From 64e4f6d0b4f0be46a744f07193b58adfbccad23f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorben=20G=C3=BCnther?= Date: Mon, 20 Feb 2023 19:54:56 +0100 Subject: [PATCH] Fix ansible-lint failures with "mode" Forbidden implicit octal value ... --- roles/alertmanager/tasks/main.yml | 12 ++++---- roles/borg/tasks/main.yml | 24 ++++++++-------- roles/certbot/tasks/main.yml | 12 ++++---- roles/coturn/tasks/main.yml | 6 ++-- roles/croc/tasks/main.yml | 6 ++-- roles/croc/tasks/relay.yml | 6 ++-- roles/ejabberd/tasks/main.yml | 14 +++++----- roles/faceit/tasks/main.yml | 6 ++-- roles/fail2ban/tasks/main.yml | 4 +-- roles/firewalld/tasks/main.yml | 2 +- roles/gamja/tasks/main.yml | 4 +-- roles/grafana/tasks/main.yml | 12 ++++---- roles/hedgedoc/tasks/main.yml | 4 +-- roles/homepage/tasks/main.yml | 6 ++-- roles/install_archlinux/tasks/main.yml | 20 ++++++------- roles/keycloak/tasks/main.yml | 4 +-- roles/mailcow/tasks/main.yml | 10 +++---- roles/matrix/tasks/main.yml | 10 +++---- roles/minio/tasks/main.yml | 6 ++-- roles/minio_client/tasks/main.yml | 6 ++-- roles/minio_mirror/tasks/main.yml | 4 +-- roles/mumble_server/tasks/main.yml | 6 ++-- roles/navidrome/tasks/main.yml | 6 ++-- roles/nextcloud/tasks/main.yml | 10 +++---- roles/nginx/tasks/main.yml | 14 +++++----- roles/ntfy_client/tasks/main.yml | 2 +- roles/ntfy_server/tasks/main.yml | 8 +++--- roles/pacman/tasks/main.yml | 10 +++---- roles/peertube/tasks/main.yml | 12 ++++---- roles/pgbouncer/tasks/main.yml | 8 +++--- roles/pihole/tasks/main.yml | 4 +-- roles/postgres/tasks/main.yml | 10 +++---- roles/prometheus/tasks/main.yml | 14 +++++----- roles/prometheus_clients/tasks/main.yml | 2 +- roles/prometheus_clients/tasks/server.yml | 8 +++--- roles/sane/tasks/main.yml | 2 +- roles/sane_clients/tasks/main.yml | 2 +- roles/screego/tasks/main.yml | 10 +++---- roles/searx/tasks/main.yml | 6 ++-- roles/setup_archlinux/tasks/main.yml | 6 ++-- roles/sinusbot/handlers/main.yml | 2 +- roles/sinusbot/tasks/main.yml | 6 ++-- roles/soju/tasks/main.yml | 6 ++-- roles/srht/tasks/main.yml | 34 +++++++++++------------ roles/ssh/tasks/client.yml | 2 +- roles/ssh/tasks/main.yml | 2 +- roles/ssh/tasks/server.yml | 2 +- roles/teamspeak/tasks/main.yml | 2 +- roles/uptime_kuma/tasks/main.yml | 8 +++--- roles/urlwatch/tasks/main.yml | 8 +++--- roles/vault/tasks/main.yml | 6 ++-- roles/vaultwarden/tasks/main.yml | 8 +++--- roles/wireguard/tasks/main.yml | 2 +- roles/wireguard_desktop/tasks/main.yml | 4 +-- roles/wireguard_vpn_server/tasks/main.yml | 8 +++--- roles/xenrox/tasks/main.yml | 2 +- 56 files changed, 210 insertions(+), 210 deletions(-) diff --git a/roles/alertmanager/tasks/main.yml b/roles/alertmanager/tasks/main.yml index aabb4d7..2e82655 100644 --- a/roles/alertmanager/tasks/main.yml +++ b/roles/alertmanager/tasks/main.yml @@ -16,7 +16,7 @@ dest: "/etc/alertmanager/{{ item }}" owner: alertmanager group: alertmanager - mode: 0600 + mode: "0600" with_items: - alertmanager.yml - web-config.yml @@ -28,7 +28,7 @@ dest: /etc/conf.d/alertmanager owner: root group: root - mode: 0644 + mode: "0644" notify: Restart alertmanager - name: Start and enable @@ -48,7 +48,7 @@ state: directory owner: ntfy-alertmanager group: ntfy-alertmanager - mode: 0700 + mode: "0700" - name: Configure ntfy-alertmanager ansible.builtin.template: @@ -56,7 +56,7 @@ dest: /etc/ntfy-alertmanager/config owner: ntfy-alertmanager group: ntfy-alertmanager - mode: 0600 + mode: "0600" notify: Restart ntfy-alertmanager - name: Start and enable ntfy-alertmanager @@ -71,7 +71,7 @@ dest: /etc/nginx/nginx.d/alertmanager.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Install ntfy-alertmanager nginx config @@ -80,5 +80,5 @@ dest: /etc/nginx/nginx.d/ntfy-alertmanager.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/borg/tasks/main.yml b/roles/borg/tasks/main.yml index 980d67f..011cefd 100644 --- a/roles/borg/tasks/main.yml +++ b/roles/borg/tasks/main.yml @@ -15,7 +15,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Install SSH key ansible.builtin.copy: @@ -23,7 +23,7 @@ dest: /root/.ssh/id_rsa owner: root group: root - mode: 0600 + mode: "0600" - name: Create secrets path ansible.builtin.file: @@ -31,7 +31,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Install borg passphrase ansible.builtin.copy: @@ -39,7 +39,7 @@ dest: /etc/.secrets/borg.pass owner: root group: root - mode: 0600 + mode: "0600" - name: Create borg key path ansible.builtin.file: @@ -47,7 +47,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Install borg key ansible.builtin.copy: @@ -55,7 +55,7 @@ dest: /root/.config/borg/keys/borg.key owner: root group: root - mode: 0600 + mode: "0600" - name: Install backup service ansible.builtin.copy: @@ -63,7 +63,7 @@ dest: "/etc/systemd/system/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - borg-backup.service - borg-backup.timer @@ -85,7 +85,7 @@ dest: /usr/local/bin/borg-backup.sh owner: root group: root - mode: 0755 + mode: "0755" - name: Install mailcow backup script ansible.builtin.copy: @@ -93,7 +93,7 @@ dest: /usr/local/bin/backup-mailcow.sh owner: root group: root - mode: 0755 + mode: "0755" when: inventory_hostname == "xenrox.net" - name: Install postgresql backup script @@ -102,7 +102,7 @@ dest: /usr/local/bin/backup-postgresql.sh owner: root group: root - mode: 0755 + mode: "0755" when: "'postgresql' in ansible_facts.packages" - name: Install sqlite backup script @@ -111,7 +111,7 @@ dest: /usr/local/bin/backup-sqlite.sh owner: root group: root - mode: 0755 + mode: "0755" when: "'sqlite' in ansible_facts.packages" - name: Install docker backup script @@ -120,5 +120,5 @@ dest: /usr/local/bin/backup-docker.sh owner: root group: root - mode: 0755 + mode: "0755" when: docker_services is defined and docker_services is iterable diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 7373809..e9a188d 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -14,7 +14,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Install Hetzner API key ansible.builtin.template: @@ -22,7 +22,7 @@ dest: /etc/.secrets/hetzner.ini owner: root group: root - mode: 0600 + mode: "0600" - name: Request certificate ansible.builtin.command: @@ -36,7 +36,7 @@ dest: /etc/systemd/system/{{ item }} owner: root group: root - mode: 0644 + mode: "0644" with_items: - certbot-renewal.service - certbot-renewal.timer @@ -54,7 +54,7 @@ dest: /etc/letsencrypt/hook.sh owner: root group: root - mode: 0755 + mode: "0755" - name: Create hook dir ansible.builtin.file: @@ -62,7 +62,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Install ntfy hook ansible.builtin.copy: @@ -70,4 +70,4 @@ dest: /etc/letsencrypt/hook.d/ntfy owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/coturn/tasks/main.yml b/roles/coturn/tasks/main.yml index d7888eb..999b555 100644 --- a/roles/coturn/tasks/main.yml +++ b/roles/coturn/tasks/main.yml @@ -13,7 +13,7 @@ dest: /etc/turnserver/turnserver.conf owner: turnserver group: turnserver - mode: 0600 + mode: "0600" notify: Restart coturn - name: Copy certificate @@ -23,7 +23,7 @@ remote_src: true owner: turnserver group: turnserver - mode: 0400 + mode: "0400" with_items: - fullchain.pem - privkey.pem @@ -43,7 +43,7 @@ dest: /etc/letsencrypt/hook.d/coturn owner: root group: root - mode: 0755 + mode: "0755" - name: Firewalld allow ansible.posix.firewalld: diff --git a/roles/croc/tasks/main.yml b/roles/croc/tasks/main.yml index c46f6a1..ca1de0d 100644 --- a/roles/croc/tasks/main.yml +++ b/roles/croc/tasks/main.yml @@ -18,7 +18,7 @@ state: directory owner: "{{ primary_user }}" group: "{{ primary_user }}" - mode: 0700 + mode: "0700" - name: Configure croc send ansible.builtin.template: @@ -26,7 +26,7 @@ dest: "/home/{{ primary_user }}/.config/croc/send.json" owner: "{{ primary_user }}" group: "{{ primary_user }}" - mode: 0600 + mode: "0600" - name: Configure croc receive ansible.builtin.template: @@ -34,4 +34,4 @@ dest: "/home/{{ primary_user }}/.config/croc/receive.json" owner: "{{ primary_user }}" group: "{{ primary_user }}" - mode: 0600 + mode: "0600" diff --git a/roles/croc/tasks/relay.yml b/roles/croc/tasks/relay.yml index 247091e..1c12818 100644 --- a/roles/croc/tasks/relay.yml +++ b/roles/croc/tasks/relay.yml @@ -5,7 +5,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Install systemd unit override file ansible.builtin.template: @@ -13,7 +13,7 @@ dest: /etc/systemd/system/croc.service.d/override.conf owner: root group: root - mode: 0644 + mode: "0644" - name: Start and enable croc ansible.builtin.systemd: @@ -28,7 +28,7 @@ dest: /etc/firewalld/services owner: root group: root - mode: 0644 + mode: "0644" register: croc_service - name: Reload firewalld diff --git a/roles/ejabberd/tasks/main.yml b/roles/ejabberd/tasks/main.yml index cfed226..1af6229 100644 --- a/roles/ejabberd/tasks/main.yml +++ b/roles/ejabberd/tasks/main.yml @@ -33,7 +33,7 @@ dest: /tmp/pg.sql owner: root group: root - mode: 0644 + mode: "0644" when: ejabberd_db.changed - name: Import db schema @@ -54,7 +54,7 @@ dest: /etc/ejabberd/ejabberd.yml owner: jabber group: jabber - mode: 0600 + mode: "0600" notify: Restart ejabberd - name: Copy certificate @@ -64,7 +64,7 @@ remote_src: true owner: jabber group: jabber - mode: 0400 + mode: "0400" with_items: - fullchain.pem - privkey.pem @@ -91,7 +91,7 @@ state: directory owner: jabber group: jabber - mode: 0755 + mode: "0755" - name: Create well-known dir ansible.builtin.file: @@ -99,7 +99,7 @@ state: directory owner: http group: http - mode: 0755 + mode: "0755" - name: Copy host-meta ansible.builtin.copy: @@ -107,7 +107,7 @@ dest: "/etc/nginx/html/.well-known/{{ item }}" owner: http group: http - mode: 0644 + mode: "0644" with_items: - host-meta - host-meta.json @@ -152,4 +152,4 @@ dest: /etc/letsencrypt/hook.d/ejabberd owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/faceit/tasks/main.yml b/roles/faceit/tasks/main.yml index 36fdda0..a51ad19 100644 --- a/roles/faceit/tasks/main.yml +++ b/roles/faceit/tasks/main.yml @@ -9,7 +9,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Configure ansible.builtin.template: @@ -17,7 +17,7 @@ dest: /opt/faceit/docker-compose.yml owner: root group: root - mode: 0600 + mode: "0600" - name: Start service community.docker.docker_compose: @@ -30,5 +30,5 @@ dest: /etc/nginx/nginx.d/faceit.