M roles/alertmanager/tasks/main.yml => roles/alertmanager/tasks/main.yml +6 -6
@@ 16,7 16,7 @@
dest: "/etc/alertmanager/{{ item }}"
owner: alertmanager
group: alertmanager
- mode: 0600
+ mode: "0600"
with_items:
- alertmanager.yml
- web-config.yml
@@ 28,7 28,7 @@
dest: /etc/conf.d/alertmanager
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart alertmanager
- name: Start and enable
@@ 48,7 48,7 @@
state: directory
owner: ntfy-alertmanager
group: ntfy-alertmanager
- mode: 0700
+ mode: "0700"
- name: Configure ntfy-alertmanager
ansible.builtin.template:
@@ 56,7 56,7 @@
dest: /etc/ntfy-alertmanager/config
owner: ntfy-alertmanager
group: ntfy-alertmanager
- mode: 0600
+ mode: "0600"
notify: Restart ntfy-alertmanager
- name: Start and enable ntfy-alertmanager
@@ 71,7 71,7 @@
dest: /etc/nginx/nginx.d/alertmanager.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Install ntfy-alertmanager nginx config
@@ 80,5 80,5 @@
dest: /etc/nginx/nginx.d/ntfy-alertmanager.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/borg/tasks/main.yml => roles/borg/tasks/main.yml +12 -12
@@ 15,7 15,7 @@
state: directory
owner: root
group: root
- mode: 0700
+ mode: "0700"
- name: Install SSH key
ansible.builtin.copy:
@@ 23,7 23,7 @@
dest: /root/.ssh/id_rsa
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Create secrets path
ansible.builtin.file:
@@ 31,7 31,7 @@
state: directory
owner: root
group: root
- mode: 0700
+ mode: "0700"
- name: Install borg passphrase
ansible.builtin.copy:
@@ 39,7 39,7 @@
dest: /etc/.secrets/borg.pass
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Create borg key path
ansible.builtin.file:
@@ 47,7 47,7 @@
state: directory
owner: root
group: root
- mode: 0700
+ mode: "0700"
- name: Install borg key
ansible.builtin.copy:
@@ 55,7 55,7 @@
dest: /root/.config/borg/keys/borg.key
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Install backup service
ansible.builtin.copy:
@@ 63,7 63,7 @@
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- borg-backup.service
- borg-backup.timer
@@ 85,7 85,7 @@
dest: /usr/local/bin/borg-backup.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install mailcow backup script
ansible.builtin.copy:
@@ 93,7 93,7 @@
dest: /usr/local/bin/backup-mailcow.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
when: inventory_hostname == "xenrox.net"
- name: Install postgresql backup script
@@ 102,7 102,7 @@
dest: /usr/local/bin/backup-postgresql.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
when: "'postgresql' in ansible_facts.packages"
- name: Install sqlite backup script
@@ 111,7 111,7 @@
dest: /usr/local/bin/backup-sqlite.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
when: "'sqlite' in ansible_facts.packages"
- name: Install docker backup script
@@ 120,5 120,5 @@
dest: /usr/local/bin/backup-docker.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
when: docker_services is defined and docker_services is iterable
M roles/certbot/tasks/main.yml => roles/certbot/tasks/main.yml +6 -6
@@ 14,7 14,7 @@
state: directory
owner: root
group: root
- mode: 0700
+ mode: "0700"
- name: Install Hetzner API key
ansible.builtin.template:
@@ 22,7 22,7 @@
dest: /etc/.secrets/hetzner.ini
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Request certificate
ansible.builtin.command:
@@ 36,7 36,7 @@
dest: /etc/systemd/system/{{ item }}
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- certbot-renewal.service
- certbot-renewal.timer
@@ 54,7 54,7 @@
dest: /etc/letsencrypt/hook.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Create hook dir
ansible.builtin.file:
@@ 62,7 62,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install ntfy hook
ansible.builtin.copy:
@@ 70,4 70,4 @@
dest: /etc/letsencrypt/hook.d/ntfy
owner: root
group: root
- mode: 0755
+ mode: "0755"
M roles/coturn/tasks/main.yml => roles/coturn/tasks/main.yml +3 -3
@@ 13,7 13,7 @@
dest: /etc/turnserver/turnserver.conf
owner: turnserver
group: turnserver
- mode: 0600
+ mode: "0600"
notify: Restart coturn
- name: Copy certificate
@@ 23,7 23,7 @@
remote_src: true
owner: turnserver
group: turnserver
- mode: 0400
+ mode: "0400"
with_items:
- fullchain.pem
- privkey.pem
@@ 43,7 43,7 @@
dest: /etc/letsencrypt/hook.d/coturn
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Firewalld allow
ansible.posix.firewalld:
M roles/croc/tasks/main.yml => roles/croc/tasks/main.yml +3 -3
@@ 18,7 18,7 @@
state: directory
owner: "{{ primary_user }}"
group: "{{ primary_user }}"
- mode: 0700
+ mode: "0700"
- name: Configure croc send
ansible.builtin.template:
@@ 26,7 26,7 @@
dest: "/home/{{ primary_user }}/.config/croc/send.json"
owner: "{{ primary_user }}"
group: "{{ primary_user }}"
- mode: 0600
+ mode: "0600"
- name: Configure croc receive
ansible.builtin.template:
@@ 34,4 34,4 @@
dest: "/home/{{ primary_user }}/.config/croc/receive.json"
owner: "{{ primary_user }}"
group: "{{ primary_user }}"
- mode: 0600
+ mode: "0600"
M roles/croc/tasks/relay.yml => roles/croc/tasks/relay.yml +3 -3
@@ 5,7 5,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install systemd unit override file
ansible.builtin.template:
@@ 13,7 13,7 @@
dest: /etc/systemd/system/croc.service.d/override.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Start and enable croc
ansible.builtin.systemd:
@@ 28,7 28,7 @@
dest: /etc/firewalld/services
owner: root
group: root
- mode: 0644
+ mode: "0644"
register: croc_service
- name: Reload firewalld
M roles/ejabberd/tasks/main.yml => roles/ejabberd/tasks/main.yml +7 -7
@@ 33,7 33,7 @@
dest: /tmp/pg.sql
owner: root
group: root
- mode: 0644
+ mode: "0644"
when: ejabberd_db.changed
- name: Import db schema
@@ 54,7 54,7 @@
dest: /etc/ejabberd/ejabberd.yml
owner: jabber
group: jabber
- mode: 0600
+ mode: "0600"
notify: Restart ejabberd
- name: Copy certificate
@@ 64,7 64,7 @@
remote_src: true
owner: jabber
group: jabber
- mode: 0400
+ mode: "0400"
with_items:
- fullchain.pem
- privkey.pem
@@ 91,7 91,7 @@
state: directory
owner: jabber
group: jabber
- mode: 0755
+ mode: "0755"
- name: Create well-known dir
ansible.builtin.file:
@@ 99,7 99,7 @@
state: directory
owner: http
group: http
- mode: 0755
+ mode: "0755"
- name: Copy host-meta
ansible.builtin.copy:
@@ 107,7 107,7 @@
dest: "/etc/nginx/html/.well-known/{{ item }}"
owner: http
group: http
- mode: 0644
+ mode: "0644"
with_items:
- host-meta
- host-meta.json
@@ 152,4 152,4 @@
dest: /etc/letsencrypt/hook.d/ejabberd
owner: root
group: root
- mode: 0755
+ mode: "0755"
M roles/faceit/tasks/main.yml => roles/faceit/tasks/main.yml +3 -3
@@ 9,7 9,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Configure
ansible.builtin.template:
@@ 17,7 17,7 @@
dest: /opt/faceit/docker-compose.yml
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Start service
community.docker.docker_compose:
@@ 30,5 30,5 @@
dest: /etc/nginx/nginx.d/faceit.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/fail2ban/tasks/main.yml => roles/fail2ban/tasks/main.yml +2 -2
@@ 10,7 10,7 @@
dest: /etc/fail2ban/jail.local
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart fail2ban
- name: Install sshd.jail
@@ 19,7 19,7 @@
dest: /etc/fail2ban/jail.d/sshd.local
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart fail2ban
- name: Start and enable fail2ban
M roles/firewalld/tasks/main.yml => roles/firewalld/tasks/main.yml +1 -1
@@ 10,7 10,7 @@
dest: /etc/firewalld/firewalld.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
when: "'archlinux' in group_names"
notify: Restart firewalld
M roles/gamja/tasks/main.yml => roles/gamja/tasks/main.yml +2 -2
@@ 10,7 10,7 @@
dest: /usr/share/webapps/gamja/config.json
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Copy nginx conf
ansible.builtin.copy:
@@ 18,5 18,5 @@
dest: /etc/nginx/nginx.d/gamja.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/grafana/tasks/main.yml => roles/grafana/tasks/main.yml +6 -6
@@ 15,7 15,7 @@
dest: /etc/grafana.ini
owner: grafana
group: grafana
- mode: 0600
+ mode: "0600"
notify: Restart grafana
- name: Create provisioning directories
@@ 24,7 24,7 @@
path: "{{ item }}"
owner: grafana
group: grafana
- mode: 0700
+ mode: "0700"
with_items:
- /etc/grafana/provisioning
- /etc/grafana/provisioning/dashboards
@@ 37,7 37,7 @@
dest: /etc/grafana/provisioning/datasources/datasources.yml
owner: grafana
group: grafana
- mode: 0600
+ mode: "0600"
notify: Restart grafana
- name: Configure dashboard provisioning
@@ 46,7 46,7 @@
dest: /etc/grafana/provisioning/dashboards/dashboard.yml
owner: grafana
group: grafana
- mode: 0600
+ mode: "0600"
notify: Restart grafana
- name: Install dashboard
@@ 55,7 55,7 @@
dest: /var/lib/grafana/dashboards
owner: grafana
group: grafana
- mode: 0600
+ mode: "0600"
- name: Start and enable
ansible.builtin.systemd:
@@ 69,5 69,5 @@
dest: /etc/nginx/nginx.d/grafana.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/hedgedoc/tasks/main.yml => roles/hedgedoc/tasks/main.yml +2 -2
@@ 29,7 29,7 @@
dest: /etc/webapps/hedgedoc/config.json
owner: hedgedoc
group: hedgedoc
- mode: 0600
+ mode: "0600"
notify: Restart hedgedoc
- name: Start and enable
@@ 44,5 44,5 @@
dest: /etc/nginx/nginx.d/hedgedoc.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/homepage/tasks/main.yml => roles/homepage/tasks/main.yml +3 -3
@@ 5,7 5,7 @@
dest: /etc/nginx/nginx.d/homepage.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Create homepage dir
@@ 14,7 14,7 @@
path: /usr/share/webapps/homepage
owner: deploy
group: deploy
- mode: 0755
+ mode: "0755"
- name: Create repo dir
ansible.builtin.file:
@@ 22,7 22,7 @@
path: /usr/share/webapps/repo
owner: xenrox
group: xenrox
- mode: 0755
+ mode: "0755"
- name: Add deploy user to http group
ansible.builtin.user:
M roles/install_archlinux/tasks/main.yml => roles/install_archlinux/tasks/main.yml +10 -10
@@ 32,7 32,7 @@
state: touch
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Download bootstrap image
ansible.builtin.get_url:
@@ 41,7 41,7 @@
dest: /tmp/
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Extract bootstap image
ansible.builtin.unarchive:
@@ 55,7 55,7 @@
dest: /tmp/root.x86_64/etc/resolv.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
remote_src: true
- name: Mount /proc to bootstrap
@@ 84,7 84,7 @@
dest: /tmp/root.x86_64/etc/pacman.d/mirrorlist
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Initialize pacman keyring
ansible.builtin.command: chroot /tmp/root.x86_64 pacman-key --init
@@ 132,7 132,7 @@
line: "en_US.UTF-8 UTF-8"
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Generate locale
ansible.builtin.command: chroot /mnt locale-gen
@@ 155,14 155,14 @@
dest: /mnt/etc/systemd/network/10-wired.network
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Set grub mount options
ansible.builtin.lineinfile:
path: /mnt/etc/default/grub
owner: root
group: root
- mode: 0644
+ mode: "0644"
regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
line: 'GRUB_CMDLINE_LINUX_DEFAULT="rootflags=compress-force=zstd"'
@@ 192,7 192,7 @@
force: true
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Create root ssh folder
ansible.builtin.file:
@@ 200,7 200,7 @@
state: directory
owner: root
group: root
- mode: 0700
+ mode: "0700"
- name: Copy public key for root
ansible.builtin.copy:
@@ 208,7 208,7 @@
dest: /mnt/root/.ssh/authorized_keys
owner: root
group: root
- mode: 0600
+ mode: "0600"
remote_src: true
- name: Remove LOCK
M roles/keycloak/tasks/main.yml => roles/keycloak/tasks/main.yml +2 -2
@@ 35,7 35,7 @@
dest: /etc/keycloak/keycloak.conf
owner: root
group: keycloak
- mode: 0640
+ mode: "0640"
notify: Restart keycloak
- name: Start and enable
@@ 50,5 50,5 @@
dest: /etc/nginx/nginx.d/keycloak.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/mailcow/tasks/main.yml => roles/mailcow/tasks/main.yml +5 -5
@@ 9,7 9,7 @@
dest: /etc/nginx/nginx.d/mailcow.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Install cert renewal hook
@@ 18,7 18,7 @@
dest: /etc/letsencrypt/hook.d/mailcow
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install TLSA update script
ansible.builtin.template:
@@ 26,7 26,7 @@
dest: /etc/.secrets/update_tlsa.py
owner: root
group: root
- mode: 0700
+ mode: "0700"
- name: Install TLSA script python modules
community.general.pacman:
@@ 39,7 39,7 @@
dest: /usr/local/bin/mailcow_cleanup.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install cleanup service
ansible.builtin.copy:
@@ 47,7 47,7 @@
dest: /etc/systemd/system/{{ item }}
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- mailcow.service
- mailcow.timer
M roles/matrix/tasks/main.yml => roles/matrix/tasks/main.yml +5 -5
@@ 15,7 15,7 @@
dest: /etc/synapse/homeserver.yaml
owner: synapse
group: synapse
- mode: 0640
+ mode: "0640"
notify: Restart synapse
- name: Copy signing key
@@ 24,7 24,7 @@
dest: /etc/synapse/xenrox.net.signing.key
owner: synapse
group: synapse
- mode: 0640
+ mode: "0640"
- name: Create db user
community.general.postgresql_user:
@@ 56,7 56,7 @@
