Run more values through truthy/falsy to force evaluation as true/false

Ref: https://www.trueneutral.eu/2019/ansible-truthy-filter.html
kyl191 · Dec 24, 2024 · 3557e18 · 3557e18
1 parent 4489d8e
commit 3557e18
Show file tree

Hide file tree

Showing 9 changed files with 35 additions and 35 deletions.
diff --git a/tasks/client_keys.yml b/tasks/client_keys.yml
@@ -79,6 +79,6 @@
     src: "{{ openvpn_ovpn_dir }}/{{ item }}-{{ inventory_hostname }}.ovpn"
     dest: "{{ openvpn_fetch_client_configs_dir }}/{{ item }}/{{ inventory_hostname }}{{ openvpn_fetch_client_configs_suffix }}.ovpn"
     flat: true
-  when: openvpn_fetch_client_configs
+  when: openvpn_fetch_client_configs is truthy
   with_items:
     - "{{ clients }}"
diff --git a/tasks/config.yml b/tasks/config.yml
@@ -42,13 +42,13 @@
     path: "{{ openvpn_base_dir }}/auth"
     state: directory
     mode: "0755"
-  when: openvpn_use_ldap
+  when: openvpn_use_ldap is truthy
 
 - name: Delete auth folder in openvpn dir
   ansible.builtin.file:
     path: "{{ openvpn_base_dir }}/auth"
     state: absent
-  when: not openvpn_use_ldap
+  when: openvpn_use_ldap is falsy
 
 - name: Install LDAP config
   ansible.builtin.template:
@@ -57,7 +57,7 @@
     owner: "{{ openvpn_conf_user }}"
     group: "{{ openvpn_conf_group }}"
     mode: "0644"
-  when: openvpn_use_ldap
+  when: openvpn_use_ldap is truthy
 
 - name: Create log directory
   ansible.builtin.file:
@@ -73,7 +73,7 @@
     owner: "{{ openvpn_conf_user }}"
     group: "{{ openvpn_conf_group }}"
     mode: "0400"
-  when: openvpn_use_logrotate
+  when: openvpn_use_logrotate is truthy
 
 - name: Create client config directory
   ansible.builtin.file:
@@ -82,7 +82,7 @@
     owner: "{{ openvpn_conf_user }}"
     group: "{{ openvpn_conf_group }}"
     mode: "0755"
-  when: openvpn_client_config
+  when: openvpn_client_config is truthy
 
 - name: Create client configs
   ansible.builtin.template:
@@ -91,29 +91,29 @@
     owner: "{{ openvpn_conf_user }}"
     group: "{{ openvpn_conf_group }}"
     mode: "0644"
-  when: openvpn_client_config
+  when: openvpn_client_config is truthy
   with_dict: "{{ openvpn_client_configs }}"
 
 - name: List client config directory
   ansible.builtin.command: "ls -1 {{ openvpn_base_dir }}/{{ openvpn_client_config_dir }}"
   register: __ccd_contents
   changed_when: false
-  when: openvpn_client_config
+  when: openvpn_client_config is truthy
 
 - name: Delete undeclared configs in client config directory
   ansible.builtin.file:
     path: "{{ openvpn_base_dir }}/{{ openvpn_client_config_dir }}/{{ item }}"
     state: absent
   when:
-    - item not in openvpn_client_configs.keys() | list
-    - openvpn_client_config
+    - item not in (openvpn_client_configs.keys() | list)
+    - openvpn_client_config is truthy
   with_items: "{{ __ccd_contents.stdout_lines | default([]) }}"
 
 - name: Delete client config directory
   ansible.builtin.file:
     path: "{{ openvpn_base_dir }}/{{ openvpn_client_config_dir }}"
     state: absent
-  when: not openvpn_client_config
+  when: openvpn_client_config is falsy
 
