Comply with linting on proxy setup

roles/bitwarden/handlers/main.yml

@@ -5,7 +5,12 @@
   listen: rebuild_bitwarden
 
 - name: Rebuild Bitwarden
-  ansible.builtin.shell: "{{ bitwarden_root }}/bitwarden.sh rebuild"
+  ansible.builtin.command: "{{ bitwarden_root }}/bitwarden.sh rebuild"
+  listen: rebuild_bitwarden
+
+- name: Reload systemd manager configuration
+  ansible.builtin.systemd:
+    daemon_reload: true
   listen: rebuild_bitwarden
 
 - name: Start Bitwarden after rebuild
@@ -14,3 +19,10 @@
     state: started
     enabled: true
   listen: rebuild_bitwarden
+
+- name: Create Bitwarden's initial log file
+  ansible.builtin.file:
+    path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt"
+    state: touch
+    mode: "644"
+  listen: touch_bitwarden

roles/bitwarden/tasks/main.yml

@@ -7,6 +7,7 @@
   ansible.builtin.file:
     path: "{{ bitwarden_root }}"
     state: directory
+    mode: "755"
 
 - name: Download Bitwarden script
   ansible.builtin.get_url:
@@ -22,7 +23,7 @@
     mode: u+x
 
 - name: Run Bitwarden installation script
-  ansible.builtin.shell: "{{ bitwarden_root }}/bw_wrapper"
+  ansible.builtin.command: "{{ bitwarden_root }}/bw_wrapper"
   args:
     creates: "{{ bitwarden_root }}/bwdata/config.yml"
 
@@ -30,6 +31,7 @@
   ansible.builtin.template:
     src: compose.override.yml.j2
     dest: "{{ bitwarden_root }}/bwdata/docker/docker-compose.override.yml"
+    mode: "644"
   when: bitwarden_override | default(true)
   notify: rebuild_bitwarden
 
@@ -76,6 +78,7 @@
   ansible.builtin.template:
     src: bitwarden.service.j2
     dest: "/etc/systemd/system/{{ bitwarden_name }}.service"
+    mode: "644"
   register: bitwarden_systemd
   notify: rebuild_bitwarden
 
@@ -83,22 +86,12 @@
   ansible.builtin.file:
     path: "{{ bitwarden_logs_identity }}"
     state: directory
-  register: bitwarden_logs
+    mode: "755"
-
+  notify: touch_bitwarden
-- name: Create Bitwarden's initial log file
-  ansible.builtin.file:
-    path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt"
-    state: touch
-  when: bitwarden_logs.changed
 
 - name: Install Bitwarden's Fail2ban jail
   ansible.builtin.template:
     src: fail2ban-jail.conf.j2
     dest: /etc/fail2ban/jail.d/bitwarden.conf
+    mode: "640"
   notify: restart_fail2ban
-
-- name: Reload systemd manager configuration
-  ansible.builtin.systemd:
-    daemon_reload: true
-  when: bitwarden_systemd.changed
-  notify: rebuild_bitwarden

roles/gitea/tasks/main.yml

@@ -21,6 +21,7 @@
 - name: Create git's .ssh directory
   ansible.builtin.file:
     path: /home/git/.ssh
+    mode: "700"
     state: directory
 
 - name: Generate git's SSH keys
@@ -40,6 +41,7 @@
 - name: Create git's authorized_keys file
   ansible.builtin.file:
     path: /home/git/.ssh/authorized_keys
+    mode: "600"
     state: touch
   when: not git_authkeys.stat.exists
 
@@ -53,21 +55,24 @@
   ansible.builtin.template:
     src: gitea.sh.j2
     dest: /usr/local/bin/gitea
-    mode: 0755
+    mode: "755"
 
 - name: Create Gitea's logging directory
   ansible.builtin.file:
     name: /var/log/gitea
     state: directory
+    mode: "755"
 
 - name: Install Gitea's Fail2ban filter
   ansible.builtin.template:
     src: fail2ban-filter.conf.j2
     dest: /etc/fail2ban/filter.d/gitea.conf
+    mode: "644"
   notify: restart_fail2ban
 
 - name: Install Gitea's Fail2ban jail
   ansible.builtin.template:
     src: fail2ban-jail.conf.j2
     dest: /etc/fail2ban/jail.d/gitea.conf
+    mode: "640"
   notify: restart_fail2ban

roles/mariadb/handlers/main.yml

@@ -6,7 +6,7 @@
   listen: restart_mariadb
 
 - name: Set MariaDB as restarted
-  set_fact:
+  ansible.builtin.set_fact:
     mariadb_restarted: true
   when: not mariadb_restarted
   listen: restart_mariadb

roles/mariadb/tasks/main.yml

@@ -4,7 +4,7 @@
     state: present
 
 - name: Set MariaDB restarted fact
-  set_fact:
+  ansible.builtin.set_fact:
     mariadb_restarted: false
 
 - name: Regather facts for the potentially new docker0 interface