Update to 2022-03-07 16:00

roles/ampache/handlers/main.yml

@@ -1,4 +1 @@
 ---
-- include: ../httpd_common/handlers/main.yml
-- include: ../httpd_php/handlers/main.yml
-...

roles/backuppc/handlers/main.yml

@@ -1,5 +1,2 @@
 ---
 
-- include: ../httpd_common/handlers/main.yml
-
-...

roles/clamav/handlers/main.yml

@@ -1,7 +1,5 @@
 ---
 
-- include: ../common/handlers/main.yml
-
 - name: restart freshclam
   service: name=freshclam state=restarted
 

roles/httpd_common/tasks/main.yml

@@ -160,5 +160,6 @@
     - users
   tags: web
 
-- include: filebeat.yml
+- include_tasks: filebeat.yml
+  tags: always
 ...

roles/iptables/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- include: install_{{ ansible_os_family }}.yml
+- include_tasks: install_{{ ansible_os_family }}.yml
+  tags: always
 
 - name: Set custom iptables rules
   iptables_raw:
@@ -31,6 +32,6 @@
   tags: firewall
 
 - name: Enable iptable service
-  service: name=iptables state=started enabled=yes
+  service: name=iptables state=started enabled=True
   when: ansible_os_family == 'RedHat'
   tags: firewall

roles/itop/tasks/main.yml

@@ -1,14 +0,0 @@
----
-
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: itop_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: archive_post.yml
-  when: itop_install_mode == 'upgrade'
-- include: write_version.yml
-- include: cleanup.yml
-- include: filebeat.yml

roles/jitsi/tasks/main.yml

@@ -1,11 +1,26 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: services.yml
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/jitsi_jibri/tasks/main.yml

@@ -1,9 +1,22 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: install.yml
-- include: conf.yml
-- include: services.yml
-- include: cleanup.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/jitsi_videobridge/tasks/main.yml

@@ -1,11 +1,26 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: services.yml
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/kanboard/tasks/main.yml

@@ -1,15 +1,31 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: kanboard_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: write_version.yml
-  when: kanboard_install_mode != 'none'
-- include: archive_post.yml
-  when: kanboard_install_mode == 'upgrade'
-- include: cleanup.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: kanboard_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: kanboard_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
 

roles/lemonldap_ng/tasks/main.yml

@@ -33,15 +33,17 @@
     - /var/cache/lemonldap-ng
   tags: web
 
-- include: "{{ llng_server }}.yml"
+- include_tasks: "{{ llng_server }}.yml"
+  tags: always
 
 - name: Deploy manager's nginx configuration
   template: src=nginx_manager.conf.j2 dest=/etc/nginx/ansible_conf.d/23-llng_manager.conf
   when: llng_manager == True and llng_server == 'nginx'
   notify: reload nginx
 
-- include: mysql.yml
+- include_tasks: mysql.yml
   when: llng_conf_backend == 'mysql'
+  tags: always
 
 - name: Deploy Lemonldap::NG main configuration
   template: src=lemonldap-ng.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng.ini group=apache mode=640

roles/mailman/tasks/main.yml

@@ -1,17 +1,41 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: mailman_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: mailman_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: archive_post.yml
-  when: mailman_install_mode == 'upgrade'
-- include: selinux.yml
-- include: services.yml
-- include: write_version.yml
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: mailman_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: selinux.yml
+  when: ansible_selinux.status == 'enabled'
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/matomo/tasks/main.yml

