diff --git a/.yamllint b/.yamllint index 53974a0..8255414 100644 --- a/.yamllint +++ b/.yamllint @@ -4,3 +4,11 @@ extends: default rules: line-length: disable + comments: + min-spaces-from-content: 1 + comments-indentation: false + braces: + max-spaces-inside: 1 + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/bittorrent/tasks/jackett.yml b/roles/bittorrent/tasks/jackett.yml index 6acc683..6a55988 100644 --- a/roles/bittorrent/tasks/jackett.yml +++ b/roles/bittorrent/tasks/jackett.yml @@ -22,5 +22,5 @@ ansible.builtin.template: src: jackett.service.j2 dest: /etc/systemd/system/jackett.service - mode: 0644 + mode: "0o644" notify: Restart jackett diff --git a/roles/bittorrent/tasks/sonarr.yml b/roles/bittorrent/tasks/sonarr.yml index b55637b..1ac0cc4 100644 --- a/roles/bittorrent/tasks/sonarr.yml +++ b/roles/bittorrent/tasks/sonarr.yml @@ -6,7 +6,7 @@ dest: /etc/apt/trusted.gpg.d/sonarr.asc owner: root group: root - mode: 0750 + mode: "0o750" - name: Install sonarr repo ansible.builtin.apt_repository: diff --git a/roles/bittorrent/tasks/transmission.yml b/roles/bittorrent/tasks/transmission.yml index 642143b..c70c51b 100644 --- a/roles/bittorrent/tasks/transmission.yml +++ b/roles/bittorrent/tasks/transmission.yml @@ -24,4 +24,4 @@ dest: /var/lib/transmission-daemon/downloads/CACHEDIR.TAG owner: debian-transmission group: debian-transmission - mode: '0644' + mode: "0o644" diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index f44119b..baa4d8c 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -12,7 +12,7 @@ ansible.builtin.copy: src: ./files/dovecot.conf dest: /etc/dovecot/dovecot.conf - mode: 0644 + mode: "0o644" notify: - Restart dovecot @@ -20,7 +20,7 @@ ansible.builtin.copy: src: ./files/before.sieve dest: /etc/dovecot/before.sieve - mode: 0644 + mode: "0o644" notify: - Compile sieve - Restart dovecot diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml index 7735666..04ce216 100644 --- a/roles/elasticsearch/tasks/main.yml +++ b/roles/elasticsearch/tasks/main.yml @@ -10,13 +10,13 @@ url: "{{ elasticsearch_key_url }}" dest: "{{ elasticsearch_key_path }}" force: true - mode: 0644 + mode: "0o644" - name: Set elasticsearch source repo ansible.builtin.copy: content: "deb [signed-by={{ elasticsearch_key_path }}] https://artifacts.elastic.co/packages/7.x/apt stable main" dest: /etc/apt/sources.list.d/elasticsearch.list - mode: '0644' + mode: "0o644" - name: Install elasticsearch ansible.builtin.apt: @@ -36,7 +36,7 @@ ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" - mode: '0644' + mode: "0o644" notify: - Restart elasticsearch loop: diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index a0f5d2f..c28b98f 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -4,5 +4,5 @@ ansible.builtin.template: src: firewall.j2 dest: /etc/config/firewall - mode: 0644 + mode: "0o644" notify: Reload firewall diff --git a/roles/ftp/tasks/main.yml b/roles/ftp/tasks/main.yml index 96f440e..7ebc33a 100644 --- a/roles/ftp/tasks/main.yml +++ b/roles/ftp/tasks/main.yml @@ -9,7 +9,7 @@ ansible.builtin.file: path: /srv/ftp state: directory - mode: 0755 + mode: "0o755" - name: Add cachedir file ansible.builtin.template: @@ -17,7 +17,7 @@ dest: /srv/ftp/CACHEDIR.TAG owner: root group: root - mode: '0644' + mode: "0o644" - name: Create upload directory ansible.builtin.file: @@ -25,7 +25,7 @@ owner: ftp group: root state: directory - mode: 0755 + mode: "0o755" - name: Put vsftpd config file ansible.builtin.copy: @@ -33,7 +33,7 @@ dest: /etc/vsftpd.conf owner: root group: root - mode: 0644 + mode: "0o644" notify: Restart vsftpd - name: Put control size script @@ -42,7 +42,7 @@ dest: /usr/local/sbin/deleteoldfiles.sh owner: root group: root - mode: '0700' + mode: "0o700" - name: Cron control size script ansible.builtin.cron: diff --git a/roles/garage/tasks/main.yml b/roles/garage/tasks/main.yml index 52f9a2f..c657a4d 100644 --- a/roles/garage/tasks/main.yml +++ b/roles/garage/tasks/main.yml @@ -6,7 +6,7 @@ dest: "{{ garage_bin }}" owner: root group: root - mode: 0755 + mode: "0o755" force: true notify: - Restart garage @@ -15,13 +15,13 @@ ansible.builtin.template: src: garage.service.j2 dest: /etc/systemd/system/garage.service - mode: 0644 + mode: "0o644" - name: Put garage.toml conf file ansible.builtin.template: src: garage.toml.j2 dest: /etc/garage.toml - mode: 0644 + mode: "0o644" vars: cluster_group: "{{ group_names | map('regex_search', '.+_cluster') | select('string') | first }}" cluster_group_length: "{{ groups[cluster_group] | reject('search', 'gw') | length }}" diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 3f62ba6..d488cdf 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -9,6 +9,6 @@ ansible.builtin.template: src: haproxy.cfg.j2 dest: /etc/haproxy/haproxy.cfg - mode: 0644 + mode: "0o644" notify: - Restart haproxy diff --git a/roles/icecast2/tasks/main.yml b/roles/icecast2/tasks/main.yml index f541802..8e2795f 100644 --- a/roles/icecast2/tasks/main.yml +++ b/roles/icecast2/tasks/main.yml @@ -9,6 +9,6 @@ ansible.builtin.template: src: icecast.xml.j2 dest: /etc/icecast2/icecast.xml - mode: 0640 + mode: "0o640" notify: - Restart icecast2 diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml index d8a9e4c..d7fba25 100644 --- a/roles/mailman/tasks/main.yml +++ b/roles/mailman/tasks/main.yml @@ -12,7 +12,7 @@ ansible.builtin.copy: src: ./files/mailman.cfg dest: /etc/mailman3/mailman.cfg - mode: 0640 + mode: "0o640" notify: Restart mailman3 - name: Start mailman3 service diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index eb1d155..6b1be57 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -13,7 +13,7 @@ owner: mysql group: mysql state: directory - mode: 0755 + mode: "0o755" - name: Populate mysql directory ansible.builtin.command: @@ -27,7 +27,7 @@ ansible.builtin.template: src: 50-server.cnf.j2 dest: /etc/mysql/mariadb.conf.d/50-server.cnf - mode: 0644 + mode: "0o644" notify: Restart mariadb - name: Upgrade debian configuration file @@ -36,7 +36,7 @@ dest: /etc/mysql/debian.cnf owner: root group: root - mode: '0600' + mode: "0o600" notify: Restart mariadb - name: Force handlers @@ -64,7 +64,7 @@ ansible.builtin.template: src: dot.my.cnf.j2 dest: ~/.my.cnf - mode: '0600' + mode: "0o600" - name: Set root password (follow-up) community.mysql.mysql_user: @@ -93,13 +93,13 @@ ansible.builtin.file: path: /etc/systemd/system/mariadb.service.d/ state: directory - mode: 0755 + mode: "0o755" - name: Create MariaDB service override ansible.builtin.copy: src: files/override.conf dest: /etc/systemd/system/mariadb.service.d/override.conf - mode: 0644 + mode: "0o644" notify: - Restart mariadb - Daemon-reload @@ -108,7 +108,7 @@ ansible.builtin.copy: src: files/backup_mysql.sh dest: /usr/local/bin/backup_mysql.sh - mode: '0755' + mode: "0o755" - name: Cron backup script ansible.builtin.cron: diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 321a68d..28451ec 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -12,7 +12,7 @@ ansible.builtin.file: state: directory path: "{{ mastodon_home }}/.ssh" - mode: 0755 + mode: "0o755" owner: mastodon group: mastodon @@ -21,7 +21,7 @@ remote_src: true src: /root/.ssh/authorized_keys dest: "{{ mastodon_home }}/.ssh/authorized_keys" - mode: 0644 + mode: "0o644" owner: mastodon group: mastodon diff --git a/roles/mastodon/tasks/mastodon.yml b/roles/mastodon/tasks/mastodon.yml index 7cdca30..bcf6687 100644 --- a/roles/mastodon/tasks/mastodon.yml +++ b/roles/mastodon/tasks/mastodon.yml @@ -44,14 +44,14 @@ ansible.builtin.file: path: "{{ mastodon_home }}/bin" state: directory - mode: '0750' + mode: "0o750" - name: Put template scripts remote_user: mastodon ansible.builtin.template: src: "{{ item }}.j2" dest: "{{ mastodon_home }}/bin/{{ item }}" - mode: '0750' + mode: "0o750" loop: - remove_media.sh - remove_preview_cards.sh @@ -60,7 +60,7 @@ ansible.builtin.template: src: "{{ item }}.j2" dest: "/etc/systemd/system/{{ item }}" - mode: 0644 + mode: "0o644" loop: - "mastodon-sidekiq.service" - "mastodon-streaming.service" diff --git a/roles/mumble/tasks/main.yml b/roles/mumble/tasks/main.yml index 41ad82b..6f2f6ab 100644 --- a/roles/mumble/tasks/main.yml +++ b/roles/mumble/tasks/main.yml @@ -9,6 +9,6 @@ ansible.builtin.copy: src: ./files/mumble-server.ini dest: /etc/mumble-server.ini - mode: 0640 + mode: "0o640" notify: - Restart mumble diff --git a/roles/munin_client/tasks/garage.yml b/roles/munin_client/tasks/garage.yml index d441bb2..bf3fa65 100644 --- a/roles/munin_client/tasks/garage.yml +++ b/roles/munin_client/tasks/garage.yml @@ -14,7 +14,7 @@ dest: /etc/munin/plugin-conf.d/garage owner: root group: root - mode: '0640' + mode: "0o640" notify: - Restart munin-node @@ -24,6 +24,6 @@ dest: /etc/munin/plugins/garage_bucket owner: root group: root - mode: '0755' + mode: "0o755" notify: - Restart munin-node diff --git a/roles/munin_client/tasks/hypervisors.yml b/roles/munin_client/tasks/hypervisors.yml index 24a7a3f..a6c2067 100644 --- a/roles/munin_client/tasks/hypervisors.yml +++ b/roles/munin_client/tasks/hypervisors.yml @@ -14,7 +14,7 @@ dest: /etc/munin/plugin-conf.d/nvme owner: root group: root - mode: '0640' + mode: "0o640" notify: - Restart munin-node @@ -24,7 +24,7 @@ dest: /etc/munin/plugins/nvme owner: root group: root - mode: '0755' + mode: "0o755" notify: - Restart munin-node diff --git a/roles/munin_client/tasks/lxc.yml b/roles/munin_client/tasks/lxc.yml index 682cd22..f1330a7 100644 --- a/roles/munin_client/tasks/lxc.yml +++ b/roles/munin_client/tasks/lxc.yml @@ -19,7 +19,7 @@ ansible.builtin.copy: src: "files/{{ item }}" dest: "/etc/munin/plugins/{{ item }}" - mode: "0755" + mode: "0o755" owner: root group: root notify: diff --git a/roles/munin_client/tasks/main.yml b/roles/munin_client/tasks/main.yml index a8bcb0c..2ef7007 100644 --- a/roles/munin_client/tasks/main.yml +++ b/roles/munin_client/tasks/main.yml @@ -26,7 +26,7 @@ ansible.builtin.template: src: munin-node.conf.j2 dest: /etc/munin/munin-node.conf - mode: 0644 + mode: "0o644" notify: - Restart munin-node when: munin_need_reconfigure diff --git a/roles/munin_client/tasks/mikrotik.yml b/roles/munin_client/tasks/mikrotik.yml index 62d358c..71116ac 100644 --- a/roles/munin_client/tasks/mikrotik.yml +++ b/roles/munin_client/tasks/mikrotik.yml @@ -4,7 +4,7 @@ ansible.builtin.copy: src: "./files/{{ item.0 }}" dest: "/etc/munin/plugins/{{ item.0 }}{{ item.1.name }}" - mode: 0755 + mode: "0o755" loop: "{{ mikrotik_unitary_scripts | product(mikrotik_hosts) | list }}" notify: - Restart munin-node @@ -13,7 +13,7 @@ ansible.builtin.copy: src: "./files/{{ item.1 }}" dest: "/etc/munin/plugins/{{ item.1 }}{{ item.0.0.name }}_{{ item.0.1 }}" - mode: 0755 + mode: "0o755" loop: "{{ mikrotik_hosts | subelements('ifaces') | product(mikrotik_periface_scripts) }}" loop_control: label: "{{ item.0.1 }}" diff --git a/roles/munin_server/tasks/main.yml b/roles/munin_server/tasks/main.yml index aab6738..7888ce2 100644 --- a/roles/munin_server/tasks/main.yml +++ b/roles/munin_server/tasks/main.yml @@ -9,4 +9,4 @@ ansible.builtin.template: src: munin.conf.j2 dest: /etc/munin/munin.conf - mode: 0644 + mode: "0o644" diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 044b011..89e86b6 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -20,7 +20,7 @@ ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" - mode: 0644 + mode: "0o644" notify: - Restart nginx loop: diff --git a/roles/nginx/tasks/vhosts.yml b/roles/nginx/tasks/vhosts.yml index f6201b6..3a48859 100644 --- a/roles/nginx/tasks/vhosts.yml +++ b/roles/nginx/tasks/vhosts.yml @@ -15,7 +15,7 @@ ansible.builtin.template: src: "vhosts/{{ item }}.conf.j2" dest: "/etc/nginx/sites-available/{{ item }}.conf" - mode: 0644 + mode: "0o644" notify: - Restart nginx loop: "{{ web_hostname }}" diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index 7f6ac1f..f5d1e7c 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -10,7 +10,7 @@ url: "{{ nodejs_key_url }}" dest: /tmp/nodesource.gpg.key force: true - mode: 0644 + mode: "0o644" - name: Dearmor gpg key ansible.builtin.command: @@ -21,7 +21,7 @@ ansible.builtin.copy: content: "deb [signed-by={{ nodejs_key_path }}] https://deb.nodesource.com/node_{{ nodejs_version }}.x nodistro main" dest: /etc/apt/sources.list.d/nodesource.list - mode: 0644 + mode: "0o644" - name: Install nodejs ansible.builtin.apt: diff --git a/roles/nut_client/tasks/main.yml b/roles/nut_client/tasks/main.yml index d9e61c8..06bef77 100644 --- a/roles/nut_client/tasks/main.yml +++ b/roles/nut_client/tasks/main.yml @@ -9,13 +9,13 @@ ansible.builtin.template: src: upsmon.conf.j2 dest: /etc/nut/upsmon.conf - mode: '0640' + mode: "0o640" notify: Restart nut-client - name: Put nut configuration file ansible.builtin.copy: src: files/nut.conf dest: /etc/nut/nut.conf - mode: '0640' + mode: "0o640" when: inventory_hostname not in groups['nut_server'] notify: Restart nut-client diff --git a/roles/nut_server/tasks/main.yml b/roles/nut_server/tasks/main.yml index 7472478..bb0902c 100644 --- a/roles/nut_server/tasks/main.yml +++ b/roles/nut_server/tasks/main.yml @@ -9,7 +9,7 @@ ansible.builtin.copy: src: files/90-nut-ups.rules dest: /etc/udev/rules.d/90-nut-ups.rules - mode: 0644 + mode: "0o644" notify: - Reload udev - Restart nut-driver @@ -18,7 +18,7 @@ ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" - mode: 0640 + mode: "0o640" loop: - {src: "files/nut.conf", dest: "/etc/nut/nut.conf"} - {src: "files/ups.conf", dest: "/etc/nut/ups.conf"} @@ -29,5 +29,5 @@ ansible.builtin.template: src: upsd.users.j2 dest: /etc/nut/upsd.users - mode: '0640' + mode: "0o640" notify: Restart nut-server diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml index e9442e4..a61a240 100644 --- a/roles/opendkim/tasks/main.yml +++ b/roles/opendkim/tasks/main.yml @@ -12,7 +12,7 @@ ansible.builtin.template: src: opendkim.conf dest: /etc/opendkim.conf - mode: 0644 + mode: "0o644" notify: - Restart opendkim @@ -20,13 +20,13 @@ ansible.builtin.file: path: /etc/dkim state: directory - mode: 0755 + mode: "0o755" - name: Put secondary configuration files ansible.builtin.copy: src: "./files/dkim/{{ item }}" dest: "/etc/dkim/{{ item }}" - mode: 0644 + mode: "0o644" loop: - KeyTable - PeerList diff --git a/roles/opendmarc/tasks/main.yml b/roles/opendmarc/tasks/main.yml index 12e41f7..ed541bd 100644 --- a/roles/opendmarc/tasks/main.yml +++ b/roles/opendmarc/tasks/main.yml @@ -9,7 +9,7 @@ ansible.builtin.copy: src: ./files/opendmarc.conf dest: /etc/opendmarc.conf - mode: 0644 + mode: "0o644" notify: - Restart opendmarc @@ -17,13 +17,13 @@ ansible.builtin.file: path: /etc/dmarc state: directory - mode: 0755 + mode: "0o755" - name: Put secondary configuration files ansible.builtin.copy: src: "./files/dmarc/{{ item }}" dest: "/etc/dmarc/{{ item }}" - mode: 0644 + mode: "0o644" loop: - IgnoreHosts notify: diff --git a/roles/peertube/tasks/main.yml b/roles/peertube/tasks/main.yml index cbe2bc0..381fcc9 100644 --- a/roles/peertube/tasks/main.yml +++ b/roles/peertube/tasks/main.yml @@ -23,7 +23,7 @@ ansible.builtin.file: state: directory path: "{{ peertube_home }}/.ssh" - mode: 0755 + mode: "0o755" owner: peertube group: peertube @@ -32,7 +32,7 @@ remote_src: true src: /root/.ssh/authorized_keys dest: "{{ peertube_home }}/.ssh/authorized_keys" - mode: 0644 + mode: "0o644" owner: peertube group: peertube @@ -42,9 +42,9 @@ state: directory owner: peertube group: peertube - mode: "{{ item.mode | default('0755') }}" + mode: "{{ item.mode | default('0o755') }}" loop: - - {path: "config", mode: "0750"} + - {path: "config", mode: "0o750"} - {path: "storage"} - {path: "versions"} @@ -78,7 +78,7 @@ ansible.builtin.template: src: peertube.service.j2 dest: /etc/systemd/system/peertube.service - mode: 0644 + mode: "0o644" - name: Install default configuration ansible.builtin.file: diff --git a/roles/php/tasks/main.yml b/roles/php/tasks/main.yml index 73df3f4..08cdc32 100644 --- a/roles/php/tasks/main.yml +++ b/roles/php/tasks/main.yml @@ -9,7 +9,7 @@ ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" - mode: 0644 + mode: "0o644" loop: - {src: "www.conf.j2", dest: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf"} - {src: "php.ini.j2", dest: "/etc/php/{{ php_version }}/fpm/php.ini"} diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index 5f55051..84f5900 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -14,7 +14,7 @@ ansible.builtin.copy: src: "./files/{{ item }}" dest: "/etc/postfix/{{ item }}" - mode: 0644 + mode: "0o644" loop: - main.cf - master.cf @@ -25,7 +25,7 @@ ansible.builtin.copy: src: "./files/{{ item }}" dest: "/etc/postfix/{{ item }}" - mode: 0644 + mode: "0o644" loop: - transport - virtual-regexp @@ -39,4 +39,4 @@ dest: /usr/local/bin/generate_email.sh owner: root group: root - mode: '0755' + mode: "0o755" diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml index 9ec0d78..f79b3f5 100644 --- a/roles/postgres/tasks/main.yml +++ b/roles/postgres/tasks/main.yml @@ -11,7 +11,7 @@ owner: postgres group: postgres state: directory - mode: 0700 + mode: "0o700" - name: Populate postgresql directory ansible.builtin.command: @@ -25,14 +25,14 @@ ansible.builtin.copy: src: "files/pg_hba.conf" dest: "/etc/postgresql/{{ postgres_pg_version }}/main/pg_hba.conf" - mode: "0640" + mode: "0o640" notify: Restart postgres - name: Put main configuration files ansible.builtin.template: src: "postgresql.conf.j2" dest: "/etc/postgresql/{{ postgres_pg_version }}/main/postgresql.conf" - mode: "0644" + mode: "0o644" - name: Create backup dir ansible.builtin.file: @@ -40,7 +40,7 @@ owner: postgres group: postgres state: directory - mode: 0755 + mode: "0o755" - name: Cron backup script ansible.builtin.cron: diff --git a/roles/postgrey/tasks/main.yml b/roles/postgrey/tasks/main.yml index 2ebace6..85019d5 100644 --- a/roles/postgrey/tasks/main.yml +++ b/roles/postgrey/tasks/main.yml @@ -9,6 +9,6 @@ ansible.builtin.copy: src: files/postgrey dest: /etc/default/postgrey - mode: 0644 + mode: "0o644" notify: - Restart postgrey diff --git a/roles/restic/tasks/install.yml b/roles/restic/tasks/install.yml index 2822adc..701384a 100644 --- a/roles/restic/tasks/install.yml +++ b/roles/restic/tasks/install.yml @@ -4,7 +4,7 @@ ansible.builtin.get_url: url: "{{ restic_download_url }}" dest: "/tmp" - mode: 0644 + mode: "0o644" - name: Uncompress restic ansible.builtin.shell: @@ -14,6 +14,6 @@ - name: Check restic exe ansible.builtin.file: path: "{{ restic_path }}" - mode: 0755 + mode: "0o755" owner: root group: "{{ restic_exe_group }}" diff --git a/roles/restic/tasks/main.yml b/roles/restic/tasks/main.yml index 80d079a..254791f 100644 --- a/roles/restic/tasks/main.yml +++ b/roles/restic/tasks/main.yml @@ -9,7 +9,7 @@ dest: "{{ restic_script_path }}" owner: root group: "{{ restic_exe_group }}" - mode: '0750' + mode: "0o750" - name: Cron backup script ansible.builtin.cron: diff --git a/roles/rsyslog/tasks/main.yml b/roles/rsyslog/tasks/main.yml index f5da70c..52dbfc6 100644 --- a/roles/rsyslog/tasks/main.yml +++ b/roles/rsyslog/tasks/main.yml @@ -9,7 +9,7 @@ ansible.builtin.copy: src: files/sys.conf dest: /etc/rsyslog.d/sys.conf - mode: 0644 + mode: "0o644" notify: Restart rsyslog when: "'rsyslogservers' in group_names" @@ -17,7 +17,7 @@ ansible.builtin.copy: src: files/remote.conf dest: /etc/rsyslog.d/remote.conf - mode: 0644 + mode: "0o644" notify: Restart rsyslog - name: Insert hosts into /etc/hosts diff --git a/roles/smtprelay/tasks/main.yml b/roles/smtprelay/tasks/main.yml index 9b10979..452e90c 100644 --- a/roles/smtprelay/tasks/main.yml +++ b/roles/smtprelay/tasks/main.yml @@ -20,7 +20,7 @@ ansible.builtin.template: src: sasl_passwd.j2 dest: /etc/postfix/sasl_passwd - mode: 0640 + mode: "0o640" notify: - Postmap sasl_passwd - Restart postfix @@ -29,5 +29,5 @@ ansible.builtin.template: src: main.cf.j2 dest: /etc/postfix/main.cf - mode: 0644 + mode: "0o644" notify: Restart postfix diff --git a/roles/smtprelay/tasks/smtp_remap.yml b/roles/smtprelay/tasks/smtp_remap.yml index 871a114..af7929d 100644 --- a/roles/smtprelay/tasks/smtp_remap.yml +++ b/roles/smtprelay/tasks/smtp_remap.yml @@ -3,7 +3,7 @@ - name: Create recipient/destination map ansible.builtin.copy: dest: "{{ item.destination }}" - mode: 0644 + mode: "0o644" content: | {{ item.content }} loop: diff --git a/roles/smtprelay/tasks/stunnel.yml b/roles/smtprelay/tasks/stunnel.yml index 33c888b..226ead6 100644 --- a/roles/smtprelay/tasks/stunnel.yml +++ b/roles/smtprelay/tasks/stunnel.yml @@ -9,7 +9,7 @@ ansible.builtin.template: src: smtp-wrapper.conf.j2 dest: /etc/stunnel/smtp-wrapper.conf - mode: 0644 + mode: "0o644" notify: Restart stunnel4 - name: Ensure stunnel is enabled and running diff --git a/roles/spamassassin/tasks/main.yml b/roles/spamassassin/tasks/main.yml index 1bc50a1..99a3bf5 100644 --- a/roles/spamassassin/tasks/main.yml +++ b/roles/spamassassin/tasks/main.yml @@ -14,7 +14,7 @@ ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" - mode: 0644 + mode: "0o644" loop: - {src: "./files/local.cf", dest: "/etc/spamassassin/local.cf"} - {src: "./files/spamassassin", dest: "/etc/default/spamassassin"} diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml index daea5e8..0fbf5bf 100644 --- a/roles/system/tasks/main.yml +++ b/roles/system/tasks/main.yml @@ -64,7 +64,7 @@ ansible.builtin.copy: src: files/dotbashrc dest: /root/.bashrc - mode: 0644 + mode: "0o644" owner: root group: root @@ -72,7 +72,7 @@ ansible.builtin.copy: src: files/vim/ dest: /root/.vim - mode: 0755 + mode: "0o755" owner: root group: root @@ -82,7 +82,7 @@ ansible.builtin.template: src: sshd_config.j2 dest: /etc/ssh/sshd_config - mode: 0644 + mode: "0o644" notify: - Restart sshd @@ -102,4 +102,4 @@ ansible.builtin.copy: src: files/5-install dest: /etc/cron-apt/action.d/5-install - mode: 0644 + mode: "0o644" diff --git a/roles/usb/tasks/main.yml b/roles/usb/tasks/main.yml index c0ba35f..b71f293 100644 --- a/roles/usb/tasks/main.yml +++ b/roles/usb/tasks/main.yml @@ -4,5 +4,5 @@ ansible.builtin.copy: src: files/50-usb.rules dest: /etc/udev/rules.d/50-usb.rules - mode: 0644 + mode: "0o644" notify: Reload udev diff --git a/roles/webapps/tasks/oolatoocs.yml b/roles/webapps/tasks/oolatoocs.yml index 17f3cae..ed614b0 100644 --- a/roles/webapps/tasks/oolatoocs.yml +++ b/roles/webapps/tasks/oolatoocs.yml @@ -6,7 +6,7 @@ state: directory owner: www-data group: www-data - mode: 0755 + mode: "0o755" - name: Download oolatoocs exec ansible.builtin.get_url: @@ -14,7 +14,7 @@ dest: "{{ webapps_oolatoocs_local_bin_path }}" owner: root group: root - mode: 0755 + mode: "0o755" - name: Put conf file ansible.builtin.template: @@ -22,7 +22,7 @@ dest: /usr/local/etc/oolatoocs.toml owner: www-data group: www-data - mode: 0640 + mode: "0o640" - name: Init oolatoocs DB ansible.builtin.command: diff --git a/roles/webapps/tasks/ttrss.yml b/roles/webapps/tasks/ttrss.yml index d9c2007..218aaf4 100644 --- a/roles/webapps/tasks/ttrss.yml +++ b/roles/webapps/tasks/ttrss.yml @@ -9,7 +9,7 @@ ansible.builtin.copy: src: files/ttrss_backend.service dest: /etc/systemd/system/ttrss_backend.service - mode: 0644 + mode: "0o644" - name: Enable and start service ttrss_backend ansible.builtin.service: diff --git a/roles/webapps/tasks/wp_dojo.yml b/roles/webapps/tasks/wp_dojo.yml index 1c9b6ee..06b8ca1 100644 --- a/roles/webapps/tasks/wp_dojo.yml +++ b/roles/webapps/tasks/wp_dojo.yml @@ -4,7 +4,7 @@ ansible.builtin.copy: src: files/fastcgi_cache.conf dest: /etc/nginx/conf.d/fastcgi_cache.conf - mode: 0644 + mode: "0o644" notify: - Restart nginx diff --git a/roles/xmpp/tasks/main.yml b/roles/xmpp/tasks/main.yml index 1a35c81..ab4f859 100644 --- a/roles/xmpp/tasks/main.yml +++ b/roles/xmpp/tasks/main.yml @@ -18,13 +18,13 @@ path: /etc/prosody/certs/dh-2048.pem owner: root group: prosody - mode: '0640' + mode: "0o640" - name: Put prosody configuration file ansible.builtin.copy: src: ./files/prosody.cfg.lua dest: /etc/prosody/prosody.cfg.lua - mode: 0640 + mode: "0o640" owner: root group: prosody notify: diff --git a/roles/yarn/tasks/main.yml b/roles/yarn/tasks/main.yml index 6db3d2b..61e2180 100644 --- a/roles/yarn/tasks/main.yml +++ b/roles/yarn/tasks/main.yml @@ -4,7 +4,7 @@ ansible.builtin.get_url: url: "{{ yarn_key_url }}" dest: /tmp/yarn.gpg.key - mode: 0644 + mode: "0o644" force: true - name: Dearmor gpg key @@ -16,7 +16,7 @@ ansible.builtin.copy: content: "deb [signed-by={{ yarn_key_path }}] https://dl.yarnpkg.com/debian stable main" dest: /etc/apt/sources.list.d/yarn.list - mode: 0644 + mode: "0o644" - name: Install yarn ansible.builtin.apt: