foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix "Forbidden implicit octal value" lint errors

Browse source
This commit is contained in:
Timo Makinen 2023-10-12 19:14:54 +00:00
parent 1e973b3dde
commit 86d076ebc6
75 changed files with 227 additions and 227 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/ansible_host/tasks/main.yml
View file

@ -15,7 +15,7 @@
path: /export/private
owner: root
group: root
mode: 0700
mode: "0700"
state: directory
- name: Link private directory
@ -52,7 +52,7 @@
ansible.builtin.copy:
src: nginx.conf
dest: /etc/nginx/conf.d/{{ inventory_hostname }}/ansible.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx
@ -63,4 +63,4 @@
src: root-bashrc.sh
owner: root
group: "{{ ansible_wheel }}"
mode: 0600
mode: "0600"

6
roles/apache/tasks/main.yml
View file

@ -40,7 +40,7 @@
ansible.builtin.file:
state: directory
path: "{{ item }}"
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
seuser: _default
@ -54,7 +54,7 @@
ansible.builtin.template:
src: ssl.conf.j2
dest: /etc/httpd/conf.local.d/ssl.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart apache
@ -63,7 +63,7 @@
ansible.builtin.template:
src: site.conf.j2
dest: "/etc/httpd/conf.local.d/{{ inventory_hostname }}.conf"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart apache

4
roles/authcheck/tasks/main.yml
View file

@ -22,7 +22,7 @@
ansible.builtin.template:
dest: /etc/systemd/system/authcheck-container.service
src: authcheck-container.service.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -39,7 +39,7 @@
location /authcheck {
proxy_pass http://127.0.0.1:8003/;
}
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx

6
roles/autofs/tasks/main.yml
View file

@ -34,7 +34,7 @@
ansible.builtin.template:
dest: /etc/autofs_ldap_auth.conf
src: autofs_ldap_auth.conf.j2
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart autofs
@ -43,7 +43,7 @@
ansible.builtin.template:
dest: /etc/auto.master
src: auto.master.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart autofs
@ -74,7 +74,7 @@
ansible.builtin.copy:
dest: "/etc/profile.d/{{ item }}"
src: "{{ item }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
with_items:

6
roles/backup_server/tasks/main.yml
View file

@ -26,7 +26,7 @@
ansible.builtin.file:
path: /export/backup
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -43,7 +43,7 @@
ansible.builtin.file:
path: /export/backup/bitbucket.org
state: directory
mode: 0775
mode: "0775"
owner: root
group: backup
@ -51,7 +51,7 @@
ansible.builtin.copy:
dest: /usr/local/sbin/backup-bitbucket
src: backup-bitbucket.py
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

8
roles/base/tasks/OpenBSD.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.copy:
dest: /etc/myname
content: "{{ inventory_hostname }}\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -11,7 +11,7 @@
ansible.builtin.copy:
dest: /etc/installurl
content: "https://mirrors.foo.sh/openbsd/\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
when: ansible_datacenter == "home"
@ -30,7 +30,7 @@
ansible.builtin.copy:
dest: "{{ item }}"
content: "VERBOSESTATUS=0\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
with_items:
@ -53,7 +53,7 @@
ansible.builtin.file:
name: /srv
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

2
roles/base/tasks/RedHat.yml
View file

@ -122,7 +122,7 @@
ansible.builtin.copy:
dest: /etc/profile.d/history.sh
content: 'export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "'
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

6
roles/base/tasks/main.yml
View file

@ -2,7 +2,7 @@
- name: Setup ansible custom facts
ansible.builtin.file:
dest: "{{ item }}"
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
state: directory
@ -20,7 +20,7 @@
else
echo "false"
fi
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -36,7 +36,7 @@
ansible.builtin.copy:
content: "\n"
dest: "/etc/at.allow"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"

6
roles/certbot/tasks/main.yml
View file

@ -30,7 +30,7 @@
path: /srv/web/certbot.home.foo.sh/.well-known
owner: root
group: "{{ ansible_wheel }}"
mode: 0755
mode: "0755"
state: directory
- name: Create certbot directories
@ -38,7 +38,7 @@
path: "{{ item }}"
owner: root
group: certbot
mode: 0775
mode: "0775"
state: directory
with_items:
- /srv/web/certbot.home.foo.sh/.well-known/acme-challenge
@ -57,7 +57,7 @@
ansible.builtin.copy:
dest: /etc/letsencrypt/cli.ini
src: cli.ini
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

2
roles/clamav/tasks/main.yml
View file

@ -12,7 +12,7 @@
ansible.builtin.copy:
dest: /etc/tmpfiles.d/clamd.scan.conf
content: "d /run/clamd.scan 711 clamscan clamscan"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Refresh clamd socket directory