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml index 55e8d9a..712269d 100644 --- a/roles/fail2ban/tasks/main.yml +++ b/roles/fail2ban/tasks/main.yml @@ -10,7 +10,7 @@ dest: /etc/fail2ban/jail.local owner: root group: root - mode: 0644 + mode: "0644" notify: Restart fail2ban - name: Install sshd.jail @@ -19,7 +19,7 @@ dest: /etc/fail2ban/jail.d/sshd.local owner: root group: root - mode: 0644 + mode: "0644" notify: Restart fail2ban - name: Start and enable fail2ban diff --git a/roles/firewalld/tasks/main.yml b/roles/firewalld/tasks/main.yml index c8b1d43..b37e246 100644 --- a/roles/firewalld/tasks/main.yml +++ b/roles/firewalld/tasks/main.yml @@ -10,7 +10,7 @@ dest: /etc/firewalld/firewalld.conf owner: root group: root - mode: 0644 + mode: "0644" when: "'archlinux' in group_names" notify: Restart firewalld diff --git a/roles/gamja/tasks/main.yml b/roles/gamja/tasks/main.yml index 41536ad..34520c2 100644 --- a/roles/gamja/tasks/main.yml +++ b/roles/gamja/tasks/main.yml @@ -10,7 +10,7 @@ dest: /usr/share/webapps/gamja/config.json owner: root group: root - mode: 0644 + mode: "0644" - name: Copy nginx conf ansible.builtin.copy: @@ -18,5 +18,5 @@ dest: /etc/nginx/nginx.d/gamja.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index 9330ee0..46030b7 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -15,7 +15,7 @@ dest: /etc/grafana.ini owner: grafana group: grafana - mode: 0600 + mode: "0600" notify: Restart grafana - name: Create provisioning directories @@ -24,7 +24,7 @@ path: "{{ item }}" owner: grafana group: grafana - mode: 0700 + mode: "0700" with_items: - /etc/grafana/provisioning - /etc/grafana/provisioning/dashboards @@ -37,7 +37,7 @@ dest: /etc/grafana/provisioning/datasources/datasources.yml owner: grafana group: grafana - mode: 0600 + mode: "0600" notify: Restart grafana - name: Configure dashboard provisioning @@ -46,7 +46,7 @@ dest: /etc/grafana/provisioning/dashboards/dashboard.yml owner: grafana group: grafana - mode: 0600 + mode: "0600" notify: Restart grafana - name: Install dashboard @@ -55,7 +55,7 @@ dest: /var/lib/grafana/dashboards owner: grafana group: grafana - mode: 0600 + mode: "0600" - name: Start and enable ansible.builtin.systemd: @@ -69,5 +69,5 @@ dest: /etc/nginx/nginx.d/grafana.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/hedgedoc/tasks/main.yml b/roles/hedgedoc/tasks/main.yml index 1121e0a..ff3f6a1 100644 --- a/roles/hedgedoc/tasks/main.yml +++ b/roles/hedgedoc/tasks/main.yml @@ -29,7 +29,7 @@ dest: /etc/webapps/hedgedoc/config.json owner: hedgedoc group: hedgedoc - mode: 0600 + mode: "0600" notify: Restart hedgedoc - name: Start and enable @@ -44,5 +44,5 @@ dest: /etc/nginx/nginx.d/hedgedoc.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/homepage/tasks/main.yml b/roles/homepage/tasks/main.yml index bf2af11..5f35942 100644 --- a/roles/homepage/tasks/main.yml +++ b/roles/homepage/tasks/main.yml @@ -5,7 +5,7 @@ dest: /etc/nginx/nginx.d/homepage.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Create homepage dir @@ -14,7 +14,7 @@ path: /usr/share/webapps/homepage owner: deploy group: deploy - mode: 0755 + mode: "0755" - name: Create repo dir ansible.builtin.file: @@ -22,7 +22,7 @@ path: /usr/share/webapps/repo owner: xenrox group: xenrox - mode: 0755 + mode: "0755" - name: Add deploy user to http group ansible.builtin.user: diff --git a/roles/install_archlinux/tasks/main.yml b/roles/install_archlinux/tasks/main.yml index 6928688..c38efa7 100644 --- a/roles/install_archlinux/tasks/main.yml +++ b/roles/install_archlinux/tasks/main.yml @@ -32,7 +32,7 @@ state: touch owner: root group: root - mode: 0644 + mode: "0644" - name: Download bootstrap image ansible.builtin.get_url: @@ -41,7 +41,7 @@ dest: /tmp/ owner: root group: root - mode: 0644 + mode: "0644" - name: Extract bootstap image ansible.builtin.unarchive: @@ -55,7 +55,7 @@ dest: /tmp/root.x86_64/etc/resolv.conf owner: root group: root - mode: 0644 + mode: "0644" remote_src: true - name: Mount /proc to bootstrap @@ -84,7 +84,7 @@ dest: /tmp/root.x86_64/etc/pacman.d/mirrorlist owner: root group: root - mode: 0644 + mode: "0644" - name: Initialize pacman keyring ansible.builtin.command: chroot /tmp/root.x86_64 pacman-key --init @@ -132,7 +132,7 @@ line: "en_US.UTF-8 UTF-8" owner: root group: root - mode: 0644 + mode: "0644" - name: Generate locale ansible.builtin.command: chroot /mnt locale-gen @@ -155,14 +155,14 @@ dest: /mnt/etc/systemd/network/10-wired.network owner: root group: root - mode: 0644 + mode: "0644" - name: Set grub mount options ansible.builtin.lineinfile: path: /mnt/etc/default/grub owner: root group: root - mode: 0644 + mode: "0644" regexp: "^GRUB_CMDLINE_LINUX_DEFAULT=" line: 'GRUB_CMDLINE_LINUX_DEFAULT="rootflags=compress-force=zstd"' @@ -192,7 +192,7 @@ force: true owner: root group: root - mode: 0644 + mode: "0644" - name: Create root ssh folder ansible.builtin.file: @@ -200,7 +200,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Copy public key for root ansible.builtin.copy: @@ -208,7 +208,7 @@ dest: /mnt/root/.ssh/authorized_keys owner: root group: root - mode: 0600 + mode: "0600" remote_src: true - name: Remove LOCK diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 826d162..eee1d6d 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -35,7 +35,7 @@ dest: /etc/keycloak/keycloak.conf owner: root group: keycloak - mode: 0640 + mode: "0640" notify: Restart keycloak - name: Start and enable @@ -50,5 +50,5 @@ dest: /etc/nginx/nginx.d/keycloak.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/mailcow/tasks/main.yml b/roles/mailcow/tasks/main.yml index bf18a3f..71dd1fd 100644 --- a/roles/mailcow/tasks/main.yml +++ b/roles/mailcow/tasks/main.yml @@ -9,7 +9,7 @@ dest: /etc/nginx/nginx.d/mailcow.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Install cert renewal hook @@ -18,7 +18,7 @@ dest: /etc/letsencrypt/hook.d/mailcow owner: root group: root - mode: 0755 + mode: "0755" - name: Install TLSA update script ansible.builtin.template: @@ -26,7 +26,7 @@ dest: /etc/.secrets/update_tlsa.py owner: root group: root - mode: 0700 + mode: "0700" - name: Install TLSA script python modules community.general.pacman: @@ -39,7 +39,7 @@ dest: /usr/local/bin/mailcow_cleanup.sh owner: root group: root - mode: 0755 + mode: "0755" - name: Install cleanup service ansible.builtin.copy: @@ -47,7 +47,7 @@ dest: /etc/systemd/system/{{ item }} owner: root group: root - mode: 0644 + mode: "0644" with_items: - mailcow.service - mailcow.timer diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml index b2ee976..1601743 100644 --- a/roles/matrix/tasks/main.yml +++ b/roles/matrix/tasks/main.yml @@ -15,7 +15,7 @@ dest: /etc/synapse/homeserver.yaml owner: synapse group: synapse - mode: 0640 + mode: "0640" notify: Restart synapse - name: Copy signing key @@ -24,7 +24,7 @@ dest: /etc/synapse/xenrox.net.signing.key owner: synapse group: synapse - mode: 0640 + mode: "0640" - name: Create db user community.general.postgresql_user: @@ -56,7 +56,7 @@ dest: /etc/nginx/nginx.d/matrix.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Setup whatsapp bridge @@ -71,7 +71,7 @@ dest: /etc/mautrix-whatsapp/mautrix-whatsapp.yaml owner: mautrix-whatsapp group: mautrix-whatsapp - mode: 0640 + mode: "0640" notify: Restart mautrix-whatsapp - name: Configure whatsapp registration @@ -80,7 +80,7 @@ dest: /etc/synapse/appservice-registration-whatsapp.yaml owner: synapse group: synapse - mode: 0640 + mode: "0640" notify: Restart synapse - name: Create whatsapp db user diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index d2d6f6e..d886012 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -14,7 +14,7 @@ state: directory owner: minio group: minio - mode: 0700 + mode: "0700" - name: Configure minio ansible.builtin.template: @@ -22,7 +22,7 @@ dest: /etc/minio/minio.conf owner: minio group: minio - mode: 0600 + mode: "0600" notify: - Restart minio @@ -38,5 +38,5 @@ dest: /etc/nginx/nginx.d/minio.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/minio_client/tasks/main.yml b/roles/minio_client/tasks/main.yml index 61d93f9..01b6eac 100644 --- a/roles/minio_client/tasks/main.yml +++ b/roles/minio_client/tasks/main.yml @@ -14,7 +14,7 @@ dest: "/home/{{ primary_user }}/.s3cfg" owner: "{{ primary_user }}" group: "{{ primary_user }}" - mode: 0600 + mode: "0600" - name: Create mcli config path ansible.builtin.file: @@ -22,7 +22,7 @@ state: directory owner: "{{ primary_user }}" group: "{{ primary_user }}" - mode: 0700 + mode: "0700" - name: Configure mcli ansible.builtin.template: @@ -30,4 +30,4 @@ dest: "/home/{{ primary_user }}/.mcli/config.json" owner: "{{ primary_user }}" group: "{{ primary_user }}" - mode: 0600 + mode: "0600" diff --git a/roles/minio_mirror/tasks/main.yml b/roles/minio_mirror/tasks/main.yml index c16c6b5..60de8fb 100644 --- a/roles/minio_mirror/tasks/main.yml +++ b/roles/minio_mirror/tasks/main.yml @@ -5,7 +5,7 @@ state: directory owner: "{{ primary_user }}" group: "{{ primary_user }}" - mode: 0700 + mode: "0700" - name: Install service ansible.builtin.template: @@ -13,7 +13,7 @@ dest: /etc/systemd/system/minio-mirror.service owner: root group: root - mode: 0644 + mode: "0644" - name: Start and enable ansible.builtin.systemd: diff --git a/roles/mumble_server/tasks/main.yml b/roles/mumble_server/tasks/main.yml index 375197b..c2ababe 100644 --- a/roles/mumble_server/tasks/main.yml +++ b/roles/mumble_server/tasks/main.yml @@ -15,7 +15,7 @@ dest: /etc/mumble/mumble-server.ini owner: root group: _mumble-server - mode: 0640 + mode: "0640" notify: Restart mumble-server - name: Copy certificate @@ -25,7 +25,7 @@ remote_src: true owner: _mumble-server group: _mumble-server - mode: 0400 + mode: "0400" with_items: - fullchain.pem - privkey.pem @@ -50,4 +50,4 @@ dest: /etc/letsencrypt/hook.d/mumble-server owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/navidrome/tasks/main.yml b/roles/navidrome/tasks/main.yml index d7d5a90..63cca6a 100644 --- a/roles/navidrome/tasks/main.yml +++ b/roles/navidrome/tasks/main.yml @@ -14,7 +14,7 @@ state: directory owner: xenrox group: xenrox - mode: 0755 + mode: "0755" - name: Configure ansible.builtin.template: @@ -22,7 +22,7 @@ dest: /etc/navidrome/navidrome.toml owner: navidrome group: navidrome - mode: 0600 + mode: "0600" notify: Restart navidrome - name: Start and enable @@ -37,5 +37,5 @@ dest: /etc/nginx/nginx.d/navidrome.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 95077e9..e9c93bd 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -32,7 +32,7 @@ src: config.php.j2 dest: /etc/webapps/nextcloud/config/config.php.pacnew owner: nextcloud - mode: 0640 + mode: "0640" changed_when: false - name: Configure uwsgi @@ -41,7 +41,7 @@ dest: /etc/uwsgi/nextcloud.ini owner: root group: root - mode: 0644 + mode: "0644" notify: Restart uwsgi nextcloud - name: Add nextcloud user to http group @@ -63,7 +63,7 @@ dest: /etc/uwsgi/cron-php.ini owner: root group: root - mode: 0644 + mode: "0644" - name: Copy nginx conf ansible.builtin.copy: @@ -71,7 +71,7 @@ dest: /etc/nginx/nginx.d/nextcloud.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Copy upgrade hook @@ -80,4 +80,4 @@ dest: /etc/pacman.d/hooks/nextcloud.hook owner: root group: root - mode: 0644 + mode: "0644" diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index c1dd09d..94bc485 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -10,7 +10,7 @@ dest: /etc/nginx/nginx.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Create snippets dir @@ -19,7 +19,7 @@ path: /etc/nginx/snippets owner: root group: root - mode: 0755 + mode: "0755" - name: Copy snippets ansible.builtin.copy: @@ -27,7 +27,7 @@ dest: /etc/nginx/snippets owner: root group: root - mode: 0644 + mode: "0644" with_fileglob: files/snippets/* notify: Restart nginx @@ -37,7 +37,7 @@ dest: "/etc/nginx/snippets/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - internal_access.conf notify: Restart nginx @@ -48,7 +48,7 @@ path: /etc/nginx/nginx.d owner: root group: root - mode: 0755 + mode: "0755" - name: Create htpasswd directory ansible.builtin.file: @@ -56,7 +56,7 @@ path: /etc/nginx/htpasswd owner: root group: root - mode: 0755 + mode: "0755" - name: Create DH group # NOTE: Remove when upgrading to modern SSL config @@ -84,4 +84,4 @@ dest: /etc/letsencrypt/hook.d/nginx owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/ntfy_client/tasks/main.yml b/roles/ntfy_client/tasks/main.yml index dc02a27..d092fc2 100644 --- a/roles/ntfy_client/tasks/main.yml +++ b/roles/ntfy_client/tasks/main.yml @@ -9,4 +9,4 @@ dest: /usr/local/bin/curl-ntfy owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/ntfy_server/tasks/main.yml b/roles/ntfy_server/tasks/main.yml index e9eadc3..910ed48 100644 --- a/roles/ntfy_server/tasks/main.yml +++ b/roles/ntfy_server/tasks/main.yml @@ -14,7 +14,7 @@ dest: /etc/ntfy/server.yml owner: ntfy group: ntfy - mode: 0600 + mode: "0600" notify: Restart ntfy - name: Create cache/db and files directory @@ -23,7 +23,7 @@ state: directory owner: ntfy group: ntfy - mode: 0700 + mode: "0700" with_items: - /var/lib/ntfy - /var/lib/ntfy/files @@ -41,9 +41,9 @@ dest: /etc/nginx/nginx.d/ntfy.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx -- name: Make UnifiedPush topics world-writeable +- name: Make UnifiedPush topics world-writeable # noqa no-changed-when ansible.builtin.command: ntfy access everyone 'up*' write-only when: ntfy_status.changed diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml index d39f57b..0531fdf 100644 --- a/roles/pacman/tasks/main.yml +++ b/roles/pacman/tasks/main.yml @@ -9,7 +9,7 @@ dest: /etc/pacman.conf owner: root group: root - mode: 0644 + mode: "0644" - name: Import sourcehut key community.general.pacman_key: @@ -34,7 +34,7 @@ dest: "/etc/systemd/system/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - paccache.service - paccache.timer @@ -52,7 +52,7 @@ dest: "/etc/systemd/system/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - reflector.service - reflector.timer @@ -70,7 +70,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Install hooks ansible.builtin.copy: @@ -78,7 +78,7 @@ dest: "/etc/pacman.d/hooks/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - arch-audit.hook - mirrorlist.hook diff --git a/roles/peertube/tasks/main.yml b/roles/peertube/tasks/main.yml index cf1f34d..fd957a1 100644 --- a/roles/peertube/tasks/main.yml +++ b/roles/peertube/tasks/main.yml @@ -36,7 +36,7 @@ dest: /etc/peertube/production.yaml owner: peertube group: peertube - mode: 0600 + mode: "0600" notify: Restart peertube - name: Fix folder permissions # TODO: Bug in aur package @@ -45,7 +45,7 @@ state: directory owner: peertube group: peertube - mode: 0755 + mode: "0755" - name: Create systemd override path ansible.builtin.file: @@ -53,7 +53,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Install systemd override file ansible.builtin.copy: @@ -61,7 +61,7 @@ dest: /etc/systemd/system/peertube.service.d/override.conf owner: root group: root - mode: 0644 + mode: "0644" - name: Start and enable ansible.builtin.systemd: @@ -76,7 +76,7 @@ dest: /etc/nginx/nginx.d/peertube.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Copy firewalld RTMP service @@ -85,7 +85,7 @@ dest: /etc/firewalld/services owner: root group: root - mode: 0644 + mode: "0644" register: rtmp_service - name: Reload firewalld diff --git a/roles/pgbouncer/tasks/main.yml b/roles/pgbouncer/tasks/main.yml index cbe7d67..1ac664b 100644 --- a/roles/pgbouncer/tasks/main.yml +++ b/roles/pgbouncer/tasks/main.yml @@ -14,7 +14,7 @@ dest: /etc/pgbouncer/pgbouncer.ini owner: pgbouncer group: pgbouncer - mode: 0600 + mode: "0600" notify: Restart pgbouncer - name: Configure userlist.txt @@ -23,7 +23,7 @@ dest: /etc/pgbouncer/userlist.txt owner: pgbouncer group: pgbouncer - mode: 0600 + mode: "0600" notify: Restart pgbouncer - name: Copy certificate @@ -33,7 +33,7 @@ remote_src: true owner: pgbouncer group: pgbouncer - mode: 0400 + mode: "0400" with_items: - fullchain.pem - privkey.pem @@ -44,7 +44,7 @@ dest: /etc/letsencrypt/hook.d/pgbouncer owner: root group: root - mode: 0755 + mode: "0755" - name: Start and enable ansible.builtin.systemd: diff --git a/roles/pihole/tasks/main.yml b/roles/pihole/tasks/main.yml index 2c08de1..48fe298 100644 --- a/roles/pihole/tasks/main.yml +++ b/roles/pihole/tasks/main.yml @@ -9,7 +9,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Configure ansible.builtin.template: @@ -17,7 +17,7 @@ dest: /opt/pihole/docker-compose.yml owner: root group: root - mode: 0600 + mode: "0600" notify: Print further instructions - name: Stop and disable systemd-resolved diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml index 6b1737f..0b759f1 100644 --- a/roles/postgres/tasks/main.yml +++ b/roles/postgres/tasks/main.yml @@ -16,7 +16,7 @@ group: postgres attributes: "+C" path: /var/lib/postgres/data - mode: 0700 + mode: "0700" - name: Initial configuration become: true @@ -32,7 +32,7 @@ dest: /var/lib/postgres/data/postgresql.conf owner: postgres group: postgres - mode: 0600 + mode: "0600" notify: Restart postgres - name: Configure pg_hba.conf @@ -41,7 +41,7 @@ dest: /var/lib/postgres/data/pg_hba.conf owner: postgres group: postgres - mode: 0600 + mode: "0600" notify: Restart postgres - name: Copy certificate @@ -51,7 +51,7 @@ remote_src: true owner: postgres group: postgres - mode: 0400 + mode: "0400" with_items: - fullchain.pem - privkey.pem @@ -68,4 +68,4 @@ dest: /etc/letsencrypt/hook.d/postgres owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 1163194..2a84b20 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -20,7 +20,7 @@ dest: /etc/prometheus/prometheus.yml owner: root group: prometheus - mode: 0640 + mode: "0640" notify: Reload prometheus - name: Install cli configuration @@ -29,7 +29,7 @@ dest: /etc/conf.d/prometheus owner: root group: root - mode: 0644 + mode: "0644" notify: Restart prometheus - name: Configure rules @@ -38,7 +38,7 @@ dest: /etc/prometheus/ owner: root group: root - mode: 0644 + mode: "0644" with_fileglob: - files/rules/* notify: Reload prometheus @@ -56,7 +56,7 @@ password: "{{ prometheus_secrets['pushgateway_pass'] }}" owner: root group: http - mode: 0640 + mode: "0640" - name: Copy pushgateway nginx conf ansible.builtin.copy: @@ -64,7 +64,7 @@ dest: /etc/nginx/nginx.d/push.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Install pushgateway service @@ -73,7 +73,7 @@ dest: /etc/systemd/system/pushgateway.service owner: root group: root - mode: 0644 + mode: "0644" - name: Create pushgateway data dir ansible.builtin.file: @@ -81,7 +81,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Start and enable pushgateway ansible.builtin.systemd: diff --git a/roles/prometheus_clients/tasks/main.yml b/roles/prometheus_clients/tasks/main.yml index 143b311..d6f48f9 100644 --- a/roles/prometheus_clients/tasks/main.yml +++ b/roles/prometheus_clients/tasks/main.yml @@ -9,7 +9,7 @@ dest: /usr/local/bin/curl-pushgateway owner: root group: root - mode: 0755 + mode: "0755" - name: Include server playbook ansible.builtin.include_tasks: server.yml diff --git a/roles/prometheus_clients/tasks/server.yml b/roles/prometheus_clients/tasks/server.yml index c31d9f3..e246dd9 100644 --- a/roles/prometheus_clients/tasks/server.yml +++ b/roles/prometheus_clients/tasks/server.yml @@ -10,7 +10,7 @@ state: directory owner: node_exporter group: node_exporter - mode: 0755 + mode: "0755" - name: Configure node exporter ansible.builtin.copy: @@ -18,7 +18,7 @@ dest: /etc/conf.d/prometheus-node-exporter owner: root group: root - mode: 0644 + mode: "0644" notify: Restart node exporter - name: Install textfile script @@ -27,7 +27,7 @@ dest: /usr/local/bin/prometheus_arch.sh owner: root group: root - mode: 0755 + mode: "0755" - name: Start and enable node exporter ansible.builtin.systemd: @@ -41,7 +41,7 @@ dest: "/etc/systemd/system/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - prometheus-arch.service - prometheus-arch.timer diff --git a/roles/sane/tasks/main.yml b/roles/sane/tasks/main.yml index 8200ae8..7eec31a 100644 --- a/roles/sane/tasks/main.yml +++ b/roles/sane/tasks/main.yml @@ -10,7 +10,7 @@ line: 192.168.1.1/24 owner: root group: root - mode: 0644 + mode: "0644" - name: Start and enable ansible.builtin.systemd: diff --git a/roles/sane_clients/tasks/main.yml b/roles/sane_clients/tasks/main.yml index 6acf877..c8bb3dd 100644 --- a/roles/sane_clients/tasks/main.yml +++ b/roles/sane_clients/tasks/main.yml @@ -5,4 +5,4 @@ line: 192.168.1.26 owner: root group: root - mode: 0644 + mode: "0644" diff --git a/roles/screego/tasks/main.yml b/roles/screego/tasks/main.yml index 0f22a34..0c11c6f 100644 --- a/roles/screego/tasks/main.yml +++ b/roles/screego/tasks/main.yml @@ -10,7 +10,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Configure ansible.builtin.template: @@ -18,7 +18,7 @@ dest: /opt/screego/docker-compose.yml owner: root group: root - mode: 0600 + mode: "0600" - name: Create users file ansible.builtin.copy: @@ -26,7 +26,7 @@ content: "xenrox:{{ screego_secrets['xenrox_pass'] | password_hash('bcrypt', screego_secrets['xenrox_hash']) }}" owner: root group: root - mode: 0644 + mode: "0644" - name: Start service community.docker.docker_compose: @@ -39,7 +39,7 @@ dest: /etc/nginx/nginx.d/screego.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Copy firewalld service @@ -48,7 +48,7 @@ dest: /etc/firewalld/services owner: root group: root - mode: 0644 + mode: "0644" - name: Firewalld allow ansible.posix.firewalld: diff --git a/roles/searx/tasks/main.yml b/roles/searx/tasks/main.yml index bb3de37..fb1b7a8 100644 --- a/roles/searx/tasks/main.yml +++ b/roles/searx/tasks/main.yml @@ -16,7 +16,7 @@ line: disable-logging = true owner: root group: root - mode: 0644 + mode: "0644" notify: Restart searx - name: Configure @@ -25,7 +25,7 @@ dest: /etc/searx/settings.yml owner: root group: root - mode: 0644 + mode: "0644" notify: Restart searx - name: Start and enable @@ -40,5 +40,5 @@ dest: /etc/nginx/nginx.d/search.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/setup_archlinux/tasks/main.yml b/roles/setup_archlinux/tasks/main.yml index 3698ece..a3dcd40 100644 --- a/roles/setup_archlinux/tasks/main.yml +++ b/roles/setup_archlinux/tasks/main.yml @@ -30,7 +30,7 @@ dest: "/etc/systemd/system/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - reboot.service - reboot.timer @@ -48,7 +48,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Install journald override file ansible.builtin.copy: @@ -56,7 +56,7 @@ dest: /etc/systemd/journald.conf.d/override.conf owner: root group: root - mode: 0644 + mode: "0644" - name: Install logrotate community.general.pacman: diff --git a/roles/sinusbot/handlers/main.yml b/roles/sinusbot/handlers/main.yml index 7ccd51f..a98481b 100644 --- a/roles/sinusbot/handlers/main.yml +++ b/roles/sinusbot/handlers/main.yml @@ -11,7 +11,7 @@ dest: /opt/sinusbot/scripts owner: xenrox group: xenrox - mode: 0644 + mode: "0644" with_items: "{{ sinusbot_scripts.stdout_lines }}" listen: Setup scripts diff --git a/roles/sinusbot/tasks/main.yml b/roles/sinusbot/tasks/main.yml index 4faf11a..4c75b46 100644 --- a/roles/sinusbot/tasks/main.yml +++ b/roles/sinusbot/tasks/main.yml @@ -5,7 +5,7 @@ state: directory owner: xenrox group: xenrox - mode: 0755 + mode: "0755" - name: Get user information ansible.builtin.getent: @@ -18,7 +18,7 @@ dest: /opt/sinusbot/docker-compose.yml owner: xenrox group: xenrox - mode: 0600 + mode: "0600" - name: Start service community.docker.docker_compose: @@ -31,7 +31,7 @@ dest: /etc/nginx/nginx.d/sinusbot.