 - name: Setup openvpn auto-start & start
   ansible.builtin.service:

diff --git a/tasks/firewall/iptables.yml b/tasks/firewall/iptables.yml
@@ -70,7 +70,7 @@
     jump: SNAT
     action: insert
     comment: "Perform NAT readdressing"
-  when: not openvpn_masquerade_not_snat and not openvpn_no_nat
+  when: openvpn_masquerade_not_snat is falsy and openvpn_no_nat is falsy
   notify: "Save iptables"
 
 - name: Perform NAT readdressing with MASQUERADE - iptables
@@ -82,13 +82,13 @@
     jump: MASQUERADE
     action: insert
     comment: "Perform NAT readdressing"
-  when: openvpn_masquerade_not_snat and not openvpn_no_nat
+  when: openvpn_masquerade_not_snat is truthy and openvpn_no_nat is falsy
   notify:
     - Save iptables
 
 - name: Save existing iptables rule before start iptables service
   ansible.builtin.shell: "{{ iptables_save_command }}" # noqa command-instead-of-shell
-  when: __iptables_installed.changed | bool # noqa no-handler
+  when: __iptables_installed.changed is truthy # noqa no-handler
   changed_when: true
 
 - name: Enable iptables

diff --git a/tasks/firewall/ufw.yml b/tasks/firewall/ufw.yml
@@ -41,7 +41,7 @@
       :POSTROUTING ACCEPT [0:0]
       -A POSTROUTING -s {{ openvpn_server_network }}/24 ! -d {{ openvpn_server_network }}/24 -j SNAT --to-source {{ openvpn_lan_source_ip }}
       COMMIT
-  when: not openvpn_masquerade_not_snat
+  when: openvpn_masquerade_not_snat is falsy
   notify:
     - Restart ufw
 
@@ -56,6 +56,6 @@
       :POSTROUTING ACCEPT [0:0]
       -A POSTROUTING -s {{ openvpn_server_network }}/24 ! -d {{ openvpn_server_network }}/24  -j MASQUERADE
       COMMIT
-  when: openvpn_masquerade_not_snat
+  when: openvpn_masquerade_not_snat is truthy
   notify:
     - Restart ufw
diff --git a/tasks/install.yml b/tasks/install.yml
@@ -43,8 +43,8 @@
     name: "{{ openvpn_ldap_plugin_package_name }}"
     state: present
   when:
-    - openvpn_use_ldap
-    - openvpn_use_prebuilt_ldap_plugin
+    - openvpn_use_ldap is truthy
+    - openvpn_use_prebuilt_ldap_plugin is truthy
 
 # RHEL has the group 'nobody', 'Debian/Ubuntu' have 'nogroup'
 # standardize on 'nogroup'

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -9,7 +9,7 @@
 
 - name: Uninstall OpenVPN
   ansible.builtin.import_tasks: uninstall.yml
-  when: openvpn_uninstall
+  when: openvpn_uninstall is truthy
 
 - name: Install OpenVPN
   ansible.builtin.import_tasks: install.yml
@@ -23,18 +23,18 @@
   ansible.posix.sysctl:
     name: net.ipv4.ip_forward
     value: "1"
-  when: not (ci_build|bool)
+  when: ci_build is falsy
 
 - name: Enable ipv6 forwarding
   ansible.posix.sysctl:
     name: net.ipv6.conf.all.forwarding
     value: "1"
-  when: openvpn_server_ipv6_network is defined and not (ci_build|bool)
+  when: openvpn_server_ipv6_network is defined and ci_build is falsy
 
 - name: Detect firewall type
   ansible.builtin.import_tasks: firewall/firewall.yml
   when:
-    - not (ci_build|bool)
+    - ci_build is falsy
     - manage_firewall_rules
   tags:
     - firewall
@@ -46,7 +46,7 @@
 
 - name: Compare existing certs against 'clients' variable
   ansible.builtin.import_tasks: cert_sync_detection.yml
-  when: openvpn_sync_certs
+  when: openvpn_sync_certs is truthy
   tags:
     - sync_certs
 
@@ -61,7 +61,7 @@
   when: >-
     (openvpn_revoke_these_certs is defined)
     or
-    (openvpn_sync_certs and cert_sync_certs_to_revoke.stdout_lines | length > 0)
+    (openvpn_sync_certs is truthy and cert_sync_certs_to_revoke.stdout_lines | length > 0)
 
 - name: Configure OpenVPN server
   ansible.builtin.import_tasks: config.yml
diff --git a/tasks/uninstall.yml b/tasks/uninstall.yml
@@ -24,7 +24,7 @@
   ansible.builtin.package:
     name: "{{ openvpn_ldap_plugin_package_name }}"
     state: absent
-  when: openvpn_use_ldap
+  when: openvpn_use_ldap is truthy
 
 - name: Terminate playbook
   ansible.builtin.fail:

diff --git a/templates/client.ovpn.j2 b/templates/client.ovpn.j2
@@ -59,6 +59,6 @@ key-direction 1
 {{ item.1.content|b64decode }}
 </key>
 
-{% if openvpn_verify_cn|bool %}
+{% if openvpn_verify_cn is truthy %}
 verify-x509-name OpenVPN-Server-{{ inventory_hostname[:49] }} name
 {% endif %}
diff --git a/templates/server.conf.j2 b/templates/server.conf.j2
@@ -18,7 +18,7 @@ dh {{ openvpn_key_dir }}/dh.pem
 {% if openvpn_crl_path is defined %}
 crl-verify {{ openvpn_crl_path }}
 {% endif %}
-{% if openvpn_use_crl|bool %}
+{% if openvpn_use_crl is truthy %}
 crl-verify {{ openvpn_key_dir }}/ca-crl.pem
 {% endif %}
 {% if tls_auth_required %}
@@ -32,17 +32,17 @@ data-ciphers {{ openvpn_cipher }}
 {% if openvpn_tun_mtu %}
 tun-mtu {{ openvpn_tun_mtu }}
 {% endif %}
-{% if openvpn_use_hardened_tls|bool %}
+{% if openvpn_use_hardened_tls is truthy %}
 tls-version-min 1.2
 {% endif %}
 {# Using Mozilla's modern cipher list + DHE for older clients #}
-{% if openvpn_use_modern_tls|bool %}
+{% if openvpn_use_modern_tls is truthy %}
 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
 {% endif %}
-{% if openvpn_duplicate_cn|bool %}
+{% if openvpn_duplicate_cn is truthy %}
 duplicate-cn
 {% endif %}
-{% if openvpn_client_to_client|bool %}
+{% if openvpn_client_to_client is truthy %}
 client-to-client
 {% endif %}
 
@@ -58,7 +58,7 @@ ifconfig-pool-persist {{ openvpn_ifconfig_pool_persist_file }}
 client-config-dir {{ openvpn_client_config_dir }}
 {% endif %}
 
-{% if openvpn_redirect_gateway|bool %}
+{% if openvpn_redirect_gateway is truthy %}
 push "redirect-gateway def1 bypass-dhcp"
 {% endif %}
 {% if openvpn_set_dns and openvpn_custom_dns|length > 0%}
@@ -94,19 +94,19 @@ syslog openvpn
 {% endif %}
 verb 3
 
-{% if openvpn_verify_cn|bool %}
+{% if openvpn_verify_cn is truthy %}
 verify-x509-name OpenVPN-Client-{{ inventory_hostname[:24] }} name-prefix
 remote-cert-tls client
 {% endif %}
 
-{% if openvpn_enable_management|bool %}
+{% if openvpn_enable_management is truthy %}
 management {{ openvpn_management_bind }}
 {% if openvpn_management_client_user %}
 management-client-user {{ openvpn_management_client_user }}
 {% endif %}
 {% endif %}
 
-{% if openvpn_use_ldap|bool %}
+{% if openvpn_use_ldap is truthy %}
 ### LDAP AUTH ###
 {% if ansible_os_family == 'Debian' %}
 plugin /usr/lib/openvpn/openvpn-auth-ldap.so "{{ openvpn_base_dir }}/auth/ldap.conf"