24
roles/collab/tasks/main.yml
View file

@ -27,7 +27,7 @@
ansible.builtin.get_url:
url: "https://static.moinmo.in/files/moin-{{ moin_version }}.tar.gz"
dest: "{{ srcdir }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
checksum: sha1:3eb13b4730bd97259a41c4cd500f8433778ff8cf
@ -57,7 +57,7 @@
ansible.builtin.copy:
src: foosh.py
dest: "{{ srcdir }}/collabbackend/collabbackend/plugin/theme/foosh.py"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -114,14 +114,14 @@
ansible.builtin.copy:
content: "umask 077\n"
dest: /var/lib/collab/.profile
mode: 0440
mode: "0440"
owner: collab
group: collab
- name: Create config directories
ansible.builtin.file:
path: "{{ item }}"
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
state: directory
@ -133,7 +133,7 @@
ansible.builtin.copy:
src: collab.ini
dest: /etc/local/collab/collab.ini
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -145,7 +145,7 @@
- name: Create data directory
ansible.builtin.file:
path: /export/wikis
mode: 0755
mode: "0755"
owner: root
group: root
seuser: _default
@ -162,7 +162,7 @@
ansible.builtin.file:
path: /srv/wikis/collab
state: directory
mode: 0750
mode: "0750"
owner: root
group: collab
@ -170,7 +170,7 @@
ansible.builtin.file:
state: directory
path: "{{ item }}"
mode: 02770
mode: "02770"
owner: collab
group: collab
with_items:
@ -196,7 +196,7 @@
ansible.builtin.copy:
src: collab-htaccess
dest: collab-htaccess
mode: 0660
mode: "0660"
owner: collab
group: collab
@ -204,7 +204,7 @@
ansible.builtin.copy:
src: "{{ srcdir }}/collabbackend/config/{{ item }}"
dest: /srv/wikis/collab/config/{{ item }}
mode: 0660
mode: "0660"
owner: collab
group: collab
seuser: _default
@ -220,7 +220,7 @@
ansible.builtin.copy:
src: "{{ srcdir }}/collabbackend/packages/CollabBase.zip"
dest: /var/lib/collab/CollabBase.zip
mode: 0660
mode: "0660"
owner: collab
group: collab
remote_src: true
@ -265,7 +265,7 @@
ansible.builtin.template:
src: collab.conf.j2
dest: /etc/httpd/conf.local.d/collab.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart apache

2
roles/dhcpd/tasks/main.yml
View file

@ -11,7 +11,7 @@
ansible.builtin.template:
dest: "{{ dhcpd_config }}"
src: "{{ dhcpd_template | default('dhcpd.conf.j2') }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
# validate: "dhcpd -t -cf %s"

2
roles/dhparams/tasks/main.yml
View file

@ -4,6 +4,6 @@
ansible.builtin.copy:
dest: "{{ tls_certs }}/ffdhe3072.pem"
src: ffdhe3072.pem
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

6
roles/docker/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.get_url:
url: "https://download.docker.com/linux/{{ docker_osname }}/docker-ce.repo"
dest: /etc/yum.repos.d/docker-ce.repo
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -22,7 +22,7 @@
ansible.builtin.file:
path: /etc/docker
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -30,7 +30,7 @@
ansible.builtin.copy:
dest: /etc/docker/daemon.json
src: daemon.json
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart docker

10
roles/docker_distribution/tasks/main.yml
View file

@ -24,7 +24,7 @@
ansible.builtin.file:
path: /etc/systemd/system/docker-distribution.service.d
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -32,7 +32,7 @@
ansible.builtin.copy:
dest: /etc/systemd/system/docker-distribution.service.d/user.conf
src: user.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart docker-distribution
@ -41,7 +41,7 @@
ansible.builtin.template:
dest: /etc/docker-distribution/registry/config.yml
src: config.yml.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart docker-distribution
@ -50,7 +50,7 @@
ansible.builtin.file:
path: /srv/registry/docker
state: directory
mode: 0770
mode: "0770"
owner: root
group: docker
@ -58,7 +58,7 @@
ansible.builtin.copy:
dest: /etc/docker-distribution/registry/htpasswd
src: "{{ htpasswd }}"
mode: 0640
mode: "0640"
owner: root
group: docker
when: htpasswd is defined

8
roles/dovecot/tasks/main.yml
View file

@ -17,7 +17,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/{{ mail_server }}.key"
src: "{{ item }}"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
@ -30,7 +30,7 @@
ansible.builtin.copy:
dest: "{{ tls_certs }}/{{ mail_server }}-fullchain.crt"
src: "{{ item }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
@ -43,7 +43,7 @@
ansible.builtin.template:
dest: /etc/dovecot/conf.d/99-local.conf
src: local.conf.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
validate: doveconf -n %s
@ -58,7 +58,7 @@
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
setype: _default

10
roles/git_server/tasks/main.yml
View file

@ -17,7 +17,7 @@
ansible.builtin.file:
path: /export/git
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -33,7 +33,7 @@
ansible.builtin.copy:
dest: /etc/gitweb.conf
src: gitweb.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -41,7 +41,7 @@
ansible.builtin.copy:
dest: /var/www/git/robots.txt
content: "User-agent: *\nDisallow:\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -49,7 +49,7 @@
ansible.builtin.copy:
dest: "/var/www/git/static/{{ item }}"
src: "{{ item }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
with_items:
@ -60,7 +60,7 @@
ansible.builtin.copy:
dest: /etc/httpd/conf.local.d/git.conf
src: git.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart apache

2
roles/gitea_runner/tasks/main.yml
View file

@ -47,7 +47,7 @@
ansible.builtin.copy:
dest: /var/lib/act_runner/.runner
src: "/srv/private/files/act_runner/{{ inventory_hostname }}.conf"
mode: 0640
mode: "0640"
owner: root
group: act_runner
notify: Restart act_runner