dest: /etc/nginx/nginx.d/matrix.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Setup whatsapp bridge
@@ 71,7 71,7 @@
dest: /etc/mautrix-whatsapp/mautrix-whatsapp.yaml
owner: mautrix-whatsapp
group: mautrix-whatsapp
- mode: 0640
+ mode: "0640"
notify: Restart mautrix-whatsapp
- name: Configure whatsapp registration
@@ 80,7 80,7 @@
dest: /etc/synapse/appservice-registration-whatsapp.yaml
owner: synapse
group: synapse
- mode: 0640
+ mode: "0640"
notify: Restart synapse
- name: Create whatsapp db user
M roles/minio/tasks/main.yml => roles/minio/tasks/main.yml +3 -3
@@ 14,7 14,7 @@
state: directory
owner: minio
group: minio
- mode: 0700
+ mode: "0700"
- name: Configure minio
ansible.builtin.template:
@@ 22,7 22,7 @@
dest: /etc/minio/minio.conf
owner: minio
group: minio
- mode: 0600
+ mode: "0600"
notify:
- Restart minio
@@ 38,5 38,5 @@
dest: /etc/nginx/nginx.d/minio.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/minio_client/tasks/main.yml => roles/minio_client/tasks/main.yml +3 -3
@@ 14,7 14,7 @@
dest: "/home/{{ primary_user }}/.s3cfg"
owner: "{{ primary_user }}"
group: "{{ primary_user }}"
- mode: 0600
+ mode: "0600"
- name: Create mcli config path
ansible.builtin.file:
@@ 22,7 22,7 @@
state: directory
owner: "{{ primary_user }}"
group: "{{ primary_user }}"
- mode: 0700
+ mode: "0700"
- name: Configure mcli
ansible.builtin.template:
@@ 30,4 30,4 @@
dest: "/home/{{ primary_user }}/.mcli/config.json"
owner: "{{ primary_user }}"
group: "{{ primary_user }}"
- mode: 0600
+ mode: "0600"
M roles/minio_mirror/tasks/main.yml => roles/minio_mirror/tasks/main.yml +2 -2
@@ 5,7 5,7 @@
state: directory
owner: "{{ primary_user }}"
group: "{{ primary_user }}"
- mode: 0700
+ mode: "0700"
- name: Install service
ansible.builtin.template:
@@ 13,7 13,7 @@
dest: /etc/systemd/system/minio-mirror.service
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Start and enable
ansible.builtin.systemd:
M roles/mumble_server/tasks/main.yml => roles/mumble_server/tasks/main.yml +3 -3
@@ 15,7 15,7 @@
dest: /etc/mumble/mumble-server.ini
owner: root
group: _mumble-server
- mode: 0640
+ mode: "0640"
notify: Restart mumble-server
- name: Copy certificate
@@ 25,7 25,7 @@
remote_src: true
owner: _mumble-server
group: _mumble-server
- mode: 0400
+ mode: "0400"
with_items:
- fullchain.pem
- privkey.pem
@@ 50,4 50,4 @@
dest: /etc/letsencrypt/hook.d/mumble-server
owner: root
group: root
- mode: 0755
+ mode: "0755"
M roles/navidrome/tasks/main.yml => roles/navidrome/tasks/main.yml +3 -3
@@ 14,7 14,7 @@
state: directory
owner: xenrox
group: xenrox
- mode: 0755
+ mode: "0755"
- name: Configure
ansible.builtin.template:
@@ 22,7 22,7 @@
dest: /etc/navidrome/navidrome.toml
owner: navidrome
group: navidrome
- mode: 0600
+ mode: "0600"
notify: Restart navidrome
- name: Start and enable
@@ 37,5 37,5 @@
dest: /etc/nginx/nginx.d/navidrome.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/nextcloud/tasks/main.yml => roles/nextcloud/tasks/main.yml +5 -5
@@ 32,7 32,7 @@
src: config.php.j2
dest: /etc/webapps/nextcloud/config/config.php.pacnew
owner: nextcloud
- mode: 0640
+ mode: "0640"
changed_when: false
- name: Configure uwsgi
@@ 41,7 41,7 @@
dest: /etc/uwsgi/nextcloud.ini
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart uwsgi nextcloud
- name: Add nextcloud user to http group
@@ 63,7 63,7 @@
dest: /etc/uwsgi/cron-php.ini
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Copy nginx conf
ansible.builtin.copy:
@@ 71,7 71,7 @@
dest: /etc/nginx/nginx.d/nextcloud.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Copy upgrade hook
@@ 80,4 80,4 @@
dest: /etc/pacman.d/hooks/nextcloud.hook
owner: root
group: root
- mode: 0644
+ mode: "0644"
M roles/nginx/tasks/main.yml => roles/nginx/tasks/main.yml +7 -7
@@ 10,7 10,7 @@
dest: /etc/nginx/nginx.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Create snippets dir
@@ 19,7 19,7 @@
path: /etc/nginx/snippets
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Copy snippets
ansible.builtin.copy:
@@ 27,7 27,7 @@
dest: /etc/nginx/snippets
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_fileglob: files/snippets/*
notify: Restart nginx
@@ 37,7 37,7 @@
dest: "/etc/nginx/snippets/{{ item }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- internal_access.conf
notify: Restart nginx
@@ 48,7 48,7 @@
path: /etc/nginx/nginx.d
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Create htpasswd directory
ansible.builtin.file:
@@ 56,7 56,7 @@
path: /etc/nginx/htpasswd
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Create DH group
# NOTE: Remove when upgrading to modern SSL config
@@ 84,4 84,4 @@
dest: /etc/letsencrypt/hook.d/nginx
owner: root
group: root
- mode: 0755
+ mode: "0755"
M roles/ntfy_client/tasks/main.yml => roles/ntfy_client/tasks/main.yml +1 -1
@@ 9,4 9,4 @@
dest: /usr/local/bin/curl-ntfy
owner: root
group: root
- mode: 0755
+ mode: "0755"
M roles/ntfy_server/tasks/main.yml => roles/ntfy_server/tasks/main.yml +4 -4
@@ 14,7 14,7 @@
dest: /etc/ntfy/server.yml
owner: ntfy
group: ntfy
- mode: 0600
+ mode: "0600"
notify: Restart ntfy
- name: Create cache/db and files directory
@@ 23,7 23,7 @@
state: directory
owner: ntfy
group: ntfy
- mode: 0700
+ mode: "0700"
with_items:
- /var/lib/ntfy
- /var/lib/ntfy/files
@@ 41,9 41,9 @@
dest: /etc/nginx/nginx.d/ntfy.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
-- name: Make UnifiedPush topics world-writeable
+- name: Make UnifiedPush topics world-writeable # noqa no-changed-when
ansible.builtin.command: ntfy access everyone 'up*' write-only
when: ntfy_status.changed
M roles/pacman/tasks/main.yml => roles/pacman/tasks/main.yml +5 -5
@@ 9,7 9,7 @@
dest: /etc/pacman.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Import sourcehut key
community.general.pacman_key:
@@ 34,7 34,7 @@
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- paccache.service
- paccache.timer
@@ 52,7 52,7 @@
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- reflector.service
- reflector.timer
@@ 70,7 70,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install hooks
ansible.builtin.copy:
@@ 78,7 78,7 @@
dest: "/etc/pacman.d/hooks/{{ item }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- arch-audit.hook
- mirrorlist.hook
M roles/peertube/tasks/main.yml => roles/peertube/tasks/main.yml +6 -6
@@ 36,7 36,7 @@
dest: /etc/peertube/production.yaml
owner: peertube
group: peertube
- mode: 0600
+ mode: "0600"
notify: Restart peertube
- name: Fix folder permissions # TODO: Bug in aur package
@@ 45,7 45,7 @@
state: directory
owner: peertube
group: peertube
- mode: 0755
+ mode: "0755"
- name: Create systemd override path
ansible.builtin.file:
@@ 53,7 53,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install systemd override file
ansible.builtin.copy:
@@ 61,7 61,7 @@
dest: /etc/systemd/system/peertube.service.d/override.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Start and enable
ansible.builtin.systemd:
@@ 76,7 76,7 @@
dest: /etc/nginx/nginx.d/peertube.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Copy firewalld RTMP service
@@ 85,7 85,7 @@
dest: /etc/firewalld/services
owner: root
group: root
- mode: 0644
+ mode: "0644"
register: rtmp_service
- name: Reload firewalld
M roles/pgbouncer/tasks/main.yml => roles/pgbouncer/tasks/main.yml +4 -4
@@ 14,7 14,7 @@
dest: /etc/pgbouncer/pgbouncer.ini
owner: pgbouncer
group: pgbouncer
- mode: 0600
+ mode: "0600"
notify: Restart pgbouncer
- name: Configure userlist.txt
@@ 23,7 23,7 @@
dest: /etc/pgbouncer/userlist.txt
owner: pgbouncer
group: pgbouncer
- mode: 0600
+ mode: "0600"
notify: Restart pgbouncer
- name: Copy certificate
@@ 33,7 33,7 @@
remote_src: true
owner: pgbouncer
group: pgbouncer
- mode: 0400
+ mode: "0400"
with_items:
- fullchain.pem
- privkey.pem
@@ 44,7 44,7 @@
dest: /etc/letsencrypt/hook.d/pgbouncer
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Start and enable
ansible.builtin.systemd:
M roles/pihole/tasks/main.yml => roles/pihole/tasks/main.yml +2 -2
@@ 9,7 9,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Configure
ansible.builtin.template:
@@ 17,7 17,7 @@
dest: /opt/pihole/docker-compose.yml
owner: root
group: root
- mode: 0600
+ mode: "0600"
notify: Print further instructions
- name: Stop and disable systemd-resolved
M roles/postgres/tasks/main.yml => roles/postgres/tasks/main.yml +5 -5
@@ 16,7 16,7 @@
group: postgres
attributes: "+C"
path: /var/lib/postgres/data
- mode: 0700
+ mode: "0700"
- name: Initial configuration
become: true
@@ 32,7 32,7 @@
dest: /var/lib/postgres/data/postgresql.conf
owner: postgres
group: postgres
- mode: 0600
+ mode: "0600"