@@ -1,14 +0,0 @@
----
-
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: matomo_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: archive_post.yml
-  when: matomo_install_mode == 'upgrade'
-- include: write_version.yml
-- include: cleanup.yml
-

roles/matrix_ma1sd/tasks/main.yml

@@ -1,19 +1,42 @@
 ---
 
-- include: facts.yml
-- include: user.yml
-- include: directories.yml
-- include: archive_pre.yml
-  when: ma1sd_install_mode == 'upgrade'
-- include: migrate_mxisd.yml
-  when: ma1sd_mxisd_dir.stat.exists
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
-  when: iptables_manage | default(True)
-- include: service.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: ma1sd_install_mode == 'upgrade'
-- include: cleanup.yml
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: ma1sd_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: migrate_mxisd.yml
+  when: ma1sd_mxisd_dir.stat.exists | default(False)
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: service.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: ma1sd_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
 

roles/matrix_synapse/tasks/main.yml

@@ -1,17 +1,38 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: synapse_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
-  when: iptables_manage | default(True)
-- include: service.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: synapse_install_mode == 'upgrade'
-- include: cleanup.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: synapse_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: service.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: synapse_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
 

roles/maven/tasks/main.yml

@@ -1,6 +1,13 @@
 ---
 
-- include: directories.yml
-- include: facts.yml
-- include: install.yml
-- include: cleanup.yml
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/metabase/tasks/main.yml

@@ -1,16 +1,37 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: metabase_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: metabase_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: services.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: metabase_install_mode == 'upgrade'
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: metabase_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/miniflux/tasks/main.yml

@@ -1,16 +1,37 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: miniflux_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: miniflux_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: services.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: miniflux_install_mode == 'upgrade'
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: miniflux_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/mongodb_server/tasks/main.yml

@@ -1,12 +1,23 @@
 ---
 
-- include: facts.yml
-- include: install.yml
-- include: selinux.yml
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
-- include: iptables.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: conf.yml
-- include: services.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
 
 ...

roles/n8n/tasks/main.yml

@@ -1,15 +1,36 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: n8n_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
-- include: services.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: n8n_install_mode == 'upgrade'
-- include: cleanup.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: n8n_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: n8n_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/navidrome/tasks/main.yml

@@ -1,16 +1,37 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: nd_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: nd_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: services.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: nd_install_mode == 'upgrade'
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: nd_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/nginx/tasks/install.yml

@@ -1,8 +1,10 @@
 ---
 
-- include: install_openresty.yml
+- include_tasks: install_openresty.yml
   when: nginx_openresty
+  tags: always
 
-- include: install_nginx.yml
+- include_tasks: install_nginx.yml
   when: not nginx_openresty
+  tags: always
 

roles/nginx/tasks/iptables.yml

@@ -4,5 +4,4 @@
     name: nginx_ports
     state: "{{ (nginx_src_ip | length > 0) | ternary('present','absent') }}"
     rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ (nginx_ports + nginx_ssl_ports) | join(',') }} -s {{ nginx_src_ip | join(',') }} -j ACCEPT\n"
-  when: iptables_manage | default(True)
-  tags: [firewall,web]
+  tags: firewall,web

roles/nginx/tasks/main.yml

@@ -1,12 +1,35 @@
 ---
-- include: install.yml
-- include: facts.yml
-- include: ssl.yml
-- include: dir.yml
-- include: conf.yml
-- include: letsencrypt.yml
-- include: selinux.yml
-- include: iptables.yml
-- include: htpasswd.yml
-- include: service.yml
-- include: filebeat.yml
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: ssl.yml
+  tags: always
+
+- include_tasks: dir.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: letsencrypt.yml
+  tags: always
+
+- include_tasks: selinux.yml
+  when: ansible_selinux.stats == 'enabled'
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: htpasswd.yml
+  tags: always
+
+- include_tasks: service.yml
+  tags: always
+
+- include_tasks: filebeat.yml
+  tags: always

roles/nginx/tasks/selinux.yml

@@ -3,12 +3,10 @@
   seboolean: name={{ item }} state=True persistent=True
   with_items:
     - httpd_can_network_connect
-  when: ansible_selinux.status == 'enabled'
   tags: web
 
 - name: Allow nginx to bind on ports
   seport: ports={{ (nginx_ports + nginx_ssl_ports ) | join(',') }} proto=tcp setype=http_port_t state=present
-  when: ansible_selinux.status == 'enabled'
   tags: web
 
 - name: Ensure correct context on cache

roles/onlyoffice_document_server/tasks/main.yml

@@ -1,12 +1,29 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: install.yml
-- include: conf.yml
-- include: selinux.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
-- include: services.yml
-- include: write_version.yml
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/openproject/tasks/main.yml

@@ -1,8 +1,19 @@
 ---
 
-- include: directories.yml
-- include: facts.yml
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
-- include: service.yml
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  tags: always
+
+- include_tasks: service.yml
+  tags: always

roles/openxpki/tasks/main.yml

@@ -1,20 +1,43 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: pki_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: selinux.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: pki_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
-- include: pki.yml
-- include: service.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: pki_install_mode == 'upgrade'
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: pki.yml
+  tags: always
+
+- include_tasks: service.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: pki_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
 
 #### TODO #####
 # * Cron to renew at least issuing CA (and maybe Root CA later)

roles/paperless_ng/tasks/main.yml

@@ -1,18 +1,41 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: paperless_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: paperless_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: selinux.yml
+  tags: always
+
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
-- include: services.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: paperless_install_mode == 'upgrade'
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: paperless_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/patrix/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- include: install_{{ ansible_os_family }}.yml
+- include_tasks: install_{{ ansible_os_family }}.yml
+  tags: always
 
 - name: Deploy global patrix config
   template: src=patrixrc.j2 dest=/etc/patrixrc mode=640

roles/pbs/tasks/main.yml

@@ -1,6 +1,11 @@
 ---
 
-- include: install.yml
-- include: iptables.yml
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: services.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always

roles/pgadmin4/tasks/main.yml

@@ -1,11 +1,26 @@
 ---
 
-- include: facts.yml
-- include: user.yml
-- include: directories.yml
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: service.yml
-- include: write_version.yml
+  tags: always
+
+- include_tasks: service.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always

roles/phpmyadmin/tasks/main.yml

@@ -1,14 +1,31 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: pma_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: archive_post.yml
-  when: pma_install_mode == 'upgrade'
-- include: cleanup.yml
-- include: write_version.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: pma_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: pma_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
 

roles/pmg/tasks/main.yml

@@ -279,5 +279,8 @@
     - pmg_pop_ports
   tags: pmg,firewall
 
-- include: filebeat.yml
-- include: cleanup.yml
+- include_tasks: filebeat.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/postgresql_exporter/tasks/main.yml

@@ -1,15 +1,34 @@
 ---
 
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: pg_exporter_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: pg_exporter_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: service.yml
-- include: archive_post.yml
-  when: pg_exporter_install_mode == 'upgrade'
-- include: write_version.yml
-- include: cleanup.yml
+  tags: always
+
+- include_tasks: service.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: pg_exporter_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/prosody/tasks/main.yml

@@ -1,8 +1,19 @@
 ---
 
-- include: directories.yml
-- include: install.yml
-- include: facts.yml
-- include: conf.yml
-- include: iptables.yml
-- include: service.yml
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  tags: always
+
+- include_tasks: service.yml
+  tags: always

roles/pve/defaults/main.yml

@@ -23,8 +23,6 @@ pve_wan_bridge: vmbr1
 # This is not needed if the wan bridge has the same MAC addr on every node
 pve_migrate_flush_arp: True
 
-pve_ovh: False
-
 pve_cluster_vhosts: []
 # pve_cluster_vhosts:
 #   - pve.example.net

roles/pve/tasks/facts.yml

@@ -1,6 +1,7 @@
 ---
 
-  # The module is unavailable
+# The module is unavailable in PVE >= 6
+# as it's built in the kernel
 - name: Do not load nf_conntrack_proto_gre for PVE6
   set_fact: pve_mod_to_load={{ pve_mod_to_load | difference(['nf_conntrack_proto_gre']) }}
   when: ansible_distribution_major_version | int >= 10

roles/pve/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- include: facts.yml
+- include_tasks: facts.yml
+  tags: always
 
 - name: Install tools
   apt:
@@ -10,76 +11,94 @@
       - openvswitch-switch
       - ethtool
       - patch
+  tags: pve
 
 - name: Deploy vzdump config
   template: src=vzdump.conf.j2 dest=/etc/vzdump.conf
+  tags: pve
 
 - name: Deploy ksm configuration
   template: src=ksmtuned.conf.j2 dest=/etc/ksmtuned.conf
   notify: restart ksmtuned
+  tags: pve
 
 - name: Handle ksm services
   service: name=ksmtuned state={{ pve_ksm | ternary('started','stopped') }} enabled={{ pve_ksm | ternary(True,False) }}
+  tags: pve
 
 - name: Configure modules to load
   copy: content={{ pve_mod_to_load | join("\n") }} dest=/etc/modules-load.d/firewall.conf
   register: pve_modules
+  tags: pve
 
 - name: Load modules
   service: name=systemd-modules-load state=restarted
   when: pve_modules.changed
+  tags: pve
 
 - name: Enable ocfs2 support
   set_fact: pve_ocfs2=True
   when: fstab | default([]) | selectattr('fstype','equalto','ocfs2') | list | length > 0
+  tags: pve
 
 - name: Install ocfs2 support
   apt: name=ocfs2-tools state=present
   when: pve_ocfs2 == True
+  tags: pve
 
 - name: Check proxmox cluster status
   command: pvesh get /cluster/status --output-format=json
   register: pve_cluster_status_1
   ignore_errors: True
   changed_when: False
+  tags: pve
 
 - name: Parse proxmox cluster status
   set_fact: pve_cluster={{ pve_cluster_status_1.stdout | from_json }}
   when: pve_cluster_status_1.rc == 0
+  tags: pve
 
 - name: Check proxmox cluster status (old pvesh)
   command: pvesh get /cluster/status
   when: pve_cluster_status_1.rc != 0
   register: pve_cluster_status_2
   changed_when: False
+  tags: pve
 
 - name: Parse proxmox cluster status (old pvesh)
   set_fact: pve_cluster={{ pve_cluster_status_2.stdout | from_json }}
   when: pve_cluster_status_1.rc != 0
+  tags: pve
 
 - name: Deploy ocfs2 config
   template: src=ocfs2.conf.j2 dest=/etc/ocfs2/cluster.conf
   when: pve_ocfs2 == True
   notify: restart o2cb
+  tags: pve
 
 - name: Deploy o2cb conf
   template: src=o2cb.j2 dest=/etc/default/o2cb
   when: pve_ocfs2 == True
+  tags: pve
 
 - name: Handle o2cb service
   service: name=o2cb state=started enabled=True
   when: pve_ocfs2 == True
+  tags: pve
 
 - name: Deploy the unlock_dev script
   copy: src=unlock_dev dest=/usr/local/bin/unlock_dev mode=755
+  tags: pve
 
 - name: Check if the old hookd daemon is installed
   stat: path=/usr/local/bin/pve-hookd
   register: pve_old_hookd
+  tags: pve
 
 - name: Stop the old hookd daemon
   service: name=pve-hookd state=stopped
   when: pve_old_hookd.stat.exists
+  tags: pve
 
 - name: Remove the old hook daemon
   file: path={{ item }} state=absent
@@ -90,32 +109,35 @@
     - /etc/tmpfiles.d/pve-container-hooks.conf
     - /etc/systemd/system/pve-container@.service.d/pve-container-hooks.conf
     - /var/run/lxc/active
+  tags: pve
 
 - name: Reload systemd
   command: systemctl daemon-reload
   when: pve_old_hookd.stat.exists
+  tags: pve
 
 - include_tasks: pve_online.yml
   when: pve_online == True
-
-- include_tasks: ovh.yml
-  when: pve_ovh == True
+  tags: always
 