10
roles/grafana/tasks/main.yml
View file

@ -14,7 +14,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/grafana.key"
src: "{{ tls_private }}/{{ inventory_hostname }}.key"
mode: 0640
mode: "0640"
owner: root
group: grafana
remote_src: true
@ -23,7 +23,7 @@
ansible.builtin.template:
dest: /etc/sysconfig/grafana-container
src: grafana-container.sysconfig.j2
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart grafana
@ -32,7 +32,7 @@
ansible.builtin.template:
dest: /etc/systemd/system/grafana-container.service
src: grafana-container.service.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart grafana
@ -41,7 +41,7 @@
ansible.builtin.template:
dest: /etc/grafana-ldap.toml
src: grafana-ldap.toml.j2
mode: 0640
mode: "0640"
owner: root
group: grafana
notify: Restart grafana
@ -60,7 +60,7 @@
proxy_set_header Host noc.foo.sh;
proxy_pass http://localhost:8002/;
}
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx

4
roles/grossd/tasks/main.yml
View file

@ -8,7 +8,7 @@
ansible.builtin.file:
path: /var/db/grossd
state: directory
mode: 0750
mode: "0750"
owner: gross
group: "{{ ansible_wheel }}"
@ -16,7 +16,7 @@
ansible.builtin.copy:
dest: /etc/grossd.conf
src: grossd.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart grossd

12
roles/homeassistant/tasks/main.yml
View file

@ -28,7 +28,7 @@
ansible.builtin.copy:
dest: /usr/local/share/selinux/homeassistant-local.pp
src: homeassistant-local.pp
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -59,7 +59,7 @@
ansible.builtin.file:
path: /export/homeassistant
state: directory
mode: 0700
mode: "0700"
owner: ha
group: ha
setype: _default
@ -77,7 +77,7 @@
ansible.builtin.copy:
dest: /srv/homeassistant/auth-command.sh
src: auth-command.sh
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
setype: _default
@ -86,7 +86,7 @@
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
setype: _default
@ -117,7 +117,7 @@
ansible.builtin.template:
dest: /etc/systemd/system/homeassistant-container.service
src: homeassistant-container.service.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart homeassistant
@ -135,7 +135,7 @@
location / {
proxy_pass http://127.0.0.1:8001;
}
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx

2
roles/ifstated/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.template:
dest: /etc/ifstated.conf
src: "{{ ifstated_config }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
# validate: "ifstated -n -f %s"

8
roles/influxdb/tasks/main.yml
View file

@ -38,7 +38,7 @@
ansible.builtin.file:
path: /etc/logrotate.d/influxdb
state: file
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -46,7 +46,7 @@
ansible.builtin.file:
path: /export/influxdb
state: directory
mode: 0750
mode: "0750"
owner: influxdb
group: influxdb
@ -63,7 +63,7 @@
ansible.builtin.copy:
dest: /etc/influxdb/config.toml
src: config.toml
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart influxdb
@ -87,7 +87,7 @@
location / {
proxy_pass http://127.0.0.1:8086/;
}
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx

2
roles/iptables/tasks/main.yml
View file

@ -16,7 +16,7 @@
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/sysconfig/{{ item }}"
mode: 0600
mode: "0600"
owner: root
group: root
notify: "Reload {{ item }}"

2
roles/kadmin/tasks/main.yml
View file

@ -11,7 +11,7 @@
ansible.builtin.template:
dest: /var/kerberos/krb5kdc/kdc.conf
src: kdc.conf.j2
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"

6
roles/kdc/tasks/main.yml
View file

@ -22,7 +22,7 @@
ansible.builtin.template:
dest: /etc/sysconfig/kdc-container
src: kdc-container.sysconfig.j2
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
@ -30,7 +30,7 @@
ansible.builtin.copy:
dest: /etc/systemd/system/kdc-container.service
src: kdc-container.service
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -47,7 +47,7 @@
location /KdcProxy {
proxy_pass http://127.0.0.1:8001;
}
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx

4
roles/kvm_host/tasks/main.yml
View file

@ -7,7 +7,7 @@
blacklist bluetooth
blacklist btintel
blacklist btusb
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -29,7 +29,7 @@
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0770
mode: "0770"
owner: root
group: qemu
with_items:

2
roles/ldap_gravatar/tasks/main.yml
View file

@ -11,7 +11,7 @@
ansible.builtin.copy:
src: gravatar-update.py
dest: /usr/local/sbin/gravatar-update
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

2
roles/ldap_netdb/tasks/main.yml
View file

@ -12,7 +12,7 @@
ansible.builtin.copy:
src: netdb-update.py
dest: /usr/local/sbin/netdb-update
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

30
roles/ldap_server/tasks/main.yml
View file

@ -39,7 +39,7 @@
ansible.builtin.file:
path: "{{ ldap_datadir }}"
state: directory
mode: 0700
mode: "0700"
owner: ldap
group: ldap
seuser: _default
@ -67,7 +67,7 @@
ansible.builtin.file:
path: "{{ ldap_backupdir }}"
state: directory
mode: 0750
mode: "0750"
owner: root
group: backup
@ -85,7 +85,7 @@
ansible.builtin.copy:
dest: /usr/local/sbin/ldap-backup
src: ldap-backup.sh
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -101,7 +101,7 @@
ansible.builtin.copy:
dest: /usr/local/sbin/ldapspn
src: ldapspn.py
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
when: ldap_master is defined
@ -121,7 +121,7 @@
dest: /etc/sasl2/slapd.conf
content: |
pwcheck_method: saslauthd
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart slapd
@ -130,7 +130,7 @@
ansible.builtin.copy:
dest: "{{ tls_certs }}/{{ ldap_server_cert }}.crt"
src: "/srv/letsencrypt/live/{{ ldap_server_cert }}/cert.pem"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
tags: certificates
@ -140,7 +140,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/{{ ldap_server_cert }}.key"
src: "/srv/letsencrypt/live/{{ ldap_server_cert }}/privkey.pem"
mode: 0640
mode: "0640"
owner: root
group: ldap
tags: certificates
@ -150,7 +150,7 @@
ansible.builtin.copy:
dest: "{{ tls_certs }}/{{ ldap_server_cert }}-chain.crt"
src: "/srv/letsencrypt/live/{{ ldap_server_cert }}/chain.pem"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
tags: certificates
@ -193,7 +193,7 @@
ansible.builtin.file:
path: /etc/systemd/system/slapd.service.d
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
when: ansible_distribution == "Rocky"
@ -202,7 +202,7 @@
ansible.builtin.copy:
dest: /etc/systemd/system/slapd.service.d/local.conf
src: slapd.service
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart slapd
@ -212,7 +212,7 @@
ansible.builtin.copy:
dest: /etc/sysconfig/slapd
src: slapd.sysconfig
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart slapd
@ -222,7 +222,7 @@
ansible.builtin.copy:
dest: "/etc/openldap/schema/{{ item }}"
src: "{{ item }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
with_items:
@ -237,7 +237,7 @@
ansible.builtin.copy:
dest: /etc/openldap/check_password.conf
src: check_password.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -245,7 +245,7 @@
ansible.builtin.template:
dest: /etc/openldap/slapd.conf
src: slapd.conf.j2
mode: 0640
mode: "0640"
owner: root
group: ldap
notify: Restart slapd
@ -272,6 +272,6 @@
ansible.builtin.copy:
dest: /etc/openldap/slapd.keytab
src: "{{ ansible_private }}/files/keytabs/slapd.keytab"
mode: 0640
mode: "0640"
owner: root
group: ldap

16
roles/mariadb/tasks/main.yml
View file

@ -16,7 +16,7 @@
ansible.builtin.file:
path: /export/mariadb
state: directory
mode: 0750
mode: "0750"
owner: mysql
group: mysql
setype: _default
@ -41,7 +41,7 @@
ansible.builtin.file:
path: /etc/mysql
state: directory
mode: 0750
mode: "0750"
owner: root
group: mysql
@ -56,7 +56,7 @@
ansible.builtin.template:
dest: /etc/my.cnf.d/tls.cnf
src: tls.cnf.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart mariadb
@ -65,7 +65,7 @@
ansible.builtin.copy:
dest: /etc/my.cnf.d/local.cnf
content: "[mariadb]\ninnodb_file_per_table=ON\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart mariadb
@ -91,7 +91,7 @@
ansible.builtin.template:
dest: /root/.my.cnf
src: my.cnf.j2
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
when: mariadb_root_password is defined
@ -108,7 +108,7 @@
ansible.builtin.file:
path: /export/backup
state: directory
mode: 02750
mode: "02750"
owner: root
group: backup
@ -125,7 +125,7 @@
ansible.builtin.copy:
dest: /usr/local/sbin/mariadb-backup
src: mariadb-backup.sh
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -140,7 +140,7 @@
ansible.builtin.copy:
dest: /usr/local/sbin/mysql_tzinfo_check
src: mysql_tzinfo_check.sh
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

16
roles/minecraft/tasks/main.yml
View file

@ -23,7 +23,7 @@
ansible.builtin.file:
path: /export/minecraft
state: directory
mode: 0750
mode: "0750"
owner: root
group: minecraft
@ -40,7 +40,7 @@
ansible.builtin.file:
path: "/srv/minecraft/{{ item }}"
state: directory
mode: 0770
mode: "0770"
owner: root
group: minecraft
with_items:
@ -55,7 +55,7 @@
dest: /srv/minecraft/eula.txt
content: |
eula=true
mode: 0640
mode: "0640"
owner: root
group: minecraft
@ -63,7 +63,7 @@
ansible.builtin.copy:
dest: /srv/minecraft/server.properties
src: server.properties
mode: 0640
mode: "0640"
owner: root
group: minecraft
@ -72,7 +72,7 @@
dest: "/srv/minecraft/{{ item }}"
content: "[]"
force: false
mode: 0660
mode: "0660"
owner: root
group: minecraft
with_items:
@ -85,7 +85,7 @@
ansible.builtin.file:
path: /usr/local/lib/minecraft
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -95,7 +95,7 @@
url: >-
https://launcher.mojang.com/v1/objects/{{ minecraft_sha1sum }}/server.jar
checksum: "sha1:{{ minecraft_sha1sum }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -103,7 +103,7 @@
ansible.builtin.copy:
dest: /etc/systemd/system/minecraft.service
src: minecraft.service
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

4
roles/mod_auth_gssapi/tasks/main.yml
View file

@ -15,7 +15,7 @@
ansible.builtin.file:
path: /etc/systemd/system/httpd.service.d
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -23,7 +23,7 @@
ansible.builtin.copy:
dest: /etc/systemd/system/httpd.service.d/keytab.conf
content: "[Service]\nEnvironment=KRB5_KTNAME=/etc/httpd/httpd.keytab\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart apache

10
roles/mongodb/tasks/main.yml
View file

@ -40,7 +40,7 @@
ansible.builtin.file:
path: /export/mongodb
state: directory
mode: 0700
mode: "0700"
owner: mongod
group: mongod
setype: _default
@ -67,7 +67,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/mongodb.pem"
content: "{{ mongodb_cert_key.stdout }}"
mode: 0640
mode: "0640"
owner: root
group: mongod
notify: Restart mongod
@ -76,7 +76,7 @@
ansible.builtin.copy:
dest: /etc/logrotate.d/mongod
src: mongod.logrotate
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -85,7 +85,7 @@
dest: /etc/sysconfig/mongod
content: |
OPTIONS="-f /etc/mongod.conf --logRotate reopen"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart mongod
@ -94,7 +94,7 @@
ansible.builtin.template:
dest: /etc/mongod.conf
src: mongod.conf.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart mongod

6
roles/network/tasks/OpenBSD.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.template:
src: hostname.if.j2
dest: "/etc/hostname.{{ item.device }}"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
with_items: "{{ network_interfaces }}"
@ -13,7 +13,7 @@
ansible.builtin.template:
src: hostname.carp.j2
dest: "/etc/hostname.carp{{ item.vhid }}"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
with_items: "{{ network_vip_interfaces }}"
@ -34,7 +34,7 @@
ansible.builtin.copy:
content: "{{ network_default_gateway }}\n"
dest: /etc/mygate
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart network

4
roles/network/tasks/RedHat.yml
View file

@ -15,7 +15,7 @@
ansible.builtin.template:
src: ifcfg-eth.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.device }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Reload network manager connections
@ -33,7 +33,7 @@
ansible.builtin.template:
dest: /etc/keepalived/keepalived.conf
src: keepalived.conf.j2
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart keepalived

2
roles/network/tasks/main.yml
View file

@ -6,7 +6,7 @@
ansible.builtin.template:
src: resolv.conf.j2
dest: /etc/resolv.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
when: network_dns_servers is defined

2
roles/nfs_client/tasks/main.yml
View file

@ -14,7 +14,7 @@
ansible.builtin.copy:
dest: /etc/modprobe.d/nfs.conf
content: "options nfs nfs4_disable_idmapping=0\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

2
roles/nfs_server/tasks/main.yml
View file

@ -21,7 +21,7 @@
ansible.builtin.copy:
dest: "/usr/local/sbin/{{ item }}"
src: "{{ item }}.sh"
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
with_items:

2
roles/nftables/tasks/main.yml
View file

@ -13,7 +13,7 @@
ansible.builtin.template:
src: nftables.conf.j2
dest: /etc/sysconfig/nftables.conf
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Reload nftables

8
roles/nginx/server/tasks/main.yml
View file

@ -32,7 +32,7 @@
ansible.builtin.file:
state: directory
path: "{{ item }}"
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
seuser: _default
@ -46,7 +46,7 @@
ansible.builtin.template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx
@ -56,7 +56,7 @@
ansible.builtin.file:
dest: /etc/systemd/system/nginx.service.d
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
when: ansible_os_family == "RedHat"
@ -65,7 +65,7 @@
ansible.builtin.copy:
dest: /etc/systemd/system/nginx.service.d/dependency.conf
src: dependency.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
when: ansible_os_family == "RedHat"

8
roles/nginx/site/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.file:
path: "/srv/web/{{ site }}"
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
when: redirect is not defined and proxy is not defined
@ -12,7 +12,7 @@
ansible.builtin.template:
dest: /etc/nginx/conf.d/{{ site }}.conf
src: site.conf.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx
@ -21,7 +21,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/{{ site }}.key"
src: "{{ item }}"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
@ -35,7 +35,7 @@
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ tls_certs }}/{{ site }}-fullchain.crt"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
validate: /usr/bin/openssl x509 -in %s -noout

8
roles/nsd/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/{{ nsd_server }}.key"
src: "{{ item }}"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
@ -17,7 +17,7 @@
ansible.builtin.copy:
dest: "{{ tls_certs }}/{{ nsd_server }}.crt"
src: "{{ item }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
@ -31,7 +31,7 @@
ansible.builtin.template:
src: nsd.conf.j2
dest: /var/nsd/etc/nsd.conf
mode: 0640
mode: "0640"
owner: root
group: _nsd
notify: Restart nsd
@ -40,7 +40,7 @@
ansible.builtin.copy:
dest: "/var/nsd/zones/master/{{ item | replace('/', '-') }}"
src: "/srv/dns/{{ item | replace('/', '-') }}"
mode: 0640
mode: "0640"
owner: root
group: _nsd
tags: dns

2
roles/openbgpd/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.copy:
dest: /etc/bgpd.conf
src: "{{ ansible_private }}/files/bgpd/bgpd.conf.{{ inventory_hostname }}"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart bgpd

4
roles/opensmtpd/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.template:
src: smtpd.conf.j2
dest: /etc/mail/smtpd.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart opensmtpd
@ -12,7 +12,7 @@
ansible.builtin.copy:
content: "{{ mail_domain }}\n"
dest: /etc/mail//mailname
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart opensmtpd

14
roles/openvpn/tasks/main.yml
View file

@ -8,7 +8,7 @@
ansible.builtin.file:
path: /var/openvpn
state: directory
mode: 0750
mode: "0750"
owner: root
group: _openvpn
@ -16,7 +16,7 @@
ansible.builtin.file:
path: /var/openvpn/tmp
state: directory
mode: 0770
mode: "0770"
owner: _openvpn
group: _openvpn
@ -24,7 +24,7 @@
ansible.builtin.file:
path: /etc/openvpn
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -32,7 +32,7 @@
ansible.builtin.file:
path: /etc/openvpn/keys
state: directory
mode: 0700
mode: "0700"
owner: root
group: "{{ ansible_wheel }}"
@ -40,7 +40,7 @@
ansible.builtin.copy:
src: "{{ ansible_private }}/files/openvpn/{{ inventory_hostname }}.key"
dest: /etc/openvpn/keys/tap0.key
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
@ -48,7 +48,7 @@
ansible.builtin.copy:
src: "{{ ansible_private }}/files/openvpn/{{ inventory_hostname }}.conf"
dest: /etc/openvpn/tap0.conf
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
@ -56,6 +56,6 @@
ansible.builtin.copy:
src: hostname.tap0
dest: /etc/hostname.tap0
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"

4
roles/pf/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.copy:
src: "{{ firewall_src }}"
dest: /etc/pf.conf
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
validate: pfctl -N -f %s
@ -14,7 +14,7 @@
ansible.builtin.template:
src: pf.conf.j2
dest: /etc/pf.conf
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
validate: pfctl -N -f %s

12
roles/pki/tasks/main.yml
View file

@ -8,7 +8,7 @@
ansible.builtin.copy:
src: "/srv/ca/certs/ca.crt"
dest: "{{ tls_certs }}/ca.crt"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -32,7 +32,7 @@
- name: Fix private key directory permissions
ansible.builtin.file:
path: "{{ tls_private }}"
mode: 0750
mode: "0750"
owner: root
group: hostkey
when: ansible_system == "OpenBSD"
@ -41,7 +41,7 @@
ansible.builtin.copy:
src: "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
dest: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -56,7 +56,7 @@
' {{ tls_certs }}/{{ inventory_hostname }}.crt
dest: /etc/ansible/facts.d/ansible_certificate.fact
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -73,7 +73,7 @@
ansible.builtin.copy:
dest: "{{ tls_certs }}/{{ inventory_hostname }}-fullchain.crt"
content: "{{ pki_host_fullchain.stdout }}"
mode: 0640
mode: "0640"
owner: root
group: "{{ ansible_wheel }}"
@ -81,6 +81,6 @@
ansible.builtin.copy:
src: "/srv/ca/private/{{ inventory_hostname }}.key"
dest: "{{ tls_private }}/{{ inventory_hostname }}.key"
mode: 0640
mode: "0640"
owner: root
group: hostkey

2
roles/podman/tasks/main.yml
View file

@ -14,7 +14,7 @@
ansible.builtin.copy:
dest: /usr/local/share/selinux/podman-certs.pp
src: podman-certs.pp
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

8
roles/rclone/tasks/main.yml
View file

@ -8,7 +8,7 @@
ansible.builtin.file:
path: /etc/rclone
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -16,7 +16,7 @@
ansible.builtin.template:
dest: /etc/rclone/rclone.conf
src: rclone.conf.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -24,7 +24,7 @@
ansible.builtin.file:
path: /var/log/rclone
state: directory
mode: 0750
mode: "0750"
owner: "{{ local_user | default('root') }}"
group: "{{ local_user | default(ansible_wheel) }}"
@ -32,7 +32,7 @@
ansible.builtin.template:
dest: /usr/local/bin/rclone-sync
src: rclone-sync.sh.j2
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

4
roles/roles_lists/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.copy:
dest: /etc/smrsh/archiver
src: archiver.sh
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -20,7 +20,7 @@
ansible.builtin.copy:
dest: /usr/local/share/selinux/sendmail-spamc.pp
src: sendmail-spamc.pp
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

12
roles/roundcube/tasks/main.yml
View file

@ -14,7 +14,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/roundcube.key"
src: "{{ tls_private }}/{{ inventory_hostname }}.key"
mode: 0640
mode: "0640"
owner: root
group: roundcube
remote_src: true
@ -23,7 +23,7 @@
ansible.builtin.file:
path: /etc/roundcube
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -31,7 +31,7 @@
ansible.builtin.template:
dest: /etc/roundcube/local.php
src: local.php.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -39,7 +39,7 @@
ansible.builtin.template:
dest: /etc/sysconfig/roundcube-container
src: roundcube-container.sysconfig.j2
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart roundcube
@ -48,7 +48,7 @@
ansible.builtin.template:
dest: /etc/systemd/system/roundcube-container.service
src: roundcube-container.service.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart roundcube
@ -66,7 +66,7 @@
location /roundcube/ {
proxy_pass http://localhost:8004/;
}
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart nginx

4
roles/rpm_build/tasks/main.yml
View file

@ -14,7 +14,7 @@
state: directory
owner: root
group: "{{ ansible_wheel }}"
mode: 0755
mode: "0755"
with_items:
- /export/rpmbuild
- /export/rpmbuild/SOURCES
@ -34,6 +34,6 @@
ansible.builtin.copy:
dest: /root/.rpmmacros
content: "%_topdir /srv/rpmbuild\n"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"

4
roles/rsync/client/tasks/main.yml
View file

@ -11,7 +11,7 @@
ansible.builtin.template:
dest: /usr/local/libexec/rsync-ssl-tunnel
src: rsync-ssl-tunnel.j2
mode: 0755
mode: "0755"
owner: root
group: root
@ -19,6 +19,6 @@
ansible.builtin.copy:
dest: /usr/local/bin/rsync-ssl
src: rsync-ssl
mode: 0755
mode: "0755"
owner: root
group: root

8
roles/rsync/server/tasks/main.yml
View file

@ -17,7 +17,7 @@
ansible.builtin.template:
dest: /etc/rsyncd.conf
src: rsyncd.conf.j2
mode: 0644
mode: "0644"
owner: root
group: root
@ -25,7 +25,7 @@
ansible.builtin.template:
dest: /etc/stunnel/rsyncd.conf
src: rsyncd-stunnel.conf.j2
mode: 0644
mode: "0644"
owner: root
group: root
@ -33,7 +33,7 @@
ansible.builtin.file:
dest: /etc/systemd/system/rsyncd@.service.d
state: directory
mode: 0755
mode: "0755"
owner: root
group: root
@ -41,7 +41,7 @@
ansible.builtin.copy:
dest: /etc/systemd/system/rsyncd@.service.d/stunnel.conf
src: systemd-stunnel.conf
mode: 0644
mode: "0644"
owner: root
group: root

6
roles/rsyslog/tasks/main.yml
View file

@ -11,7 +11,7 @@
ansible.builtin.copy:
dest: /etc/rsyslog.d/all.log.conf
content: "*.* /var/log/all.log\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart rsyslog
@ -20,7 +20,7 @@
ansible.builtin.template:
dest: /etc/rsyslog.d/remote.conf
src: remote.conf.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart rsyslog
@ -34,6 +34,6 @@
ansible.builtin.copy:
dest: /etc/logrotate.d/syslog.all
src: logrotate
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

2
roles/rsyslog/tasks/udp-listen.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.copy:
dest: /etc/rsyslog.d/udp-listen.conf
src: udp-listen.conf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart rsyslog

2
roles/saslauthd/tasks/main.yml
View file

@ -19,7 +19,7 @@
ansible.builtin.template:
dest: /etc/saslauthd.conf
src: saslauthd.conf.j2
mode: 0640
mode: "0640"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart saslauthd

2
roles/selinux/tasks/main.yml
View file

@ -8,6 +8,6 @@
ansible.builtin.file:
dest: /usr/local/share/selinux
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

14
roles/sendmail/tasks/main.yml
View file

@ -12,7 +12,7 @@
ansible.builtin.file:
path: /etc/mail/certs
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -20,7 +20,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/{{ mail_server }}.key"
src: "{{ item }}"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
@ -34,7 +34,7 @@
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ tls_certs }}/{{ mail_server }}.crt"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
validate: /usr/bin/openssl x509 -in %s -noout
@ -49,7 +49,7 @@
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ tls_certs }}/{{ mail_server }}-chain.crt"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
validate: /usr/bin/openssl x509 -in %s -noout
@ -68,7 +68,7 @@
ansible.builtin.file:
path: /export/mail
state: directory
mode: 0775
mode: "0775"
owner: root
group: mail
setype: _default
@ -96,7 +96,7 @@
ansible.builtin.template:
src: sendmail.mc.j2
dest: /etc/mail/sendmail.mc
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
validate: /bin/sh -c '/usr/bin/m4 %s > /dev/null'
@ -106,7 +106,7 @@
ansible.builtin.copy:
src: "{{ ansible_private }}/files/sendmail/aliases"
dest: /etc/aliases
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Update aliases

2
roles/sftpuser/tasks/main.yml
View file

@ -18,7 +18,7 @@
ansible.builtin.copy:
dest: "/etc/ssh/authorized_keys.{{ user }}"
content: "{{ publickeys | join('\n') + '\n'}}"
mode: 0640
mode: "0640"
owner: root
group: "{{ user }}"

4
roles/spamassassin_clamav/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.copy:
src: ClamAV.pm
dest: /etc/mail/spamassassin/ClamAV.pm
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart spamassassin
@ -12,7 +12,7 @@
ansible.builtin.copy:
src: clamav.cf
dest: /etc/mail/spamassassin/clamav.cf
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart spamassassin

2
roles/spamassassin_razor/tasks/main.yml
View file

@ -8,7 +8,7 @@
ansible.builtin.file:
path: /var/lib/razor
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
setype: _default

2
roles/spamassassin_textcat/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.copy:
dest: /etc/mail/spamassassin/textcat.pre
content: "loadplugin Mail::SpamAssassin::Plugin::TextCat\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart spamassassin

2
roles/ssh_known_hosts/tasks/main.yml
View file

@ -3,6 +3,6 @@
ansible.builtin.template:
dest: /etc/ssh/ssh_known_hosts
src: ssh_known_hosts.j2
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"

2
roles/sssd/tasks/main.yml
View file

@ -8,7 +8,7 @@
ansible.builtin.template:
dest: /etc/sssd/sssd.conf
src: sssd.conf.j2
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart sssd

2
roles/syslogd/tasks/main.yml
View file

@ -8,7 +8,7 @@
ansible.builtin.file:
path: /var/log/all.log
state: touch
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
when: not result.stat.exists

8
roles/syslogd/tasks/server.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.file:
dest: "{{ item }}"
state: directory
mode: 0750
mode: "0750"
owner: root
group: "{{ ansible_wheel }}"
with_items:
@ -22,7 +22,7 @@
ansible.builtin.copy:
dest: "{{ tls_private }}/0.0.0.0:6514.key"
src: /srv/letsencrypt/live/loghost.foo.sh/privkey.pem
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart syslogd
@ -32,7 +32,7 @@
ansible.builtin.copy:
dest: "{{ tls_certs }}/0.0.0.0:6514.crt"
src: /srv/letsencrypt/live/loghost.foo.sh/fullchain.pem
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart syslogd
@ -59,7 +59,7 @@
ansible.builtin.copy:
dest: /usr/local/sbin/syslog-archive
src: syslog-archive.sh
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

2
roles/telegraf/tasks/main.yml
View file

@ -9,7 +9,7 @@
ansible.builtin.copy:
dest: /etc/telegraf/telegraf.conf
src: "{{ ansible_private }}/files/telegraf/telegraf.conf"
mode: 0640
mode: "0640"
owner: root
group: _telegraf
notify: Restart telegraf

6
roles/tftp/tasks/main.yml
View file

@ -34,7 +34,7 @@
ansible.builtin.file:
path: /export/tftpboot
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -51,7 +51,7 @@
ansible.builtin.file:
path: /etc/systemd/system/tftp.service.d
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
when: ansible_service_mgr == "systemd"
@ -63,7 +63,7 @@
[Service]
ExecStart=
ExecStart=/usr/sbin/in.tftpd -s /srv/tftpboot -u tftpd -c -v
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart tftpd

6
roles/thinlinc_server/tasks/main.yml
View file

@ -32,7 +32,7 @@
ansible.builtin.copy:
dest: /etc/polkit-1/rules.d/40-thinlinc-no-auth-dialogs.rules
src: 40-thinlinc-no-auth-dialogs.rules
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
@ -59,7 +59,7 @@
ansible.builtin.copy:
dest: /opt/thinlinc/etc/tlwebaccess/server.key
src: "{{ item }}"
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
@ -72,7 +72,7 @@
ansible.builtin.copy:
dest: /opt/thinlinc/etc/tlwebaccess/server.crt
src: "{{ item }}"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
validate: /usr/bin/openssl x509 -in %s -noout

2
roles/unbound/tasks/main.yml
View file

@ -19,7 +19,7 @@
ansible.builtin.template:
dest: "{{ unbound_conf }}"
src: "unbound.conf.{{ inventory_hostname }}.j2"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
validate: "unbound-checkconf %s"

4
roles/web_build/tasks/main.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.file:
path: /export/web-build
state: directory
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"
@ -20,6 +20,6 @@
ansible.builtin.copy:
dest: /usr/local/bin/web-sync
src: web-sync.sh
mode: 0755
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

8
roles/web_logs/tasks/main.yml
View file

@ -18,7 +18,7 @@
ansible.builtin.file:
path: /etc/ssh/logsync
state: directory
mode: 0750
mode: "0750"
owner: root
group: logsync
@ -41,7 +41,7 @@
path: "{{ item }}"
owner: root
group: logsync
mode: 0640
mode: "0640"
with_items:
- /etc/ssh/logsync/id_ed25519
- /etc/ssh/logsync/id_ed25519.pub
@ -60,7 +60,7 @@
ansible.builtin.file:
path: /var/cache/sync-http-logs
state: directory
mode: 0750
mode: "0750"
owner: logsync
group: logsync
@ -68,7 +68,7 @@
ansible.builtin.file:
path: /export/web-log
state: directory
mode: 0750
mode: "0750"
owner: root
group: "{{ ansible_wheel }}"

10
roles/zoneminder/tasks/main.yml
View file

@ -21,7 +21,7 @@
ansible.builtin.file:
path: /export/zoneminder
state: directory
mode: 0750
mode: "0750"
owner: apache
group: apache
setype: _default
@ -39,7 +39,7 @@
ansible.builtin.template:
dest: /etc/zm/conf.d/local.conf
src: zm.conf
mode: 0640
mode: "0640"
owner: root
group: apache
notify: Restart zoneminder
@ -76,7 +76,7 @@
ansible.builtin.file:
dest: /var/log/zoneminder/web_php.log
state: touch
mode: 0640
mode: "0640"
owner: apache
group: apache
access_time: preserve
@ -104,7 +104,7 @@
ansible.builtin.copy:
dest: /etc/php.d/timezone.ini
content: "date.timezone=UTC\n"
mode: 0644
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart apache
@ -118,7 +118,7 @@
ssl-ca={{ tls_certs }}/ca.crt
ssl-cert={{ tls_certs }}/{{ inventory_hostname }}.crt
ssl-key={{ tls_private }}/{{ inventory_hostname }}.key
mode: 0600
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"