notify: Restart postgres
- name: Configure pg_hba.conf
@@ 41,7 41,7 @@
dest: /var/lib/postgres/data/pg_hba.conf
owner: postgres
group: postgres
- mode: 0600
+ mode: "0600"
notify: Restart postgres
- name: Copy certificate
@@ 51,7 51,7 @@
remote_src: true
owner: postgres
group: postgres
- mode: 0400
+ mode: "0400"
with_items:
- fullchain.pem
- privkey.pem
@@ 68,4 68,4 @@
dest: /etc/letsencrypt/hook.d/postgres
owner: root
group: root
- mode: 0755
+ mode: "0755"
M roles/prometheus/tasks/main.yml => roles/prometheus/tasks/main.yml +7 -7
@@ 20,7 20,7 @@
dest: /etc/prometheus/prometheus.yml
owner: root
group: prometheus
- mode: 0640
+ mode: "0640"
notify: Reload prometheus
- name: Install cli configuration
@@ 29,7 29,7 @@
dest: /etc/conf.d/prometheus
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart prometheus
- name: Configure rules
@@ 38,7 38,7 @@
dest: /etc/prometheus/
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_fileglob:
- files/rules/*
notify: Reload prometheus
@@ 56,7 56,7 @@
password: "{{ prometheus_secrets['pushgateway_pass'] }}"
owner: root
group: http
- mode: 0640
+ mode: "0640"
- name: Copy pushgateway nginx conf
ansible.builtin.copy:
@@ 64,7 64,7 @@
dest: /etc/nginx/nginx.d/push.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Install pushgateway service
@@ 73,7 73,7 @@
dest: /etc/systemd/system/pushgateway.service
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Create pushgateway data dir
ansible.builtin.file:
@@ 81,7 81,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Start and enable pushgateway
ansible.builtin.systemd:
M roles/prometheus_clients/tasks/main.yml => roles/prometheus_clients/tasks/main.yml +1 -1
@@ 9,7 9,7 @@
dest: /usr/local/bin/curl-pushgateway
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Include server playbook
ansible.builtin.include_tasks: server.yml
M roles/prometheus_clients/tasks/server.yml => roles/prometheus_clients/tasks/server.yml +4 -4
@@ 10,7 10,7 @@
state: directory
owner: node_exporter
group: node_exporter
- mode: 0755
+ mode: "0755"
- name: Configure node exporter
ansible.builtin.copy:
@@ 18,7 18,7 @@
dest: /etc/conf.d/prometheus-node-exporter
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart node exporter
- name: Install textfile script
@@ 27,7 27,7 @@
dest: /usr/local/bin/prometheus_arch.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Start and enable node exporter
ansible.builtin.systemd:
@@ 41,7 41,7 @@
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- prometheus-arch.service
- prometheus-arch.timer
M roles/sane/tasks/main.yml => roles/sane/tasks/main.yml +1 -1
@@ 10,7 10,7 @@
line: 192.168.1.1/24
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Start and enable
ansible.builtin.systemd:
M roles/sane_clients/tasks/main.yml => roles/sane_clients/tasks/main.yml +1 -1
@@ 5,4 5,4 @@
line: 192.168.1.26
owner: root
group: root
- mode: 0644
+ mode: "0644"
M roles/screego/tasks/main.yml => roles/screego/tasks/main.yml +5 -5
@@ 10,7 10,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Configure
ansible.builtin.template:
@@ 18,7 18,7 @@
dest: /opt/screego/docker-compose.yml
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Create users file
ansible.builtin.copy:
@@ 26,7 26,7 @@
content: "xenrox:{{ screego_secrets['xenrox_pass'] | password_hash('bcrypt', screego_secrets['xenrox_hash']) }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Start service
community.docker.docker_compose:
@@ 39,7 39,7 @@
dest: /etc/nginx/nginx.d/screego.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Copy firewalld service
@@ 48,7 48,7 @@
dest: /etc/firewalld/services
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Firewalld allow
ansible.posix.firewalld:
M roles/searx/tasks/main.yml => roles/searx/tasks/main.yml +3 -3
@@ 16,7 16,7 @@
line: disable-logging = true
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart searx
- name: Configure
@@ 25,7 25,7 @@
dest: /etc/searx/settings.yml
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart searx
- name: Start and enable
@@ 40,5 40,5 @@
dest: /etc/nginx/nginx.d/search.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/setup_archlinux/tasks/main.yml => roles/setup_archlinux/tasks/main.yml +3 -3
@@ 30,7 30,7 @@
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- reboot.service
- reboot.timer
@@ 48,7 48,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install journald override file
ansible.builtin.copy:
@@ 56,7 56,7 @@
dest: /etc/systemd/journald.conf.d/override.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Install logrotate
community.general.pacman:
M roles/sinusbot/handlers/main.yml => roles/sinusbot/handlers/main.yml +1 -1
@@ 11,7 11,7 @@
dest: /opt/sinusbot/scripts
owner: xenrox
group: xenrox
- mode: 0644
+ mode: "0644"
with_items: "{{ sinusbot_scripts.stdout_lines }}"
listen: Setup scripts
M roles/sinusbot/tasks/main.yml => roles/sinusbot/tasks/main.yml +3 -3
@@ 5,7 5,7 @@
state: directory
owner: xenrox
group: xenrox
- mode: 0755
+ mode: "0755"
- name: Get user information
ansible.builtin.getent:
@@ 18,7 18,7 @@
dest: /opt/sinusbot/docker-compose.yml
owner: xenrox
group: xenrox
- mode: 0600
+ mode: "0600"
- name: Start service
community.docker.docker_compose:
@@ 31,7 31,7 @@
dest: /etc/nginx/nginx.d/sinusbot.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Clone scripts
M roles/soju/tasks/main.yml => roles/soju/tasks/main.yml +3 -3
@@ 15,7 15,7 @@
remote_src: true
owner: soju
group: soju
- mode: 0400
+ mode: "0400"
with_items:
- fullchain.pem
- privkey.pem
@@ 26,7 26,7 @@
dest: /etc/soju/config
owner: soju
group: soju
- mode: 0600
+ mode: "0600"
notify: Restart soju
- name: Create db user
@@ 63,4 63,4 @@
dest: /etc/letsencrypt/hook.d/soju
owner: root
group: root
- mode: 0755
+ mode: "0755"
M roles/srht/tasks/main.yml => roles/srht/tasks/main.yml +17 -17
@@ 17,7 17,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Configure srht
ansible.builtin.template:
@@ 25,7 25,7 @@
dest: /etc/sr.ht/config.ini
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart srht
- name: Deposit GPG private key
@@ 34,7 34,7 @@
dest: /etc/sr.ht/sourcehut.priv
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Deposit GPG public key
ansible.builtin.template:
@@ 42,7 42,7 @@
dest: /etc/sr.ht/sourcehut.pub
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Create systemd unit override path for git
ansible.builtin.file:
@@ 50,7 50,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
with_items:
- git.sr.ht.service
- git.sr.ht-api.service
@@ 63,7 63,7 @@
dest: "/etc/systemd/system/{{ item }}.d/override.conf"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- git.sr.ht.service
- git.sr.ht-api.service
@@ 76,7 76,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install worker systemd unit override file
ansible.builtin.copy:
@@ 84,7 84,7 @@
dest: /etc/systemd/system/builds.sr.ht-worker.service.d/override.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Configure worker
ansible.builtin.template:
@@ 92,7 92,7 @@
dest: /etc/sr.ht/worker.ini
owner: root
group: root
- mode: 0644
+ mode: "0644"
vars:
worker_config: true
notify: Restart worker
@@ 192,7 192,7 @@
dest: /etc/nginx/nginx.d
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_fileglob:
- files/nginx/*
notify:
@@ 204,7 204,7 @@
dest: /etc/nginx/nginx.d/runner.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Copy nginx snippets
@@ 213,7 213,7 @@
dest: /etc/nginx/snippets
owner: root
group: root
- mode: 0755
+ mode: "0755"
with_items:
- graphql.conf
- srht.conf
@@ 227,7 227,7 @@
dest: /etc/sr.ht/image-refresh-token
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Setup image build files
ansible.builtin.git:
@@ 247,7 247,7 @@
state: directory
owner: buildsrht
group: buildsrht
- mode: 0775
+ mode: "0775"
with_items:
- /var/lib/images/archlinux
- /var/lib/images/alpine/edge
@@ 258,7 258,7 @@
state: directory
owner: runner
group: runner
- mode: 0755
+ mode: "0755"
- name: Create git repo dir
ansible.builtin.file:
@@ 266,7 266,7 @@
state: directory
owner: git
group: git
- mode: 0755
+ mode: "0755"
- name: Set git user shell
ansible.builtin.user:
@@ 278,7 278,7 @@
path: /var/log/{{ item }}
owner: gitsrht
group: gitsrht
- mode: 0666
+ mode: "0666"
with_items:
- gitsrht-dispatch
- gitsrht-keys
M roles/ssh/tasks/client.yml => roles/ssh/tasks/client.yml +1 -1
@@ 5,4 5,4 @@
dest: /etc/ssh/ssh_config
owner: root
group: root
- mode: 0644
+ mode: "0644"
M roles/ssh/tasks/main.yml => roles/ssh/tasks/main.yml +1 -1
@@ 16,4 16,4 @@
- name: Set file permissions
ansible.builtin.file:
path: /etc/ssh
- mode: 0755
+ mode: "0755"