 - name: Create backup dir
   file: path=/home/lbkp/pve state=directory
+  tags: pve
 
 - name: Install pre and post backup scripts
   copy: src={{ item.src }} dest=/etc/backup/{{ item.type }}.d/{{ item.src }} mode=755
-  with_items:
+  loop:
     - src: pve_dump
       type: pre
     - src: pve_rm_dump
       type: post
+  tags: pve
 
 - name: Remove registration nag
   patch: src=remove_nag.patch dest=/usr/share/perl5/PVE/API2/Subscription.pm
   ignore_errors: True # Don't fail on old PVE where the patch doesn't apply
   notify: restart pveproxy
+  tags: pve
 
 - name: Rise limits for containers
   pam_limits:
@@ -123,25 +145,29 @@
     limit_type: "{{ item.type }}"
     limit_item: nofile
     value: "{{ item.value }}"
-  with_items:
+  loop:
     - type: soft
       value: 65000
     - type: hard
       value: 65535
+  tags: pve
 
 - name: Rise inotify instances
   sysctl:
     name: fs.inotify.max_user_instances
     value: 1024
     sysctl_file: /etc/sysctl.d/ansible.conf
+  tags: pve
 
 - name: Ensure dehydrated hook dir exists
   file: path=/etc/dehydrated/hooks_deploy_cert.d/ state=directory
+  tags: pve,ssl
 
 - name: Deploy dehydrated hook
   template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/20pve.sh mode=755
+  tags: pve,ssl
 
-  # See https://bugzilla.proxmox.com/show_bug.cgi?id=2326 why
+# See https://bugzilla.proxmox.com/show_bug.cgi?id=2326 why
 - name: Create corosync override directory
   file: path=/etc/systemd/system/corosync.service.d/ state=directory
   tags: pve
@@ -161,5 +187,8 @@
   when: pve_corosync_unit.changed
   tags: pve
 
-- include: zabbix.yml
-- include: filebeat.yml
+- include_tasks: zabbix.yml
+  tags: always
+
+- include_tasks: filebeat.yml
+  tags: always

roles/pve/tasks/ovh.yml

@@ -1,6 +0,0 @@
----
-
-- name: Add vrack routing table
-  copy:
-    content: "1 vrack"
-    dest: /etc/iproute2/rt_tables.d/ovh.conf

roles/pve/tasks/pve_online.yml

@@ -8,31 +8,40 @@
       - libarray-diff-perl
       - libdata-validate-ip-perl
       - liblogger-syslog-perl
+  tags: pve
 
 - name: Deploy Online.net integration script
   copy: src=pve-online dest=/usr/local/bin/pve-online mode=755
+  tags: pve
 
 - name: Deploy Online.net integration conf
   template: src=pve-online.conf.j2 dest=/etc/pve-online.conf mode=600
+  tags: pve
 
 - name: Create hook directory on local storage
   file: path=/var/lib/vz/snippets state=directory
+  tags: pve
 
 - name: Deploy Online hook
   copy: src=online_hook.pl dest=/var/lib/vz/snippets/online_hook.pl mode=755
+  tags: pve
 
 - name: Ensure /etc/systemd/system/ exists
   file: path=/etc/systemd/system/ state=directory
+  tags: pve
 
 - name: Disable pve-online-gre service
   service: name=pve-online-gre state=stopped enabled=False
   failed_when: False
+  tags: pve
 
 - name: Remove pve-online-gre service unit
   file: path=/etc/systemd/system/pve-online-gre.service state=absent
   register: pve_gre_unit
+  tags: pve
 
 - name: Reload systemd
   systemd: daemon_reload=True
   when: pve_gre_unit.changed
+  tags: pve
 

roles/unmaintained/itop/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: itop_install_mode | dfefault('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: itop_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
+
+- include_tasks: filebeat.yml
+  tags: always

roles/unmaintained/matomo/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: matomo_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: matomo_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
+