Remise en forme

defaults/main.yml

@@ -6,4 +6,4 @@ common_postfix_recipient_canonical_maps: ""
 common_postfix_configure_sasl: false
 common_X11Forwarding: false
 common_swappiness: 5
-
+common_set_root_password: false

tasks/configure_postfix_relay.yml

@@ -1,5 +1,5 @@
 - name: Supprime exim
-  package:
+  ansible.builtin.package:
     name:
       - exim4-base
       - exim4-config
@@ -7,71 +7,77 @@
     state: absent
 
 - name: Installation postfix
-  package:
+  ansible.builtin.package:
     name:
       - postfix
       - libsasl2-modules
     state: present
 
 - name: Configuration postfix
-  template:
+  ansible.builtin.template:
     src: postfix-main.cf.j2
     dest: /etc/postfix/main.cf
+    mode: u=rw,g=r,o=r
   notify:
     - restart postfix
 
 - name: Configuration postfix
-  template:
+  ansible.builtin.template:
     src: sasl-password-map
     dest: /etc/postfix/sasl-password-map
-    mode: 0600
+    mode: u=rw,g=,o=
     owner: root
     group: root
   register: _sasl_password_map
   when: common_postfix_configure_sasl is true
 
-- shell: |
-    cd /etc/postfix/
-    postmap sasl-password-map
+- name: Exécute postmap
+  ansible.builtin.command: postmap sasl-password-map
+  args:
+    chdir: /etc/postfix/
   when: common_postfix_configure_sasl is true and _sasl_password_map.changed
+  changed_when: true
 
 - name: Configuration aliases postfix
-  template:
+  ansible.builtin.template:
     src: aliases.j2
     dest: /etc/aliases
+    mode: u=rw,g=r,o=r
   register: aliases
   notify:
     - restart postfix
 
-- shell: newaliases
+- name: Exécute newaliases # noqa no-handler
+  ansible.builtin.command: newaliases
   when: aliases.changed
+  changed_when: true
 
 - name: Configure sender_canonical_maps_regexp
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/postfix/sender_canonical_maps_regexp
     marker: "#### {mark} SECTION CONTROLEE PAR ANSIBLE ####"
     owner: root
     group: root
-    mode: 0755
-    create: yes
+    mode: u=rw,g=r,o=r
+    create: true
     block: |
       {{ common_postfix_sender_canonical_maps }}
   register: sender_canonical_maps_regexp
 
 - name: Configure recipient_canonical_maps_regexp
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/postfix/recipient_canonical_maps_regexp
     marker: "#### {mark} SECTION CONTROLEE PAR ANSIBLE ####"
     owner: root
     group: root
-    mode: 0755
-    create: yes
+    mode: u=rw,g=r,o=r
+    create: true
     block: |
       {{ common_postfix_recipient_canonical_maps }}
   register: recipiend_canonical_maps_regexp
 
-- name: postmap
-  command: postmap {{ item }}
+- name: Exécute postmap
+  ansible.builtin.command: postmap {{ item }}
   args:
     chdir: /etc/postfix/
   with_items:
@@ -80,6 +86,4 @@
   when: sender_canonical_maps_regexp.changed or recipiend_canonical_maps_regexp.changed
   notify:
     - restart postfix
-
-
-
+  changed_when: true

tasks/main.yml

@@ -1,22 +1,22 @@
-- debug:
-    var: common_user_password_salt
-
-- name: definit le mdp de root
-  user:
+- name: Définit le mdp de root
+  ansible.builtin.user:
     name: root
     state: present
     password: "{{ _pwd | password_hash('sha512', _salt) }}"
   vars:
     _pwd: "{{ common_rootpassword }}"
     _salt: "{{ common_user_password_salt }}"
+  # A ne faire que si demandé pour éviter de rapporter des changements qui n'en sont pas
+  when: common_set_root_password
 
 - name: Run the equivalent of "apt-get update" as a separate step
   ansible.builtin.apt:
-    update_cache: yes
+    update_cache: true
+  # Evite de rapporter des changements qui n'en sont pas
   changed_when: false
 
-- name: installe paquets
-  package:
+- name: Installe paquets
+  ansible.builtin.package:
     state: present
     name:
       - nftables
@@ -38,14 +38,14 @@
       - curl
 
 - name: Activation nftables
-  service:
+  ansible.builtin.service:
     name: nftables
     state: started
-    enabled: yes
+    enabled: true
 
 - name: Configuration ssh
-  import_role:
-     name: willshersystems.sshd
+  ansible.builtin.import_role:
+    name: willshersystems.sshd
   vars:
     sshd_skip_defaults: false
     sshd:
@@ -55,32 +55,40 @@
       PermitRootLogin: without-password
       X11Forwarding: "{{ common_X11Forwarding }}"
 
-- name: horodatage history 
-  template: src=historytime.sh dest=/etc/profile.d/historytime.sh
+- name: Horodatage history
+  ansible.builtin.template:
+    src: historytime.sh
+    dest: /etc/profile.d/historytime.sh
+    mode: u=rw,g=r,o=r
 
-- name: root bashrc
-  copy: src=root.bashrc dest=/root/.bashrc
+- name: Root bashrc
+  ansible.builtin.copy:
+    src: root.bashrc
+    dest: /root/.bashrc
+    mode: u=rw,g=r,o=r
 
-- name: "sudoers"
-  replace:
+- name: Configure sudoers # noqa no-tabs
+  ansible.builtin.replace:
     path: /etc/sudoers
     regexp: "%sudo\tALL.*"
     replace: "%sudo\tALL=(ALL:ALL) NOPASSWD:ALL"
 
-- import_tasks: configure_postfix_relay.yml
+- name: Configure relai postfix
+  ansible.biultin.import_tasks: configure_postfix_relay.yml
   tags: configure_postfix_relay
 
 
-- name: motd colors
-  template:
+- name: Motd colors
+  ansible.builtin.template:
     src: update-motd.d/colors
     dest: /etc/update-motd.d/
-    
-- name: configure motd
-  template:
+    mode: u=rw,g=r,o=r
+
+- name: Configure motd
+  ansible.builtin.template:
     src: update-motd.d/{{ item }}
     dest: /etc/update-motd.d/
-    mode: 0755
+    mode: u=rwx,g=rx,o=rx
   with_items:
     - 01-linebreak
     - 05-header
@@ -90,12 +98,12 @@
     - 30-upgrades
     - 50-linebreak
 
-- name: configuration swappiness
-  sysctl:
+- name: Configuration swappiness
+  ansible.posix.sysctl:
     name: vm.swappiness
     value: "{{ common_swappiness }}"
-    sysctl_set: yes
+    sysctl_set: true
     state: present
-    reload: yes
+    reload: true
   tags: configure_swappiness
   when: ansible_virtualization_type == "kvm"