- a/playbooks/roles/system/nftables/meta/argument_specs.yml
+++ b/playbooks/roles/system/nftables/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/system/nftables/tasks/main.yml
+++ b/playbooks/roles/system/nftables/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "install nftables"
  ansible.builtin.apt:
    name: "nftables"
--- a/playbooks/roles/system/smart/meta/argument_specs.yml
+++ b/playbooks/roles/system/smart/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/system/smart/tasks/main.yml
+++ b/playbooks/roles/system/smart/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "install smartmontools"
  ansible.builtin.apt:
    name: "smartmontools"
--- a/playbooks/roles/system/ups/tasks/main.yml
+++ b/playbooks/roles/system/ups/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "install acpupsd"
  ansible.builtin.apt:
    name: "apcupsd"
--- a/playbooks/roles/system/zfs/defaults/main.yml
+++ b/playbooks/roles/system/zfs/defaults/main.yml
@ -1,3 +1,4 @@
+---
 system_zfs_zpools: []
 system_zfs_zpools_trim: []
 system_zfs_zpools_load_key: []
--- a/playbooks/roles/system/zfs/meta/argument_specs.yml
+++ b/playbooks/roles/system/zfs/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/system/zfs/tasks/include/conf.yml
+++ b/playbooks/roles/system/zfs/tasks/include/conf.yml
@ -1,3 +1,4 @@
+---
 - name: "conf : configure zfs module via modprobe.d"
  ansible.builtin.copy:
    src: "./conf/zfs.conf"
--- a/playbooks/roles/system/zfs/tasks/include/cron.yml
+++ b/playbooks/roles/system/zfs/tasks/include/cron.yml
@ -1,3 +1,4 @@
+---
 - name: "cron : remove the zfsutils cron job"
  ansible.builtin.file:
    state: "absent"
--- a/playbooks/roles/system/zfs/tasks/include/fstrim.yml
+++ b/playbooks/roles/system/zfs/tasks/include/fstrim.yml
@ -1,3 +1,4 @@
+---
 # Run fstrim daily on ZFS. It's a no-op on ZFS filesystems, but it will run on zvols mounted via
 # fstab. Untrimmed zvol blocks occupy space in th ZFS pool. Therefore, this helps keep zvol space
 # requirements down if they are busy.
--- a/playbooks/roles/system/zfs/tasks/include/load_key.yml
+++ b/playbooks/roles/system/zfs/tasks/include/load_key.yml
@ -1,3 +1,4 @@
+---
 - name: "load_key : zfs load key service file"
  ansible.builtin.copy:
    src: "./load_key/zfs-load-key@.service"
--- a/playbooks/roles/system/zfs/tasks/include/scrub.yml
+++ b/playbooks/roles/system/zfs/tasks/include/scrub.yml
@ -1,3 +1,4 @@
+---
 - name: "scrub : zpool status mail script"
  ansible.builtin.template:
    src: "./scrub/systemd-mail-zpool-status.j2"
--- a/playbooks/roles/system/zfs/tasks/include/trim.yml
+++ b/playbooks/roles/system/zfs/tasks/include/trim.yml
@ -1,3 +1,4 @@
+---
 - name: "trim : zfs trim service file"
  ansible.builtin.copy:
    src: "./trim/zfs-trim@.service"
--- a/playbooks/roles/system/zfs/tasks/main.yml
+++ b/playbooks/roles/system/zfs/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "play:system : role:zfs : tasks:conf"
  ansible.builtin.import_tasks: "include/conf.yml"
  tags: "system:zfs:conf"
--- a/playbooks/roles/vpn/base/tasks/main.yml
+++ b/playbooks/roles/vpn/base/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "enable ipv4 forwarding"
  ansible.posix.sysctl:
    name: "net.ipv4.ip_forward"
--- a/playbooks/roles/vpn/bridge/meta/argument_specs.yml
+++ b/playbooks/roles/vpn/bridge/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/vpn/bridge/tasks/main.yml
+++ b/playbooks/roles/vpn/bridge/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "post-up nftables inet script"
  ansible.builtin.template:
    src: "./post-up-br0-inet.nft.j2"
--- a/playbooks/roles/vpn/wireguard/meta/argument_specs.yml
+++ b/playbooks/roles/vpn/wireguard/meta/argument_specs.yml
@ -1,3 +1,4 @@
+---
 argument_specs:
  main:
    options:
--- a/playbooks/roles/vpn/wireguard/tasks/main.yml
+++ b/playbooks/roles/vpn/wireguard/tasks/main.yml
@ -1,3 +1,4 @@
+---
 - name: "install wireguard"
  ansible.builtin.apt:
    name: "wireguard"