M roles/ssh/tasks/server.yml => roles/ssh/tasks/server.yml +1 -1
@@ 5,7 5,7 @@
dest: /etc/ssh/sshd_config
owner: root
group: root
- mode: 0644
+ mode: "0644"
validate: /usr/sbin/sshd -t -f %s
notify: Restart sshd
M roles/teamspeak/tasks/main.yml => roles/teamspeak/tasks/main.yml +1 -1
@@ 16,7 16,7 @@
dest: /etc/firewalld/services/teamspeak.xml
owner: root
group: root
- mode: 0644
+ mode: "0644"
register: teamspeak_service
- name: Reload firewalld
M roles/uptime_kuma/tasks/main.yml => roles/uptime_kuma/tasks/main.yml +4 -4
@@ 5,7 5,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Configure
ansible.builtin.copy:
@@ 13,7 13,7 @@
dest: /opt/uptimekuma/docker-compose.yml
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Copy nginx conf
ansible.builtin.copy:
@@ 21,7 21,7 @@
dest: /etc/nginx/nginx.d/uptimekuma.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Install backup script
@@ 30,7 30,7 @@
dest: /opt/uptimekuma/backup.sh
owner: root
group: root
- mode: 0700
+ mode: "0700"
- name: Start
community.docker.docker_compose:
M roles/urlwatch/tasks/main.yml => roles/urlwatch/tasks/main.yml +4 -4
@@ 14,7 14,7 @@
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
with_items:
- urlwatch.service
- urlwatch.timer
@@ 25,7 25,7 @@
state: directory
owner: xenrox
group: xenrox
- mode: 0700
+ mode: "0700"
- name: Configure
ansible.builtin.template:
@@ 33,7 33,7 @@
dest: /home/xenrox/.config/urlwatch/urlwatch.yaml
owner: xenrox
group: xenrox
- mode: 0600
+ mode: "0600"
notify: Restart urlwatch
- name: Set urls
@@ 42,7 42,7 @@
dest: /home/xenrox/.config/urlwatch/urls.yaml
owner: xenrox
group: xenrox
- mode: 0644
+ mode: "0644"
- name: Start and enable
ansible.builtin.systemd:
M roles/vault/tasks/main.yml => roles/vault/tasks/main.yml +3 -3
@@ 30,7 30,7 @@
dest: /tmp/vault_table.sql
owner: root
group: root
- mode: 0644
+ mode: "0644"
when: vault_db.changed
- name: Import DB schema
@@ 50,7 50,7 @@
dest: /etc/vault.hcl
owner: vault
group: vault
- mode: 0600
+ mode: "0600"
notify: Restart vault
- name: Start and enable
@@ 65,5 65,5 @@
dest: /etc/nginx/nginx.d/vault.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
M roles/vaultwarden/tasks/main.yml => roles/vaultwarden/tasks/main.yml +4 -4
@@ 33,7 33,7 @@
dest: /etc/vaultwarden.env
owner: vaultwarden
group: vaultwarden
- mode: 0600
+ mode: "0600"
notify: Restart vaultwarden
- name: Start and enable
@@ 48,7 48,7 @@
dest: /etc/nginx/nginx.d/pass.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart nginx
- name: Install fail2ban filter
@@ 57,7 57,7 @@
dest: /etc/fail2ban/filter.d/vaultwarden.local
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart fail2ban
- name: Install fail2ban jail
@@ 66,5 66,5 @@
dest: /etc/fail2ban/jail.d/vaultwarden.local
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart fail2ban
M roles/wireguard/tasks/main.yml => roles/wireguard/tasks/main.yml +1 -1
@@ 10,7 10,7 @@
dest: "/etc/systemd/network/{{ item }}"
owner: root
group: systemd-network
- mode: 0640
+ mode: "0640"
with_items:
- wg0.netdev
- wg0.network
M roles/wireguard_desktop/tasks/main.yml => roles/wireguard_desktop/tasks/main.yml +2 -2
@@ 5,7 5,7 @@
dest: /etc/wireguard/wg-vpn.conf
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Configure wg-internal
ansible.builtin.template:
@@ 13,4 13,4 @@
dest: /etc/wireguard/wg-internal.conf
owner: root
group: root
- mode: 0600
+ mode: "0600"
M roles/wireguard_vpn_server/tasks/main.yml => roles/wireguard_vpn_server/tasks/main.yml +4 -4
@@ 10,7 10,7 @@
dest: "/etc/systemd/network/{{ item }}"
owner: root
group: systemd-network
- mode: 0640
+ mode: "0640"
with_items:
- wg1.netdev
- wg1.network
@@ 55,7 55,7 @@
dest: /etc/firewalld/services
owner: root
group: root
- mode: 0644
+ mode: "0644"
register: wireguard_vpn_service
- name: Reload firewalld
@@ 77,7 77,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Install resolved override file
ansible.builtin.copy:
@@ 85,7 85,7 @@
dest: /etc/systemd/resolved.conf.d/wireguard_dns.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Restart systemd-resolved
- name: Firewalld allow DNS
M roles/xenrox/tasks/main.yml => roles/xenrox/tasks/main.yml +1 -1
@@ 14,7 14,7 @@
dest: /etc/sudoers.d/override
owner: root
group: root
- mode: 0440
+ mode: "0440"
- name: Create user
ansible.builtin.user: