Use FQCN

Fully Qualified Collection Name
2 months ago · ee21973371
parent 7a73df6bd7
commit ee21973371
392 changed files with 2517 additions and 2298 deletions
--- a/amavis/handlers/main.yml
+++ b/amavis/handlers/main.yml
@ -1,5 +1,5 @@
 ---
 - name: restart amavis
-  service:
+  ansible.builtin.service:
    name: amavis
    state: restarted
--- a/amavis/tasks/main.yml
+++ b/amavis/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - name: install Amavis
-  apt:
+  ansible.builtin.apt:
    name:
      - postgrey
      - amavisd-new
@ -9,7 +9,7 @@
  - amavis

 - name: configure Amavis
-  template:
+  ansible.builtin.template:
    src: amavis.conf.j2
    dest: /etc/amavis/conf.d/49-evolinux-defaults
    mode: "0644"
--- a/amazon-ec2/amazon-ec2-evolinux.yml
+++ b/amazon-ec2/amazon-ec2-evolinux.yml
@ -9,10 +9,10 @@
    aws_region: ca-central-1

  tasks:
-    - include_role:
+    - ansible.builtin.include_role:
        name: evolix/amazon-ec2
        tasks_from: setup.yml
-    - include_role:
+    - ansible.builtin.include_role:
        name: evolix/amazon-ec2
        tasks_from: create-instance.yml

@ -51,7 +51,7 @@
  - mysql

  post_tasks:
-  - include_role:
+  - ansible.builtin.include_role:
      name: evolix/etc-git
      tasks_from: commit.yml
    vars:
--- a/amazon-ec2/tasks/create-instance.yml
+++ b/amazon-ec2/tasks/create-instance.yml
@ -1,7 +1,7 @@
 ---

 - name: Launch new instance(s)
-  ec2:
+  amazon.aws.ec2:
    state: present
    aws_access_key: "{{ aws_access_key }}"
    aws_secret_key: "{{ aws_secret_key }}"
@ -16,19 +16,19 @@
  register: ec2

 - name: Add newly created instance(s) to inventory
-  add_host:
+  ansible.builtin.add_host:
    hostname: "{{ item.public_dns_name }}"
    groupname: launched-instances
    ansible_user: admin
    ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
  loop: "{{ ec2.instances }}"

- debug:
+- ansible.builtin.debug:
    msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}"
  loop: "{{ ec2.instances }}"

 - name: Wait for SSH to come up on all instances (give up after 2m)
-  wait_for:
+  ansible.builtin.wait_for:
    state: started
    host: "{{ item.public_dns_name }}"
    port: 22
--- a/amazon-ec2/tasks/post-install.yml
+++ b/amazon-ec2/tasks/post-install.yml
@ -1,5 +1,5 @@
 ---
 - name: Remove admin user
-  user:
+  ansible.builtin.user:
    name: admin
    state: absent
--- a/amazon-ec2/tasks/setup.yml
+++ b/amazon-ec2/tasks/setup.yml
@ -1,7 +1,7 @@
 ---

 - name: Create default security group
-  ec2_group:
+  amazon.aws.ec2_group:
    name: "{{ ec2_security_group.name }}"
    state: present
    aws_access_key: "{{ aws_access_key }}"
@ -12,7 +12,7 @@
    rules_egress: "{{ ec2_security_group.rules_egress }}"

 - name: Create key pair
-  ec2_key:
+  amazon.aws.ec2_key:
    name: "{{ ec2_keyname }}"
    state: present
    aws_access_key: "{{ aws_access_key }}"
--- a/apache/handlers/main.yml
+++ b/apache/handlers/main.yml
@ -1,15 +1,15 @@
 ---
 - name: restart apache
-  service:
+  ansible.builtin.service:
    name: apache2
    state: restarted

 - name: reload apache
-  service:
+  ansible.builtin.service:
    name: apache2
    state: reloaded

 - name: restart munin-node
-  service:
+  ansible.builtin.service:
    name: munin-node
    state: restarted
--- a/apache/tasks/auth.yml
+++ b/apache/tasks/auth.yml
@ -1,7 +1,7 @@
 ---

 - name: Init ipaddr_whitelist.conf file
-  copy:
+  ansible.builtin.copy:
    src: ipaddr_whitelist.conf
    dest: /etc/apache2/ipaddr_whitelist.conf
    owner: root
@ -12,10 +12,10 @@
    - apache

 - name: Load IP whitelist task
-  include: ip_whitelist.yml
+  ansible.builtin.import_tasks: ip_whitelist.yml

 - name: include private IP whitelist for server-status
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/apache2/mods-available/status.conf
    line: "        include /etc/apache2/ipaddr_whitelist.conf"
    insertafter: 'SetHandler server-status'
@ -24,7 +24,7 @@
    - apache

 - name: Copy private_htpasswd
-  copy:
+  ansible.builtin.copy:
    src: private_htpasswd
    dest: /etc/apache2/private_htpasswd
    owner: root
@ -36,7 +36,7 @@
    - apache

 - name: add user:pwd to private htpasswd
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: present
@ -46,7 +46,7 @@
    - apache

 - name: remove user:pwd from private htpasswd
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: absent
--- a/apache/tasks/ip_whitelist.yml
+++ b/apache/tasks/ip_whitelist.yml
@ -1,7 +1,7 @@
 ---

 - name: add IP addresses to private IP whitelist
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/apache2/ipaddr_whitelist.conf
    line: "Require ip {{ item }}"
    state: present
@ -12,7 +12,7 @@
    - ips

 - name: remove IP addresses from private IP whitelist
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/apache2/ipaddr_whitelist.conf
    line: "Require ip {{ item }}"
    state: absent
--- a/apache/tasks/log2mail.yml
+++ b/apache/tasks/log2mail.yml
@ -1,14 +1,14 @@
 ---

 - name: log2mail is installed
-  apt:
+  ansible.builtin.apt:
    name: log2mail
    state: present
  tags:
    - apache

 - name: Add log2mail config for Apache segfaults
-  template:
+  ansible.builtin.template:
    src: log2mail-apache.j2
    dest: "/etc/log2mail/config/apache"
    owner: log2mail
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@ -1,7 +1,7 @@
 ---

 - name: packages are installed (Debian 9 or later)
-  apt:
+  ansible.builtin.apt:
    name:
      - apache2
      - libapache2-mod-evasive
@ -14,7 +14,7 @@
  when: ansible_distribution_major_version is version('9', '>=')

 - name: itk package is installed if required (Debian 9 or later)
-  apt:
+  ansible.builtin.apt:
    name:
      - libapache2-mpm-itk
    state: present
@ -26,7 +26,7 @@
    - apache_mpm == "itk"

 - name: packages are installed (jessie)
-  apt:
+  ansible.builtin.apt:
    name:
      - apache2-mpm-itk
      - libapache2-mod-evasive
@ -39,7 +39,7 @@
  when: ansible_distribution_release == "jessie"

 - name: basic modules are enabled
-  apache2_module:
+  community.general.apache2_module:
    name: '{{ item }}'
    state: present
  loop:
@ -55,7 +55,7 @@
    - apache

 - name: basic modules are enabled
-  apache2_module:
+  community.general.apache2_module:
    name: '{{ item }}'
    state: present
  loop:
@ -67,7 +67,7 @@


 - name: Copy Apache defaults config file
-  copy:
+  ansible.builtin.copy:
    src: evolinux-defaults.conf
    dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
    owner: root
@ -79,7 +79,7 @@
  - apache

 - name: Copy Apache custom config file
-  copy:
+  ansible.builtin.copy:
    src: evolinux-custom.conf
    dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
    owner: root
@ -91,7 +91,7 @@
  - apache

 - name: disable status.conf
-  file:
+  ansible.builtin.file:
    dest: /etc/apache2/mods-enabled/status.conf
    state: absent
  notify: reload apache
@ -99,7 +99,8 @@
    - apache

 - name: Ensure Apache config files are enabled
-  command: "a2enconf {{ item }}"
+  ansible.builtin.command:
+    cmd: "a2enconf {{ item }}"
  register: command_result
  changed_when: "'Enabling' in command_result.stderr"
  loop:
@ -109,12 +110,12 @@
  tags:
    - apache

- include: auth.yml
+- ansible.builtin.include: auth.yml
  tags:
  - apache

 - name: default vhost is installed
-  template:
+  ansible.builtin.template:
    src: evolinux-default.conf.j2
    dest: /etc/apache2/sites-available/000-evolinux-default.conf
    mode: "0640"
@ -124,7 +125,7 @@
    - apache

 - name: default vhost is enabled
-  file:
+  ansible.builtin.file:
    src: /etc/apache2/sites-available/000-evolinux-default.conf
    dest: /etc/apache2/sites-enabled/000-default.conf
    state: link
@ -134,12 +135,13 @@
  tags:
    - apache

- include: server_status.yml
+- ansible.builtin.include: server_status.yml
  tags:
    - apache

 - name: is umask already present?
-  command: "grep -E '^umask ' /etc/apache2/envvars"
+  ansible.builtin.command:
+    cmd: "grep -E '^umask ' /etc/apache2/envvars"
  failed_when: False
  changed_when: False
  register: envvar_grep_umask
@ -148,7 +150,7 @@
    - apache

 - name: Add a mark in envvars for umask
-  blockinfile:
+  ansible.builtin.blockinfile:
    dest: /etc/apache2/envvars
    marker: "## {mark} ANSIBLE MANAGED BLOCK"
    block: |
@ -159,13 +161,13 @@
  tags:
    - apache

- include_role:
+- ansible.builtin.include_role:
    name: evolix/remount-usr
  tags:
    - apache

 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
    dest: /usr/share/scripts
    mode: "0700"
    owner: root
@ -175,7 +177,7 @@
    - apache

 - name: "Install save_apache_status.sh"
-  copy:
+  ansible.builtin.copy:
    src: save_apache_status.sh
    dest: /usr/share/scripts/save_apache_status.sh
    mode: "0755"
@ -184,7 +186,7 @@
    - apache

 - name: "logrotate: {{ apache_logrotate_frequency }}"
-  replace:
+  ansible.builtin.replace:
    dest: /etc/logrotate.d/apache2
    regexp: "(daily|weekly|monthly)"
    replace: "{{ apache_logrotate_frequency }}"
@ -192,19 +194,19 @@
    - apache

 - name: "logrotate: rotate {{ apache_logrotate_rotate }}"
-  replace:
+  ansible.builtin.replace:
    dest: /etc/logrotate.d/apache2
    regexp: '^(\s+rotate) \d+$'
    replace: '\1 {{ apache_logrotate_rotate }}'
  tags:
    - apache

- include: log2mail.yml
+- ansible.builtin.include: log2mail.yml
  when: apache_log2mail_include
  tags:
    - apache

- include: munin.yml
+- ansible.builtin.include: munin.yml
  when: apache_munin_include | bool
  tags:
    - apache
--- a/apache/tasks/munin.yml
+++ b/apache/tasks/munin.yml
@ -1,7 +1,7 @@
 ---

 - name: "Install munin-node and core plugins packages"
-  apt:
+  ansible.builtin.apt:
    name:
      - munin-node
      - munin-plugins-core
@ -11,7 +11,7 @@
    - munin

 - name: "Enable Munin plugins"
-  file:
+  ansible.builtin.file:
    src: "/usr/share/munin/plugins/{{ item }}"
    dest: "/etc/munin/plugins/{{ item }}"
    state: link
@ -25,7 +25,7 @@
    - munin

 - name: "Install fcgi packages for Munin graphs"
-  apt:
+  ansible.builtin.apt:
    name:
      - libapache2-mod-fcgid
      - libcgi-fast-perl
@ -36,7 +36,8 @@
    - munin

 - name: "Enable libapache2-mod-fcgid"
-  command: a2enmod fcgid
+  ansible.builtin.command:
+    cmd: a2enmod fcgid
  register: cmd_enable_fcgid
  changed_when: "'Module fcgid already enabled' not in cmd_enable_fcgid.stdout"
  notify: restart apache
@ -45,7 +46,7 @@
    - munin

 - name: "Apache has access to /var/log/munin/"
-  file:
+  ansible.builtin.file:
    path: /var/log/munin/
    group: www-data
  tags:
--- a/apache/tasks/server_status.yml
+++ b/apache/tasks/server_status.yml
@ -1,7 +1,7 @@
 ---

 - name: server status dirname exists
-  file:
+  ansible.builtin.file:
    dest: "{{ apache_serverstatus_suffix_file | dirname }}"
    mode: "0700"
    owner: root
@ -9,7 +9,7 @@
    state: directory

 - name: set apache serverstatus suffix if provided
-  copy:
+  ansible.builtin.copy:
    dest: "{{ apache_serverstatus_suffix_file }}"
    # The last character "\u000A" is a line feed (LF), it's better to keep it
    content: "{{ apache_serverstatus_suffix }}\u000A"
@ -17,51 +17,53 @@
  when: apache_serverstatus_suffix | length > 0

 - name: generate random string for server-status suffix
-  shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
+  ansible.builtin.shell:
+    cmd: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
  args:
    creates: "{{ apache_serverstatus_suffix_file }}"

 - name: read apache server status suffix
-  command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
+  ansible.builtin.command:
+    cmd: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
  changed_when: False
  check_mode: no
  register: new_apache_serverstatus_suffix

 - name: overwrite apache_serverstatus_suffix
-  set_fact:
+  ansible.builtin.set_fact:
    apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"

- debug:
+- ansible.builtin.debug:
    var: apache_serverstatus_suffix
    verbosity: 1

 - name: replace server-status suffix in default site index
-  replace:
+  ansible.builtin.replace:
    dest: /var/www/index.html
    regexp: '__SERVERSTATUS_SUFFIX__'
    replace: "{{ apache_serverstatus_suffix }}"

 - name: add server-status suffix in default site index if missing
-  replace:
+  ansible.builtin.replace:
    dest: /var/www/index.html
    regexp: '"/server-status-?"'
    replace: '"/server-status-{{ apache_serverstatus_suffix }}"'

 - name: add server-status suffix in default VHost
-  replace:
+  ansible.builtin.replace:
    dest: /etc/apache2/sites-available/000-evolinux-default.conf
    regexp: '<Location /server-status-?>'
    replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
  notify: reload apache

 - name: Munin configuration has a section for apache
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/munin/plugin-conf.d/munin-node
    line: "[apache_*]"
    create: no

 - name: apache-status URL is configured for Munin
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/munin/plugin-conf.d/munin-node
    line: "env.url http://{{ apache_serverstatus_host }}/server-status-{{ apache_serverstatus_suffix }}?auto"
    regexp: 'env.url http://[^\\/]+/server-status'
@ -70,7 +72,7 @@
  notify: restart munin-node

 - name: add mailgraph URL in index.html
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /var/www/index.html
    state: present
    line: '            <li><a href="/mailgraph">Stats Mail</a></li>'
--- a/apt/tasks/backports.deb822.yml
+++ b/apt/tasks/backports.deb822.yml
@ -1,7 +1,7 @@
 ---

 - name: Backports deb822 sources list is installed
-  template:
+  ansible.builtin.template:
    src: '{{ ansible_distribution_release }}_backports.sources.j2'
    dest: /etc/apt/sources.list.d/backports.sources
    force: yes
@ -11,7 +11,7 @@
    - apt

 - name: Backports configuration
-  copy:
+  ansible.builtin.copy:
    src: '{{ ansible_distribution_release }}_backports_preferences'
    dest: /etc/apt/preferences.d/0-backports-defaults
    force: yes
@ -21,7 +21,7 @@
    - apt

 - name: Apt update
-  apt:
+  ansible.builtin.apt:
    update_cache: yes
  when: apt_backports_sources is changed or apt_backports_config is changed
  tags:
--- a/apt/tasks/backports.oneline.yml
+++ b/apt/tasks/backports.oneline.yml
@ -1,6 +1,6 @@
 ---
 - name: No backports config in default sources.list
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/apt/sources.list
    regexp: "backports"
    state: absent
@ -8,7 +8,7 @@
    - apt

 - name: Backports sources list is installed
-  template:
+  ansible.builtin.template:
    src: '{{ ansible_distribution_release }}_backports.list.j2'
    dest: /etc/apt/sources.list.d/backports.list
    force: yes
@ -18,7 +18,7 @@
    - apt

 - name: Backports configuration
-  copy:
+  ansible.builtin.copy:
    src: '{{ ansible_distribution_release }}_backports_preferences'
    dest: /etc/apt/preferences.d/0-backports-defaults
    force: yes
@ -28,7 +28,7 @@
    - apt

 - name: Archived backport are accepted (jessie)
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: '/etc/apt/apt.conf.d/99no-check-valid-until'
    line: 'Acquire::Check-Valid-Until no;'
    create: yes
@ -38,7 +38,7 @@
  when: ansible_distribution_release == "jessie"

 - name: Apt update
-  apt:
+  ansible.builtin.apt:
    update_cache: yes
  tags:
    - apt
--- a/apt/tasks/backports.yml
+++ b/apt/tasks/backports.yml
@ -3,11 +3,11 @@
 # Backward compatibility task file

 - name: Install backports repositories (Debian <12)
-  import_tasks: backports.oneline.yml
+  ansible.builtin.import_tasks: backports.oneline.yml
  when:
    - ansible_distribution_major_version is version('12', '<')

 - name: Install backports repositories (Debian >=12)
-  import_tasks: backports.deb822.yml
+  ansible.builtin.import_tasks: backports.deb822.yml
  when:
    - ansible_distribution_major_version is version('12', '>=')
--- a/apt/tasks/basics.deb822.yml
+++ b/apt/tasks/basics.deb822.yml
@ -1,7 +1,7 @@
 ---

 - name: Change basics repositories
-  template:
+  ansible.builtin.template:
    src: "{{ ansible_distribution_release }}_basics.sources.j2"
    dest: /etc/apt/sources.list.d/system.sources
    mode: "0644"
@ -11,7 +11,7 @@
    - apt

 - name: Change security repositories
-  template:
+  ansible.builtin.template:
    src: "{{ ansible_distribution_release }}_security.sources.j2"
    dest: /etc/apt/sources.list.d/security.sources
    mode: "0644"
@ -27,7 +27,8 @@
  register: list_files

 - name: Disable one-line-formatted sources
-  command: "mv --verbose {{ item.path }} {{ item.path }}.bak"
+  ansible.builtin.command:
+    cmd: "mv --verbose {{ item.path }} {{ item.path }}.bak"
  environment:
    LC_ALL: C
  loop: "{{ list_files.files }}"
@ -37,7 +38,7 @@
    - apt

 - name: Apt update
-  apt:
+  ansible.builtin.apt:
    update_cache: yes
  tags:
    - apt
--- a/apt/tasks/basics.oneline.yml
+++ b/apt/tasks/basics.oneline.yml
@ -1,7 +1,7 @@
 ---

 - name: Change basics repositories
-  template:
+  ansible.builtin.template:
    src: "{{ ansible_distribution_release }}_basics.list.j2"
    dest: /etc/apt/sources.list
    mode: "0644"
@ -11,7 +11,7 @@
    - apt

 - name: Apt update
-  apt:
+  ansible.builtin.apt:
    update_cache: yes
  tags:
    - apt
--- a/apt/tasks/basics.yml
+++ b/apt/tasks/basics.yml
@ -3,11 +3,11 @@
 # Backward compatibility task file

 - name: Install basics repositories (Debian <12)
-  import_tasks: basics.oneline.yml
+  ansible.builtin.import_tasks: basics.oneline.yml
  when:
    - ansible_distribution_major_version is version('12', '<')

 - name: Install basics repositories (Debian >=12)
-  import_tasks: basics.deb822.yml
+  ansible.builtin.import_tasks: basics.deb822.yml
  when:
    - ansible_distribution_major_version is version('12', '>=')
--- a/apt/tasks/config.yml
+++ b/apt/tasks/config.yml
@ -1,7 +1,7 @@
 ---

 - name: Evolinux config for APT
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/apt/apt.conf.d/z-evolinux.conf
    line: "{{ item.line }}"
    regexp: "{{ item.regexp }}"
@ -17,7 +17,7 @@
  when: apt_evolinux_config | bool

 - name: DPkg invoke hooks
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/apt/apt.conf.d/z-evolinux.conf
    line: "{{ item }}"
    create: yes
@ -33,7 +33,7 @@
  when: apt_hooks | bool

 - name: Remove Aptitude
-  apt:
+  ansible.builtin.apt:
    name: aptitude
    state: absent
  tags:
--- a/apt/tasks/evolix_public.deb822.yml
+++ b/apt/tasks/evolix_public.deb822.yml
@ -1,14 +1,14 @@
 ---

 - name: Look for legacy apt keyring
-  stat:
+  ansible.builtin.stat:
    path: /etc/apt/trusted.gpg
  register: _trusted_gpg_keyring
  tags:
    - apt

 - name: Evolix embedded GPG key is absent
-  apt_key:
+  ansible.builtin.apt_key:
    id: "B8612B5D"
    keyring: /etc/apt/trusted.gpg
    state: absent
@ -17,7 +17,7 @@
  when: _trusted_gpg_keyring.stat.exists

 - name: Add Evolix GPG key
-  copy:
+  ansible.builtin.copy:
    src: pub_evolix.asc
    dest: "{{ apt_keyring_dir }}/pub_evolix.asc"
    force: yes
@ -28,7 +28,7 @@
    - apt

 - name: Evolix public list is installed
-  template:
+  ansible.builtin.template:
    src: evolix_public.sources.j2
    dest: /etc/apt/sources.list.d/evolix_public.sources
    force: yes
@ -38,7 +38,7 @@
    - apt

 - name: Apt update
-  apt:
+  ansible.builtin.apt:
    update_cache: yes
  tags:
    - apt
--- a/apt/tasks/evolix_public.oneline.yml
+++ b/apt/tasks/evolix_public.oneline.yml
@ -1,14 +1,14 @@
 ---

 - name: Look for legacy apt keyring
-  stat:
+  ansible.builtin.stat:
    path: /etc/apt/trusted.gpg
  register: _trusted_gpg_keyring
  tags:
    - apt

 - name: Evolix embedded GPG key is absent
-  apt_key:
+  ansible.builtin.apt_key:
    id: "B8612B5D"
    keyring: /etc/apt/trusted.gpg
    state: absent
@ -17,7 +17,7 @@
  when: _trusted_gpg_keyring.stat.exists

 - name: Add Evolix GPG key
-  copy:
+  ansible.builtin.copy:
    src: pub_evolix.asc
    dest: "{{ apt_keyring_dir }}/pub_evolix.asc"
    force: yes
@ -28,7 +28,7 @@
    - apt

 - name: Evolix public list is installed
-  template:
+  ansible.builtin.template:
    src: evolix_public.list.j2
    dest: /etc/apt/sources.list.d/evolix_public.list
    force: yes
@ -38,7 +38,7 @@
    - apt

 - name: Apt update
-  apt:
+  ansible.builtin.apt:
    update_cache: yes
  tags:
    - apt
--- a/apt/tasks/evolix_public.yml
+++ b/apt/tasks/evolix_public.yml
@ -3,11 +3,11 @@
 # Backward compatibility task file

 - name: Install Evolix Public repositories (Debian <12)
-  import_tasks: evolix_public.oneline.yml
+  ansible.builtin.import_tasks: evolix_public.oneline.yml
  when:
    - ansible_distribution_major_version is version('12', '<')

 - name: Install Evolix Public repositories (Debian >=12)
-  import_tasks: evolix_public.deb822.yml
+  ansible.builtin.import_tasks: evolix_public.deb822.yml
  when:
    - ansible_distribution_major_version is version('12', '>=')
--- a/apt/tasks/hold_packages.yml
+++ b/apt/tasks/hold_packages.yml
@ -1,11 +1,11 @@
 ---

- include_role:
+- ansible.builtin.include_role:
    name: evolix/remount-usr

 - name: "hold packages (apt)"
-  shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
    executable: /bin/bash
  check_mode: no
  register: apt_mark
@ -18,7 +18,7 @@
    - apt

 - name: "/etc/evolinux is present"
-  file:
+  ansible.builtin.file:
    dest: /etc/evolinux
    mode: "0700"
    state: directory
@ -26,7 +26,7 @@
    - apt

 - name: "hold packages (config)"
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/evolinux/apt_hold_packages.cf
    line: "{{ item }}"
    create: True
@ -36,8 +36,8 @@
    - apt

 - name: "unhold packages (apt)"
-  shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
    executable: /bin/bash
  check_mode: no
  register: apt_mark
@ -48,7 +48,7 @@
    - apt

 - name: "unhold packages (config)"
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/evolinux/apt_hold_packages.cf
    line: "{{ item }}"
    create: True
@ -58,7 +58,7 @@
    - apt

 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
    dest: /usr/share/scripts
    mode: "0700"
    owner: root
@ -68,7 +68,7 @@
    - apt

 - name: Check scripts is installed
-  copy:
+  ansible.builtin.copy:
    src: check_held_packages.sh
    dest: /usr/share/scripts/check_held_packages.sh
    force: yes
@ -77,7 +77,8 @@
    - apt

 - name: Check if Cron is installed
-  shell: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
+  ansible.builtin.shell:
+    cmd: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
  register: is_cron
  changed_when: False
  failed_when: False
@ -86,7 +87,7 @@
    - apt

 - name: Check for held packages (script)
-  cron:
+  ansible.builtin.cron:
    cron_file: apt-hold-packages
    name: check_held_packages
    job: "/usr/share/scripts/check_held_packages.sh"
--- a/apt/tasks/main.yml
+++ b/apt/tasks/main.yml
@ -1,7 +1,7 @@
 ---

 - name: "Compatibility check"
-  assert:
+  ansible.builtin.assert:
    that:
      - ansible_distribution == "Debian"
      - ansible_distribution_major_version is version('8', '>=')
@ -10,7 +10,7 @@
    - apt

 - name: "apt-transport-https is installed for https repositories (before Buster)"
-  apt:
+  ansible.builtin.apt:
    name:
      - apt-transport-https
  tags:
@ -18,20 +18,20 @@
  when: ansible_distribution_major_version is version('10', '<')

 - name: "certificates are installed for https repositories"
-  apt:
+  ansible.builtin.apt:
    name:
      - ca-certificates
  tags:
    - apt

 - name: Custom configuration
-  import_tasks: config.yml
+  ansible.builtin.import_tasks: config.yml
  when: apt_config | bool
  tags:
    - apt

 - name: Install basics repositories (Debian <12)
-  import_tasks: basics.oneline.yml
+  ansible.builtin.import_tasks: basics.oneline.yml
  tags:
    - apt
  when:
@ -39,7 +39,7 @@
    - ansible_distribution_major_version is version('12', '<')

 - name: Install basics repositories (Debian >=12)
-  import_tasks: basics.deb822.yml
+  ansible.builtin.import_tasks: basics.deb822.yml
  tags:
    - apt
  when:
@ -47,7 +47,7 @@
    - ansible_distribution_major_version is version('12', '>=')

 - name: Install backports repositories (Debian <12)
-  import_tasks: backports.oneline.yml
+  ansible.builtin.import_tasks: backports.oneline.yml
  tags:
    - apt
  when:
@ -57,7 +57,7 @@
 # With Debian 12+ and the deb822 format of source files
 # backports are always installed but enabled according to `apt_install_backports`
 - name: Install backports repositories (Debian >=12)
-  import_tasks: backports.deb822.yml
+  ansible.builtin.import_tasks: backports.deb822.yml
  tags:
    - apt
  when:
@ -65,7 +65,7 @@


 - name: Install Evolix Public repositories (Debian <12)
-  import_tasks: evolix_public.oneline.yml
+  ansible.builtin.import_tasks: evolix_public.oneline.yml
  tags:
    - apt
  when:
@ -73,7 +73,7 @@
    - ansible_distribution_major_version is version('12', '<')

 - name: Install Evolix Public repositories (Debian >=12)
-  import_tasks: evolix_public.deb822.yml
+  ansible.builtin.import_tasks: evolix_public.deb822.yml
  tags:
    - apt
  when:
@ -81,7 +81,7 @@
    - ansible_distribution_major_version is version('12', '>=')

 - name: Clean GANDI sources
-  file:
+  ansible.builtin.file:
    path: '{{ item }}'
    state: absent
  loop:
@ -97,20 +97,20 @@


 - name: Install check for packages marked hold
-  import_tasks: hold_packages.yml
+  ansible.builtin.import_tasks: hold_packages.yml
  when: apt_install_hold_packages | bool
  tags:
    - apt

 - name: Updating APT cache
-  apt:
+  ansible.builtin.apt:
    update_cache: yes
  changed_when: False
  tags:
    - apt

 - name: Upgrading system
-  apt:
+  ansible.builtin.apt:
    upgrade: dist
  when: apt_upgrade | bool
  tags:
--- a/apt/tasks/migrate-to-deb822.yml
+++ b/apt/tasks/migrate-to-deb822.yml
@ -1,9 +1,9 @@
 ---
- include_role:
+- ansible.builtin.include_role:
    name: evolix/remount-usr

 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
    dest: /usr/share/scripts
    mode: "0700"
    owner: root
@ -13,7 +13,7 @@
    - apt

 - name: Migration scripts are installed
-  copy:
+  ansible.builtin.copy:
    src: "{{ item  }}"
    dest: "/usr/share/scripts/{{ item  }}"
    force: yes
@ -25,7 +25,8 @@
    - apt

 - name: Exec migration script
-  command: /usr/share/scripts/deb822-migration.sh
+  ansible.builtin.command:
+    cmd: /usr/share/scripts/deb822-migration.sh
  ignore_errors: yes
  tags:
    - apt
--- a/apt/tasks/move-apt-keyring.yml
+++ b/apt/tasks/move-apt-keyring.yml
@ -1,18 +1,18 @@
 ---

 - name: New APT keyrings directory is present
-  file:
+  ansible.builtin.file:
    path: /etc/apt/keyrings
    state: directory
    mode: "0755"
    owner: root
    group: root

- include_role:
+- ansible.builtin.include_role:
    name: evolix/remount-usr

 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
    dest: /usr/share/scripts
    mode: "0700"
    owner: root
@ -22,7 +22,7 @@
    - apt

 - name: migration script is present
-  copy:
+  ansible.builtin.copy:
    src: move-apt-keyrings.sh
    dest: /usr/share/scripts/move-apt-keyrings.sh
    mode: "0755"
@ -30,7 +30,8 @@
    group: root

 - name: Move repository signing key
-  command: "/usr/share/scripts/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
+  ansible.builtin.command:
+    cmd: "/usr/share/scripts/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
  loop:
    - { repository_pattern: "http://pub.evolix.net/", key: "reg.asc" }
    - { repository_pattern: "http://pub.evolix.org/evolix", key: "pub_evolix.asc" }
@ -48,5 +49,5 @@
  register: _cmd

 - name: Debug command
-  debug:
+  ansible.builtin.debug:
    var: _cmd
--- a/bind/handlers/main.yml
+++ b/bind/handlers/main.yml
@ -1,21 +1,21 @@
 ---
 - name: reload systemd
-  systemd:
+  ansible.builtin.systemd:
    daemon-reload: yes


 - name: restart apparmor
-  systemd:
+  ansible.builtin.systemd:
    name: apparmor
    state: restarted

 - name: restart bind
-  systemd:
+  ansible.builtin.systemd:
    name: bind9
    state: restarted

 - name: restart munin-node
-  systemd:
+  ansible.builtin.systemd:
    name: munin-node
    state: restarted

--- a/bind/tasks/authoritative.yml
+++ b/bind/tasks/authoritative.yml
@ -1,7 +1,7 @@
 ---

 - name: Set bind configuration for authoritative server
-  template:
+  ansible.builtin.template:
    src: named.conf.options_authoritative.j2
    dest: /etc/bind/named.conf.options
    owner: bind
--- a/bind/tasks/main.yml
+++ b/bind/tasks/main.yml
@ -1,6 +1,6 @@
 # Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
 - name: set chroot variables
-  set_fact:
+  ansible.builtin.set_fact:
    bind_log_file: /var/log/bind.log
    bind_query_file: /var/log/bind_queries.log
    bind_cache_dir: /var/cache/bind
@ -9,14 +9,15 @@
  when: bind_chroot_set | bool

 - name: Check AppArmor
-  shell: systemctl is-active apparmor || systemctl is-enabled apparmor
+  ansible.builtin.shell:
+    cmd: systemctl is-active apparmor || systemctl is-enabled apparmor
  failed_when: False
  changed_when: False
  check_mode: no
  register: check_apparmor

 - name: configure apparmor
-  template:
+  ansible.builtin.template:
    src: apparmor.usr.sbin.named.j2
    dest: /etc/apparmor.d/usr.sbin.named
    owner: root
@ -27,20 +28,20 @@
  when: check_apparmor.rc == 0

 - name: package are installed
-  apt:
+  ansible.builtin.apt:
    name:
      - bind9
      - dnstop
    state: present

- include: authoritative.yml
+- ansible.builtin.include: authoritative.yml
  when: bind_authoritative_server | bool

- include: recursive.yml
+- ansible.builtin.include: recursive.yml
  when: bind_recursive_server | bool

 - name: Create systemd service for Debian 8 (Jessie)
-  template:
+  ansible.builtin.template:
    src: bind9.service.jessie.j2
    dest: "{{ bind_systemd_service_path }}"
    owner: root
@ -53,7 +54,7 @@
  when: ansible_distribution_release == "jessie"

 - name: "touch {{ bind_log_file }} if non chroot"
-  file:
+  ansible.builtin.file:
    path: "{{ bind_log_file }}"
    owner: bind
    group: adm
@ -62,7 +63,7 @@
  when: not (bind_chroot_set | bool)

 - name: "touch {{ bind_query_file }} if non chroot"
-  file:
+  ansible.builtin.file:
    path: "{{ bind_query_file }}"
    owner: bind
    group: adm
@ -71,7 +72,7 @@
  when: not (bind_chroot_set | bool)

 - name: send chroot-bind.sh in /root
-  copy:
+  ansible.builtin.copy:
    src: chroot-bind.sh
    dest: /root/chroot-bind.sh
    mode: "0700"
@ -81,19 +82,20 @@
  when: bind_chroot_set | bool

 - name: exec chroot-bind.sh
-  command: "/root/chroot-bind.sh"
+  ansible.builtin.command:
+    cmd: "/root/chroot-bind.sh"
  register: chrootbind_run
  changed_when: False
  when: bind_chroot_set | bool

- debug:
+- ansible.builtin.debug:
    var: chrootbind_run.stdout_lines
  when:
    - bind_chroot_set | bool
    - chrootbind_run.stdout | length > 0

 - name: Modify OPTIONS in /etc/default/bind9 for chroot
-  replace:
+  ansible.builtin.replace:
    dest: /etc/default/bind9
    regexp: '^OPTIONS=.*'
    replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
@ -101,7 +103,7 @@
  when: bind_chroot_set | bool

 - name: logrotate for bind
-  template:
+  ansible.builtin.template:
    src: logrotate_bind.j2
    dest: /etc/logrotate.d/bind9
    owner: root
@ -110,4 +112,4 @@
    force: yes
  notify: restart bind

- include: munin.yml
+- ansible.builtin.include: munin.yml
--- a/bind/tasks/munin.yml
+++ b/bind/tasks/munin.yml
@ -1,7 +1,7 @@
 ---

 - name: is Munin present ?
-  stat:
+  ansible.builtin.stat:
    path: /etc/munin/plugin-conf.d/munin-node
  check_mode: no
  register: munin_node_plugins_config
@ -10,7 +10,7 @@
    - munin

 - name: Enable munin plugins for authoritative server
-  file:
+  ansible.builtin.file:
    src: "/usr/share/munin/plugins/{{ item }}"
    dest: "/etc/munin/plugins/{{ item }}"
    state: link
@ -18,31 +18,31 @@
    - bind9
    - bind9_rndc
  notify: restart munin-node
-  when:
-    - bind_authoritative_server | bool
-    - munin_node_plugins_config.stat.exists
  tags:
    - bind
    - munin
+  when:
+    - bind_authoritative_server | bool
+    - munin_node_plugins_config.stat.exists

 - name: Enable munin plugins for recursive server
-  file:
+  ansible.builtin.file:
    src: "/usr/share/munin/plugins/{{ item }}"
    dest: "/etc/munin/plugins/{{ item }}"
    state: link
  loop:
    - bind9
  notify: restart munin-node
+  tags:
+    - bind
+    - munin
  when:
    - bind_recursive_server | bool
    - bind_query_file_enabled | bool
    - munin_node_plugins_config.stat.exists
-  tags:
-    - bind
-    - munin

 - name: Add munin plugin configuration
-  template:
+  ansible.builtin.template:
    src: munin-env_bind9.j2
    dest: /etc/munin/plugin-conf.d/bind9
    owner: root
@ -50,7 +50,7 @@
    mode: "0644"
    force: yes
  notify: restart munin-node
-  when: munin_node_plugins_config.stat.exists
  tags:
    - bind
    - munin
+  when: munin_node_plugins_config.stat.exists
--- a/bind/tasks/recursive.yml
+++ b/bind/tasks/recursive.yml