Remove unnecessary use of become from some roles

This should make execution much faster
2024-09-05 23:33:49 +01:00 · 2024-09-05 23:33:49 +01:00 · d5a7a61171
commit d5a7a61171
parent 25cd394f08
68 changed files with 11 additions and 243 deletions
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -5,6 +5,7 @@ retry_files_enabled = False
 roles_path = $PWD/galaxy_roles:$PWD/roles
 collections_path = $PWD/galaxy_collections
 inventory = ./hosts
 become = True
 become_ask_pass = True
 interpreter_python = auto_silent
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -9,8 +9,7 @@
 - hosts: casey
  roles:
    - nginx
-    - role: geerlingguy.certbot
+    - geerlingguy.certbot
      become: true
    - gateway
    - headscale
    - restic
@ -25,7 +24,6 @@
    - tang
  roles:
    - role: geerlingguy.ntp
      become: true
      vars:
        ntp_timezone: "{{ timezone }}"
        ntp_manage_config: true
@ -37,8 +35,7 @@
    - renovate
    - gitea-runner
  roles:
-    - role: geerlingguy.docker
+    - geerlingguy.docker
      become: true
    - docker_cleanup
 - hosts:
@ -75,13 +72,10 @@
 - hosts: pve
  roles:
-    - role: ironicbadger.proxmox_nag_removal
+    - ironicbadger.proxmox_nag_removal
      become: true
    - zfs
-    - role: ironicbadger.snapraid
+    - ironicbadger.snapraid
-      become: true
+    - prometheus.prometheus.node_exporter
    - role: prometheus.prometheus.node_exporter
      become: true
 - hosts: forrest
  roles:
@ -98,8 +92,7 @@
 - hosts: walker
  roles:
    - nginx
-    - role: geerlingguy.certbot
+    - geerlingguy.certbot
      become: true
    - coredns_docker_proxy
    - plausible
    - restic
@ -128,6 +121,5 @@
 - hosts: tang
  roles:
    - adguardhome
-    - role: prometheus.prometheus.node_exporter
+    - prometheus.prometheus.node_exporter
      become: true
    - restic
--- a/ansible/roles/adguardhome/handlers/main.yml
+++ b/ansible/roles/adguardhome/handlers/main.yml
@ -3,11 +3,9 @@
    name: coredns
    state: restarted
    enabled: true
  become: true
 - name: restart systemd-resolved
  service:
    name: systemd-resolved
    state: restarted
    enabled: true
  become: true
--- a/ansible/roles/adguardhome/tasks/main.yml
+++ b/ansible/roles/adguardhome/tasks/main.yml
@ -1,7 +1,6 @@
 - name: Install adguardhome
  kewlfft.aur.aur:
    name: adguardhome-bin
  become: true
 - name: Disable resolved stub
  template:
@ -10,7 +9,6 @@
    owner: root
    mode: "0644"
  notify: restart systemd-resolved
  become: true
 - name: Use resolved resolv.conf
  file:
@ -18,12 +16,10 @@
    dest: /etc/resolv.conf
    state: link
  notify: restart systemd-resolved
  become: true
 - name: Install coredns
  kewlfft.aur.aur:
    name: coredns
  become: true
 - name: Install coredns config file
  template:
@ -32,4 +28,3 @@
    owner: coredns
    mode: "0644"
  notify: restart coredns
  become: true
--- a/ansible/roles/authentik/tasks/main.yml
+++ b/ansible/roles/authentik/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,4 +16,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart authentik
  become: true
--- a/ansible/roles/base/tasks/fail2ban.yml
+++ b/ansible/roles/base/tasks/fail2ban.yml
@ -1,25 +1,21 @@
 - name: Install fail2ban
  package:
    name: fail2ban
  become: true
 - name: Enable fail2ban
  service:
    name: fail2ban
    enabled: true
  become: true
 - name: fail2ban SSH jail
  template:
    src: files/ssh-jail.conf
    dest: /etc/fail2ban/jail.d/ssh.conf
    mode: "0600"
  become: true
  register: fail2ban_jail
 - name: Restart fail2ban
  service:
    name: fail2ban
    state: restarted
  become: true
  when: fail2ban_jail.changed
--- a/ansible/roles/base/tasks/logrotate.yml
+++ b/ansible/roles/base/tasks/logrotate.yml
@ -1,13 +1,11 @@
 - name: Install logrotate
  package:
    name: logrotate
  become: true
 - name: Enable logrotate timer
  service:
    name: logrotate.timer
    enabled: true
  become: true
  when: ansible_os_family == 'Archlinux'
 - name: logrotate fail2ban config
@ -15,4 +13,3 @@
    src: files/fail2ban-logrotate
    dest: /etc/logrotate.d/fail2ban
    mode: "0600"
  become: true
--- a/ansible/roles/base/tasks/packages.yml
+++ b/ansible/roles/base/tasks/packages.yml
@ -1,7 +1,6 @@
 - name: Install Base Packages
  package:
    name: "{{ item }}"
  become: true
  loop:
    - htop
    - neofetch
--- a/ansible/roles/base/tasks/ssh.yml
+++ b/ansible/roles/base/tasks/ssh.yml
@ -1,13 +1,11 @@
 - name: Install OpenSSH for Debian
  package:
    name: openssh-server
  become: true
  when: ansible_os_family == 'Debian'
 - name: Install OpenSSH for Arch
  package:
    name: openssh
  become: true
  when: ansible_os_family == 'Archlinux'
 - name: Define context
@ -22,7 +20,6 @@
    validate: /usr/sbin/sshd -t -f %s
    backup: true
    mode: "644"
  become: true
  register: sshd_config
 - name: Set up authorized keys
@ -38,11 +35,9 @@
  service:
    name: sshd
    enabled: true
  become: true
 - name: Restart SSH Daemon
  service:
    name: sshd
    state: reloaded
  when: sshd_config.changed
  become: true
--- a/ansible/roles/base/tasks/user.yml
+++ b/ansible/roles/base/tasks/user.yml
@ -5,11 +5,9 @@
    comment: "{{ me.name }}"
    shell: /bin/bash
    system: true
  become: true
 - name: Give user sudo access
  user:
    name: "{{ me.user }}"
    groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
    append: true
  become: true
--- a/ansible/roles/comentario/tasks/main.yml
+++ b/ansible/roles/comentario/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart comentario
  become: true
 - name: Install secrets
  copy:
@ -26,7 +24,6 @@
    mode: "600"
    owner: "{{ docker_user.name }}"
  notify: restart comentario
  become: true
 - name: Install nginx config
  template:
@ -34,7 +31,6 @@
    dest: /etc/nginx/http.d/comentario.conf
    mode: "0644"
  notify: reload nginx
  become: true
  vars:
    server_name: comentario.theorangeone.net
    upstream: comentario-comentario-1.docker:80
--- a/ansible/roles/coredns_docker_proxy/tasks/main.yml
+++ b/ansible/roles/coredns_docker_proxy/tasks/main.yml
@ -2,7 +2,6 @@
  docker_network:
    name: coredns
    internal: true
  become: true
 - name: Create install directory
  file:
@ -10,7 +9,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -20,4 +18,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart coredns
  become: true
--- a/ansible/roles/db_auto_backup/tasks/main.yml
+++ b/ansible/roles/db_auto_backup/tasks/main.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -14,4 +13,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart db-auto-backup
  become: true
--- a/ansible/roles/docker_cleanup/tasks/main.yml
+++ b/ansible/roles/docker_cleanup/tasks/main.yml
@ -1,7 +1,6 @@
 - name: Install docker-compose
  package:
    name: docker-compose
  become: true
  when: ansible_os_family != 'Debian'
 - name: Install compose-switch
@ -9,7 +8,6 @@
    url: "{{ docker_compose_url }}"
    dest: "{{ docker_compose_path }}"
    mode: "0755"
  become: true
  when: ansible_os_family == 'Debian'
 - name: Create docker group
@ -17,7 +15,6 @@
    name: "{{ docker_user.name }}"
    state: present
    gid: "{{ docker_user.id }}"
  become: true
 - name: Create docker user
  user:
@ -25,21 +22,18 @@
    uid: "{{ docker_user.id }}"
    group: "{{ docker_user.name }}"
    create_home: false
  become: true
 - name: Add user to docker user group
  user:
    name: "{{ me.user }}"
    groups: "{{ docker_user.name }}"
    append: true
  become: true
 - name: Add user to docker group
  user:
    name: "{{ me.user }}"
    groups: docker
    append: true
  become: true
 - name: Clean up docker containers
  cron:
@ -47,6 +41,7 @@
    hour: 1
    minute: 0
    job: docker system prune -af --volumes
    user: "{{ docker_user.name }}"
 - name: Install util scripts
  copy:
@ -54,6 +49,7 @@
    dest: "{{ me.home }}"
    mode: "755"
    directory_mode: "755"
    owner: "{{ me.user }}"
 - name: override docker service for zfs dependencies
  include_tasks: zfs-override.yml
--- a/ansible/roles/docker_cleanup/tasks/zfs-override.yml
+++ b/ansible/roles/docker_cleanup/tasks/zfs-override.yml
@ -3,7 +3,6 @@
    path: /etc/systemd/system/docker.service.d
    state: directory
    mode: "0755"
  become: true
 - name: Create override.conf
  copy:
@ -12,4 +11,3 @@
    owner: root
    group: root
    mode: "0644"
  become: true
--- a/ansible/roles/forgejo/tasks/main.yml
+++ b/ansible/roles/forgejo/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart gitea
  become: true
 - name: Install config file
  template:
@ -26,7 +24,6 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: restart gitea
  become: true
 - name: Create custom templates directory
  file:
@ -35,7 +32,6 @@
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
    recurse: true
  become: true
 - name: Install custom footer
  copy:
@ -44,4 +40,3 @@
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_file_mask }}"
  notify: restart gitea
  become: true
--- a/ansible/roles/forgejo_runner/tasks/main.yml
+++ b/ansible/roles/forgejo_runner/tasks/main.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install config file
  template:
@ -13,7 +12,6 @@
    mode: "600"
    owner: "{{ docker_user.name }}"
  notify: restart forgejo-runner
  become: true
 - name: Install compose file
  template:
@ -23,4 +21,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart forgejo-runner
  become: true
--- a/ansible/roles/gateway/tasks/fail2ban.yml
+++ b/ansible/roles/gateway/tasks/fail2ban.yml
@ -3,7 +3,6 @@
    src: files/nginx-fail2ban-filter.conf
    dest: /etc/fail2ban/filter.d/nginx-tcp.conf
    mode: "0600"
  become: true
  register: fail2ban_filter
 - name: fail2ban jail
@ -11,12 +10,10 @@
    src: files/nginx-fail2ban-jail.conf
    dest: /etc/fail2ban/jail.d/nginx.conf
    mode: "0600"
  become: true
  register: fail2ban_jail
 - name: Restart fail2ban
  service:
    name: fail2ban
    state: restarted
  become: true
  when: fail2ban_filter.changed or fail2ban_jail.changed
--- a/ansible/roles/gateway/tasks/nginx.yml
+++ b/ansible/roles/gateway/tasks/nginx.yml
@ -3,7 +3,6 @@
    src: files/nginx.conf
    dest: /etc/nginx/stream.d/gateway.conf
    mode: "0644"
  become: true
  register: nginx_config
 - name: Install CDN config
@ -11,12 +10,10 @@
    src: files/nginx-cdn.conf
    dest: /etc/nginx/http.d/cdn.conf
    mode: "0644"
  become: true
  register: nginx_config
 - name: Reload Nginx
  service:
    name: nginx
    state: reloaded
  become: true
  when: nginx_config.changed
--- a/ansible/roles/gateway/tasks/wireguard.yml
+++ b/ansible/roles/gateway/tasks/wireguard.yml
@ -1,7 +1,6 @@
 - name: Install wireguard tools
  package:
    name: "{{ item }}"
  become: true
  loop:
    - wireguard-tools
    - qrencode
@ -12,21 +11,18 @@
    dest: /etc/wireguard/wg0.conf
    mode: "0600"
    backup: true
  become: true
  register: wireguard_conf
 - name: Enable wireguard
  service:
    name: wg-quick@wg0
    enabled: true
  become: true
 - name: Restart wireguard
  service:
    name: wg-quick@wg0
    state: restarted
  when: wireguard_conf.changed
  become: true
 - name: Create wireguard client directory
  file:
--- a/ansible/roles/glinet_vpn/handlers/main.yml
+++ b/ansible/roles/glinet_vpn/handlers/main.yml
@ -2,4 +2,3 @@
  service:
    name: wg-quick@glinet
    state: restarted
  become: true
--- a/ansible/roles/glinet_vpn/tasks/main.yml
+++ b/ansible/roles/glinet_vpn/tasks/main.yml
@ -4,7 +4,6 @@
 - name: Install wireguard tools
  package:
    name: "{{ item }}"
  become: true
  loop:
    - wireguard-tools
    - qrencode
@ -15,7 +14,6 @@
    dest: /etc/wireguard/glinet.conf
    mode: "0600"
    backup: true
  become: true
  notify: restart wireguard
 - name: Wireguard client config
@ -24,11 +22,9 @@
    dest: "{{ me.home }}/glinet-vpn.conf"
    mode: "0600"
    owner: "{{ me.user }}"
  become: true
  notify: restart wireguard
 - name: Enable wireguard
  service:
    name: wg-quick@glinet
    enabled: true
  become: true
--- a/ansible/roles/headscale/handlers/main.yml
+++ b/ansible/roles/headscale/handlers/main.yml
@ -3,4 +3,3 @@
    name: headscale
    state: restarted
    enabled: true
  become: true
--- a/ansible/roles/headscale/tasks/main.yml
+++ b/ansible/roles/headscale/tasks/main.yml
@ -4,7 +4,6 @@
 - name: Install Headscale
  package:
    name: headscale
  become: true
 - name: Install headscale config file
  template:
@ -13,7 +12,6 @@
    owner: headscale
    mode: "0600"
  notify: restart headscale
  become: true
 - name: Install ACLs
  template:
@ -22,12 +20,10 @@
    owner: headscale
    mode: "0600"
  notify: restart headscale
  become: true
 - name: Install nginx config
  template:
    src: files/nginx.conf
    dest: /etc/nginx/http.d/headscale.conf
    mode: "0644"
  become: true
  notify: reload nginx
--- a/ansible/roles/http_proxy/handlers/main.yml
+++ b/ansible/roles/http_proxy/handlers/main.yml
@ -2,4 +2,3 @@
  service:
    name: squid
    state: restarted
  become: true
--- a/ansible/roles/http_proxy/tasks/main.yml
+++ b/ansible/roles/http_proxy/tasks/main.yml
@ -1,18 +1,15 @@
 - name: Install squid
  package:
    name: squid
  become: true
 - name: Squid config
  template:
    src: files/squid.conf
    dest: /etc/squid/squid.conf
    mode: "0600"
  become: true
  notify: restart squid
 - name: Enable squid
  service:
    name: squid
    enabled: true
  become: true
--- a/ansible/roles/ingress/handlers/main.yml
+++ b/ansible/roles/ingress/handlers/main.yml
@ -2,13 +2,11 @@
  service:
    name: wg-quick@wg0
    state: restarted
  become: true
 - name: reload nginx
  service:
    name: nginx
    state: reloaded
  become: true
 - name: reload nftables
  command:
@ -16,4 +14,3 @@
      - nft
      - -f
      - /etc/nftables.conf
  become: true
--- a/ansible/roles/ingress/tasks/firewall.yml
+++ b/ansible/roles/ingress/tasks/firewall.yml
@ -1,7 +1,6 @@
 - name: Install nftables
  package:
    name: nftables
  become: true
 - name: Copy firewall config
  template:
@ -9,7 +8,6 @@
    dest: /etc/nftables.conf
    validate: nft -c -f %s
    mode: "644"
  become: true
  notify: reload nftables
 - name: Enable nftables
@ -17,4 +15,3 @@
    name: nftables
    enabled: true
    state: started
  become: true
--- a/ansible/roles/ingress/tasks/nginx.yml
+++ b/ansible/roles/ingress/tasks/nginx.yml
@ -3,5 +3,4 @@
    src: files/nginx.conf
    dest: /etc/nginx/stream.d/ingress.conf
    mode: "0644"
  become: true
  notify: reload nginx
--- a/ansible/roles/ingress/tasks/wireguard.yml
+++ b/ansible/roles/ingress/tasks/wireguard.yml
@ -1,8 +1,6 @@
 - name: Install Wireguard
  package:
-    name:
+    name: wireguard
      - wireguard
  become: true
 - name: Get wireguard credentials
  set_fact:
@ -14,14 +12,12 @@
    dest: /etc/wireguard/wg0.conf
    mode: "0600"
    backup: true
  become: true
  notify: restart wireguard
 - name: Enable wireguard
  service:
    name: wg-quick@wg0
    enabled: true
  become: true
 - name: Enable p2p communication
  sysctl:
@ -31,4 +27,3 @@
    state: present
    reload: true
    sysctl_file: /etc/sysctl.d/99-sysctl.conf
  become: true
--- a/ansible/roles/jellyfin/tasks/main.yml
+++ b/ansible/roles/jellyfin/tasks/main.yml
@ -2,23 +2,19 @@
  ansible.builtin.apt_key:
    url: https://repo.jellyfin.org/jellyfin_team.gpg.key
    state: present
  become: true
 - name: Add Jellyfin repository
  apt_repository:
    repo: deb [arch=amd64] https://repo.jellyfin.org/debian {{ ansible_distribution_release }} main
    filename: jellyfin
    state: present
  become: true
 - name: Install jellyfin
  package:
    name: jellyfin
  become: true
 - name: Set media dir permissions
  cron:
    name: Set media permissions
    special_time: daily
    job: chown -R jellyfin:jellyfin /mnt/media
  become: true
--- a/ansible/roles/mastodon/tasks/main.yml
+++ b/ansible/roles/mastodon/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart mastodon
  become: true
 - name: Install media cleanup script
  template:
@ -25,7 +23,6 @@
    dest: /opt/mastodon/purge-media.sh
    mode: "0755"
    owner: "{{ docker_user.name }}"
  become: true
 - name: Schedule media cleanup
  cron:
@ -35,4 +32,3 @@
    weekday: 1
    job: /opt/mastodon/purge-media.sh
    user: "{{ me.user }}"
  become: true
--- a/ansible/roles/minio/tasks/main.yml
+++ b/ansible/roles/minio/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,4 +16,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart minio
  become: true
--- a/ansible/roles/nginx/handlers/main.yml
+++ b/ansible/roles/nginx/handlers/main.yml
@ -2,4 +2,3 @@
  service:
    name: nginx
    state: reloaded
  become: true
--- a/ansible/roles/nginx/tasks/main.yml
+++ b/ansible/roles/nginx/tasks/main.yml
@ -1,7 +1,6 @@
 - name: Install nginx
  package:
    name: nginx
  become: true
 - name: Install nginx modules
  package:
@ -11,7 +10,6 @@
    - libnginx-mod-http-brotli-filter
    - libnginx-mod-stream
  when: ansible_os_family != 'Archlinux'
  become: true
 - name: Install nginx modules (on Arch)
  kewlfft.aur.aur:
@ -20,12 +18,10 @@
    - nginx-mod-headers-more
    - nginx-mod-brotli
  when: ansible_os_family == 'Archlinux'
  become: true
 - name: Generate Diffie-Hellman parameters
  community.crypto.openssl_dhparam:
    path: /etc/nginx/dhparams.pem
  become: true
 - name: Create config directories
  file:
@ -36,7 +32,6 @@
    - http.d
    - stream.d
    - includes
  become: true
 - name: Copy config files
  template:
@ -44,7 +39,6 @@
    dest: /etc/nginx/includes/{{ item | basename }}
    mode: "0644"
  with_fileglob: files/includes/*.conf
  become: true
  notify: reload nginx
 - name: Install config
@ -52,7 +46,6 @@
    src: files/nginx.conf
    dest: /etc/nginx/nginx.conf
    mode: "0644"
  become: true
  notify: reload nginx
 - name: Install HTTPS redirect
@ -60,6 +53,5 @@
    src: files/nginx-https-redirect.conf
    dest: /etc/nginx/http.d/https-redirect.conf
    mode: "0644"
  become: true
  notify: reload nginx
  when: nginx_https_redirect
--- a/ansible/roles/ntfy/tasks/main.yml
+++ b/ansible/roles/ntfy/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,4 +16,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart ntfy
  become: true
--- a/ansible/roles/paccache/tasks/main.yml
+++ b/ansible/roles/paccache/tasks/main.yml
@ -1,18 +1,15 @@
 - name: Install Pacman utils
  package:
    name: pacman-contrib
  become: true
 - name: Create hooks directory
  file:
    path: /etc/pacman.d/hooks/
    state: directory
    mode: "0755"
  become: true
 - name: Install pacman hook
  template:
    src: files/paccache.hook
    dest: /etc/pacman.d/hooks/clean_package_cache.hook
    mode: "0644"
  become: true
--- a/ansible/roles/plausible/tasks/main.yml
+++ b/ansible/roles/plausible/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install clickhouse config
  template:
@ -15,7 +14,6 @@
    dest: /opt/plausible/docker_related_config.xml
    mode: "0644"
  notify: restart plausible
  become: true
 - name: Install clickhouse user config
  template:
@ -23,7 +21,6 @@
    dest: /opt/plausible/docker_related_user_config.xml
    mode: "0644"
  notify: restart plausible
  become: true
 - name: Install compose file
  template:
@ -33,7 +30,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart plausible
  become: true
 - name: Install nginx config
  template:
@ -41,7 +37,6 @@
    dest: /etc/nginx/http.d/plausible.conf
    mode: "0644"
  notify: reload nginx
  become: true
  vars:
    server_name: plausible.theorangeone.net elbisualp.theorangeone.net
    upstream: plausible-plausible-1.docker:8000
--- a/ansible/roles/privatebin/tasks/main.yml
+++ b/ansible/roles/privatebin/tasks/main.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -14,7 +13,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart privatebin
  become: true
 - name: Install config file
  template:
@ -23,4 +21,3 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: restart privatebin
  become: true
--- a/ansible/roles/prometheus/tasks/grafana.yml
+++ b/ansible/roles/prometheus/tasks/grafana.yml
@ -8,7 +8,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install grafana compose file
  template:
@ -18,4 +17,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart grafana
  become: true
--- a/ansible/roles/prometheus/tasks/main.yml
+++ b/ansible/roles/prometheus/tasks/main.yml
@ -17,7 +17,6 @@
      - "{{ vps_hosts.private_ipv6_range }}"
  register: routes
  changed_when: false
  become: true
 - name: Add route to private services via ingress
  command:
@ -31,5 +30,4 @@
      - "{{ pve_hosts.ingress.ipv6 }}"
      - dev
      - eth0
  become: true
  when: vps_hosts.private_ipv6_marker not in routes.stdout
--- a/ansible/roles/prometheus/tasks/prometheus.yml
+++ b/ansible/roles/prometheus/tasks/prometheus.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install prometheus config
  template:
@ -13,7 +12,6 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: reload prometheus
  become: true
 - name: Install prometheus compose file
  template:
@ -23,7 +21,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart prometheus
  become: true
 - name: Install blackbox config
  template:
@ -32,7 +29,6 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: restart prometheus
  become: true
 - name: Install alertmanager config
  template:
@ -41,7 +37,6 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: restart prometheus
  become: true
 - name: Install prometheus alert rules
  copy:
@ -50,4 +45,3 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: reload prometheus
  become: true
--- a/ansible/roles/pve_docker/tasks/calibre.yml
+++ b/ansible/roles/pve_docker/tasks/calibre.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install calibre compose file
  template:
@ -14,7 +13,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: restart calibre
  shell:
--- a/ansible/roles/pve_docker/tasks/librespeed.yml
+++ b/ansible/roles/pve_docker/tasks/librespeed.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install librespeed compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: restart librespeed
  shell:
--- a/ansible/roles/pve_docker/tasks/nextcloud.yml
+++ b/ansible/roles/pve_docker/tasks/nextcloud.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install nextcloud compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: Install nextcloud config
  template:
@ -26,7 +24,6 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  register: config_file
  become: true
 - name: Install occ script
  template:
@ -34,7 +31,6 @@
    dest: /opt/nextcloud/occ
    mode: "0755"
    owner: "{{ docker_user.name }}"
  become: true
 - name: restart nextcloud
  shell:
@ -47,4 +43,3 @@
    name: Set nextcloud data permissions
    special_time: daily
    job: chown -R {{ docker_user.name }}:{{ docker_user.name }} /mnt/tank/files/nextcloud
  become: true
--- a/ansible/roles/pve_docker/tasks/quassel.yml
+++ b/ansible/roles/pve_docker/tasks/quassel.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install quassel compose file
  template:
@ -14,7 +13,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: restart quassel
  shell:
--- a/ansible/roles/pve_docker/tasks/synapse.yml
+++ b/ansible/roles/pve_docker/tasks/synapse.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install synapse compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: Install synapse config
  template:
@ -26,7 +24,6 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  register: homeserver_config
  become: true
 - name: restart synapse
  shell:
--- a/ansible/roles/pve_docker/tasks/tt-rss.yml
+++ b/ansible/roles/pve_docker/tasks/tt-rss.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Create tt-rss plugins directory
  file:
@ -13,7 +12,6 @@
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  register: plugins_dir
  become: true
 - name: Install tt-rss compose file
  template:
@ -23,7 +21,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: Install fever plugin
  git:
@ -41,7 +38,6 @@
    owner: "{{ docker_user.name }}"
    mode: u=rwX,g=rwX,o=rX
    recurse: true
  become: true
  when: fever_plugin.changed
 - name: restart tt-rss
--- a/ansible/roles/pve_docker/tasks/wallabag.yml
+++ b/ansible/roles/pve_docker/tasks/wallabag.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install wallabag compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: restart wallabag
  shell:
--- a/ansible/roles/pve_docker/tasks/whoami.yml
+++ b/ansible/roles/pve_docker/tasks/whoami.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install whoami compose file
  template:
@ -14,7 +13,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  register: compose_file
  become: true
 - name: restart whoami
  shell:
--- a/ansible/roles/pve_tailscale_route/tasks/main.yml
+++ b/ansible/roles/pve_tailscale_route/tasks/main.yml
@ -7,7 +7,6 @@
      - "{{ tailscale_cidr }}"
  register: routes
  changed_when: false
  become: true
 - name: Add route to tailscale hosts via ingress
  command:
@ -18,5 +17,4 @@
      - "{{ tailscale_cidr }}"
      - via
      - "{{ pve_hosts.ingress.ip }}"
  become: true
  when: tailscale_cidr not in routes.stdout
--- a/ansible/roles/qbittorrent/handlers/main.yml
+++ b/ansible/roles/qbittorrent/handlers/main.yml
@ -2,10 +2,8 @@
  service:
    name: nginx
    state: reloaded
  become: true
 - name: restart qbittorrent
  service:
    name: qbittorrent-nox@{{ qbittorrent_user.name }}
    state: restarted
  become: true
--- a/ansible/roles/qbittorrent/tasks/nginx.yml
+++ b/ansible/roles/qbittorrent/tasks/nginx.yml
@ -3,5 +3,4 @@
    src: files/nginx.conf
    dest: /etc/nginx/http.d/downloads.conf
    mode: "0644"
  become: true
  notify: reload nginx
--- a/ansible/roles/qbittorrent/tasks/qbittorrent.yml
+++ b/ansible/roles/qbittorrent/tasks/qbittorrent.yml
@ -1,20 +1,17 @@
 - name: Install qbittorrent
  package:
    name: qbittorrent-nox
  become: true
 - name: Create user
  user:
    name: qbittorrent
    system: true
  become: true
  register: qbittorrent_user
 - name: Enable service
  service:
    name: qbittorrent-nox@{{ qbittorrent_user.name }}
    enabled: true
  become: true
 - name: Set configuration
  ini_file:
@ -42,5 +39,4 @@
    - {section: Preferences, option: Bittorrent\MaxConnecsPerTorrent, value: -1"}
    - {section: Preferences, option: Bittorrent\MaxUploads, value: -1"}
    - {section: Preferences, option: Bittorrent\MaxUploadsPerTorrent, value: -1"}
  become: true
  notify: restart qbittorrent
--- a/ansible/roles/renovate/tasks/main.yml
+++ b/ansible/roles/renovate/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart renovate
  become: true
 - name: Install config file
  template:
@ -26,7 +24,6 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: restart renovate
  become: true
 - name: Install custom entrypoint
  template:
@ -35,4 +32,3 @@
    mode: "0755"
    owner: "{{ docker_user.name }}"
  notify: restart renovate
  become: true
--- a/ansible/roles/restic/tasks/homeassistant.yml
+++ b/ansible/roles/restic/tasks/homeassistant.yml
@ -1,21 +1,18 @@
 - name: Install CIFS utils
  package:
    name: cifs-utils
  become: true
 - name: Create dir for CIFS mount
  file:
    path: /mnt/home-assistant
    state: directory
    mode: "0755"
  become: true
 - name: Create dir for each CIFS mount
  file:
    path: /mnt/home-assistant/{{ item }}
    state: directory
    mode: "0600"
  become: true
  loop: "{{ restic_homeassistant_mounts }}"
 - name: Create mounts
@ -25,5 +22,4 @@
    opts: username=homeassistant,password={{ vault_homeassistant_smb_password }}
    src: //{{ pve_hosts.homeassistant.ip }}/{{ item }}
    state: mounted
  become: true
  loop: "{{ restic_homeassistant_mounts }}"
--- a/ansible/roles/restic/tasks/main.yml
+++ b/ansible/roles/restic/tasks/main.yml
@ -1,19 +1,16 @@
 - name: Install restic
  package:
    name: restic
  become: true
 - name: Install runitor
  kewlfft.aur.aur:
    name: runitor-bin
  become: true
 - name: Make user
  user:
    name: restic
    shell: /bin/nologin
    system: false
  become: true
 - name: Install scripts
  template:
@ -25,7 +22,6 @@
    - backrest.sh
    - restic-backup.sh
    - restic-forget.sh
  become: true
 - name: Install includes files
  copy:
@ -33,7 +29,6 @@
    dest: /home/restic/restic-include.txt
    mode: "0644"
    owner: restic
  become: true
 - name: Install excludes files
  copy:
@ -41,7 +36,6 @@
    dest: /home/restic/restic-excludes.txt
    mode: "0644"
    owner: restic
  become: true
 - name: Set restic binary permissions
  file:
@ -49,13 +43,11 @@
    mode: "0750"
    owner: root
    group: restic
  become: true
 - name: Set cap_sys_chroot=+ep on restic
  community.general.capabilities:
    path: /usr/bin/restic
    capability: cap_dac_read_search=+ep
  become: true
 - name: Schedule backup
  cron:
@ -64,7 +56,6 @@
    minute: 0
    job: CHECK_UUID={{ vault_restic_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-backup.sh
    user: restic
  become: true
 - name: Schedule forget
  cron:
@ -74,7 +65,6 @@
    weekday: 0
    job: CHECK_UUID={{ vault_restic_forget_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-forget.sh
    user: restic
  become: true
  when: restic_forget
 - name: Install pacman post script
@ -82,7 +72,6 @@
    src: files/restic-post.sh
    dest: /usr/share/libalpm/scripts/restic-post.sh
    mode: "0700"
  become: true
  when: ansible_os_family == 'Archlinux'
 - name: Install pacman post hook
@ -90,7 +79,6 @@
    src: files/restic-post.hook
    dest: /usr/share/libalpm/hooks/restic-post.hook
    mode: "0600"
  become: true
  when: ansible_os_family == 'Archlinux'
 - name: Install HomeAssistant mounts
--- a/ansible/roles/s3_sync/tasks/main.yml
+++ b/ansible/roles/s3_sync/tasks/main.yml
@ -4,12 +4,10 @@
 - name: Install rclone
  package:
    name: rclone
  become: true
 - name: Install runitor
  kewlfft.aur.aur:
    name: runitor-bin
  become: true
 - name: Make user
  user:
@ -17,7 +15,6 @@
    shell: /bin/nologin
    system: false
  register: rclone_user
  become: true
 - name: Create config directory
  file:
@ -25,7 +22,6 @@
    state: directory
    owner: rclone
    mode: "0700"
  become: true
 - name: Install rclone config
  template:
@ -33,7 +29,6 @@
    dest: "{{ rclone_user.home }}/.config/rclone/rclone.conf"
    owner: rclone
    mode: "0600"
  become: true
 - name: Create config directory
  file:
@ -41,7 +36,6 @@
    state: directory
    owner: rclone
    mode: "0700"
  become: true
 - name: Schedule sync
  cron:
@ -50,4 +44,3 @@
    minute: 0
    job: CHECK_UUID={{ vault_healthchecks_id }} /usr/bin/runitor -- /usr/bin/rclone sync s3:0rng-terraform {{ rclone_user.home }}/sync/0rng-terraform
    user: rclone
  become: true
--- a/ansible/roles/slides/tasks/main.yml
+++ b/ansible/roles/slides/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart slides
  become: true
 - name: Create credentials
  htpasswd:
@ -30,7 +28,6 @@
  loop_control:
    label: "{{ item.user }}"
  notify: restart slides
  become: true
 - name: Install nginx config
  template:
@ -38,7 +35,6 @@
    dest: /etc/nginx/http.d/slides.conf
    mode: "0644"
  notify: reload nginx
  become: true
  vars:
    server_name: slides.jakehoward.tech
    upstream: slides-slides-1.docker:80
--- a/ansible/roles/tandoor/tasks/main.yml
+++ b/ansible/roles/tandoor/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,4 +16,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart tandoor
  become: true
--- a/ansible/roles/traefik/tasks/main.yml
+++ b/ansible/roles/traefik/tasks/main.yml
@ -5,7 +5,6 @@
  docker_network:
    name: traefik
    internal: true
  become: true
 - name: Create install directory
  file:
@ -13,7 +12,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Create config directory
  file:
@ -21,7 +19,6 @@
    state: directory
    mode: "{{ docker_compose_directory_mask }}"
    owner: "{{ docker_user.name }}"
  become: true
 - name: Create file provider directory
  file:
@ -29,7 +26,6 @@
    state: directory
    mode: "{{ docker_compose_directory_mask }}"
    owner: "{{ docker_user.name }}"
  become: true
 - name: Install compose file
  template:
@ -39,7 +35,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart traefik
  become: true
 - name: Install config
  template:
@ -50,7 +45,6 @@
    lstrip_blocks: true
    trim_blocks: true
  notify: restart traefik
  become: true
 - name: Install file provider
  template:
@ -59,7 +53,6 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: restart traefik
  become: true
 - name: Install homeassistant provider
  template:
@ -69,7 +62,6 @@
    owner: "{{ docker_user.name }}"
  notify: restart traefik
  when: traefik_provider_homeassistant
  become: true
 - name: Install jellyfin provider
  template:
@ -79,7 +71,6 @@
    owner: "{{ docker_user.name }}"
  notify: restart traefik
  when: traefik_provider_jellyfin
  become: true
 - name: Install grafana provider
  template:
@ -89,7 +80,6 @@
    owner: "{{ docker_user.name }}"
  notify: restart traefik
  when: traefik_provider_grafana
  become: true
 - name: Install uptime-kuma provider
  template:
@ -99,4 +89,3 @@
    owner: "{{ docker_user.name }}"
  notify: restart traefik
  when: traefik_provider_uptime_kuma
  become: true
--- a/ansible/roles/uptime_kuma/tasks/main.yml
+++ b/ansible/roles/uptime_kuma/tasks/main.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -14,4 +13,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart uptime-kuma
  become: true
--- a/ansible/roles/vaultwarden/tasks/main.yml
+++ b/ansible/roles/vaultwarden/tasks/main.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -14,4 +13,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart vaultwarden
  become: true
--- a/ansible/roles/vikunja/tasks/main.yml
+++ b/ansible/roles/vikunja/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,4 +16,3 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart vikunja
  become: true
--- a/ansible/roles/website/tasks/main.yml
+++ b/ansible/roles/website/tasks/main.yml
@ -7,7 +7,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -17,7 +16,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart website
  become: true
 - name: Install nginx config
  template:
@ -25,7 +23,6 @@
    dest: /etc/nginx/http.d/website.conf
    mode: "0644"
  notify: reload nginx
  become: true
  vars:
    server_name: theorangeone.net
    upstream: website-website-1.docker:8000
--- a/ansible/roles/yourls/tasks/main.yml
+++ b/ansible/roles/yourls/tasks/main.yml
@ -4,7 +4,6 @@
    state: directory
    owner: "{{ docker_user.name }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install compose file
  template:
@ -14,7 +13,6 @@
    owner: "{{ docker_user.name }}"
    validate: docker-compose -f %s config
  notify: restart yourls
  become: true
 - name: Install redirect file
  template:
@ -23,4 +21,3 @@
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: restart yourls
  become: true
--- a/ansible/roles/zfs/tasks/main.yml
+++ b/ansible/roles/zfs/tasks/main.yml
@ -3,7 +3,6 @@
    src: files/zfs-modprobe.conf
    dest: /etc/modprobe.d/zfs.conf
    mode: "0644"
  become: true
 - name: ZFS Scrub
  cron:
@ -12,14 +11,12 @@
    minute: 0
    weekday: 5
    job: zpool scrub {{ item }}
  become: true
  loop: "{{ zpools_to_scrub }}"
 - name: Give user passwordless access to ZFS commands
  lineinfile:
    path: /etc/sudoers
    line: "{{ me.user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
  become: true
 - name: Sanoid
  include_tasks: sanoid.yml
--- a/ansible/roles/zfs/tasks/sanoid.yml
+++ b/ansible/roles/zfs/tasks/sanoid.yml
@ -8,7 +8,6 @@
    - pv
    - lzop
  when: ansible_os_family == 'Archlinux'
  become: true
 - name: Install dependencies for Debian-based distros
  package:
@ -20,28 +19,24 @@
    - lzop
    - mbuffer
  when: ansible_os_family == 'Debian'
  become: true
 - name: Download
  git:
    repo: https://github.com/jimsalterjrs/sanoid.git
    dest: /opt/sanoid
    version: v2.1.0
  become: true
 - name: Create config directory
  file:
    path: /etc/sanoid
    state: directory
    mode: "0755"
  become: true
 - name: Install default config
  file:
    src: /opt/sanoid/sanoid.defaults.conf
    dest: /etc/sanoid/sanoid.defaults.conf
    state: link
  become: true
 - name: Install executables
  file:
@ -53,14 +48,12 @@
    - syncoid
    - findoid
    - sleepymutex
  become: true
 - name: Install config
  template:
    src: files/sanoid.conf
    dest: /etc/sanoid/sanoid.conf
    mode: "0755"
  become: true
 - name: Install systemd services
  file:
@ -68,7 +61,6 @@
    dest: /lib/systemd/system/{{ item }}
    state: link
  loop: "{{ sanoid_services }}"
  become: true
 - name: Enable systemd services
  systemd:
@ -76,10 +68,8 @@
    enabled: true
    masked: false
  loop: "{{ sanoid_services }}"
  become: true
 - name: Start sanoid timer
  systemd:
    name: sanoid.timer
    state: started
  become: true