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Clone scripts diff --git a/roles/soju/tasks/main.yml b/roles/soju/tasks/main.yml index 422930b..3941d98 100644 --- a/roles/soju/tasks/main.yml +++ b/roles/soju/tasks/main.yml @@ -15,7 +15,7 @@ remote_src: true owner: soju group: soju - mode: 0400 + mode: "0400" with_items: - fullchain.pem - privkey.pem @@ -26,7 +26,7 @@ dest: /etc/soju/config owner: soju group: soju - mode: 0600 + mode: "0600" notify: Restart soju - name: Create db user @@ -63,4 +63,4 @@ dest: /etc/letsencrypt/hook.d/soju owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/srht/tasks/main.yml b/roles/srht/tasks/main.yml index fbebbd3..89e9efe 100644 --- a/roles/srht/tasks/main.yml +++ b/roles/srht/tasks/main.yml @@ -17,7 +17,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Configure srht ansible.builtin.template: @@ -25,7 +25,7 @@ dest: /etc/sr.ht/config.ini owner: root group: root - mode: 0644 + mode: "0644" notify: Restart srht - name: Deposit GPG private key @@ -34,7 +34,7 @@ dest: /etc/sr.ht/sourcehut.priv owner: root group: root - mode: 0644 + mode: "0644" - name: Deposit GPG public key ansible.builtin.template: @@ -42,7 +42,7 @@ dest: /etc/sr.ht/sourcehut.pub owner: root group: root - mode: 0644 + mode: "0644" - name: Create systemd unit override path for git ansible.builtin.file: @@ -50,7 +50,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" with_items: - git.sr.ht.service - git.sr.ht-api.service @@ -63,7 +63,7 @@ dest: "/etc/systemd/system/{{ item }}.d/override.conf" owner: root group: root - mode: 0644 + mode: "0644" with_items: - git.sr.ht.service - git.sr.ht-api.service @@ -76,7 +76,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Install worker systemd unit override file ansible.builtin.copy: @@ -84,7 +84,7 @@ dest: /etc/systemd/system/builds.sr.ht-worker.service.d/override.conf owner: root group: root - mode: 0644 + mode: "0644" - name: Configure worker ansible.builtin.template: @@ -92,7 +92,7 @@ dest: /etc/sr.ht/worker.ini owner: root group: root - mode: 0644 + mode: "0644" vars: worker_config: true notify: Restart worker @@ -192,7 +192,7 @@ dest: /etc/nginx/nginx.d owner: root group: root - mode: 0644 + mode: "0644" with_fileglob: - files/nginx/* notify: @@ -204,7 +204,7 @@ dest: /etc/nginx/nginx.d/runner.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Copy nginx snippets @@ -213,7 +213,7 @@ dest: /etc/nginx/snippets owner: root group: root - mode: 0755 + mode: "0755" with_items: - graphql.conf - srht.conf @@ -227,7 +227,7 @@ dest: /etc/sr.ht/image-refresh-token owner: root group: root - mode: 0644 + mode: "0644" - name: Setup image build files ansible.builtin.git: @@ -247,7 +247,7 @@ state: directory owner: buildsrht group: buildsrht - mode: 0775 + mode: "0775" with_items: - /var/lib/images/archlinux - /var/lib/images/alpine/edge @@ -258,7 +258,7 @@ state: directory owner: runner group: runner - mode: 0755 + mode: "0755" - name: Create git repo dir ansible.builtin.file: @@ -266,7 +266,7 @@ state: directory owner: git group: git - mode: 0755 + mode: "0755" - name: Set git user shell ansible.builtin.user: @@ -278,7 +278,7 @@ path: /var/log/{{ item }} owner: gitsrht group: gitsrht - mode: 0666 + mode: "0666" with_items: - gitsrht-dispatch - gitsrht-keys diff --git a/roles/ssh/tasks/client.yml b/roles/ssh/tasks/client.yml index 7754d18..42dc9c9 100644 --- a/roles/ssh/tasks/client.yml +++ b/roles/ssh/tasks/client.yml @@ -5,4 +5,4 @@ dest: /etc/ssh/ssh_config owner: root group: root - mode: 0644 + mode: "0644" diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml index 554a456..3afe910 100644 --- a/roles/ssh/tasks/main.yml +++ b/roles/ssh/tasks/main.yml @@ -16,4 +16,4 @@ - name: Set file permissions ansible.builtin.file: path: /etc/ssh - mode: 0755 + mode: "0755" diff --git a/roles/ssh/tasks/server.yml b/roles/ssh/tasks/server.yml index 60662a9..f46b2f2 100644 --- a/roles/ssh/tasks/server.yml +++ b/roles/ssh/tasks/server.yml @@ -5,7 +5,7 @@ dest: /etc/ssh/sshd_config owner: root group: root - mode: 0644 + mode: "0644" validate: /usr/sbin/sshd -t -f %s notify: Restart sshd diff --git a/roles/teamspeak/tasks/main.yml b/roles/teamspeak/tasks/main.yml index ec84aea..d4dfd4f 100644 --- a/roles/teamspeak/tasks/main.yml +++ b/roles/teamspeak/tasks/main.yml @@ -16,7 +16,7 @@ dest: /etc/firewalld/services/teamspeak.xml owner: root group: root - mode: 0644 + mode: "0644" register: teamspeak_service - name: Reload firewalld diff --git a/roles/uptime_kuma/tasks/main.yml b/roles/uptime_kuma/tasks/main.yml index 0497c72..779fc3e 100644 --- a/roles/uptime_kuma/tasks/main.yml +++ b/roles/uptime_kuma/tasks/main.yml @@ -5,7 +5,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Configure ansible.builtin.copy: @@ -13,7 +13,7 @@ dest: /opt/uptimekuma/docker-compose.yml owner: root group: root - mode: 0600 + mode: "0600" - name: Copy nginx conf ansible.builtin.copy: @@ -21,7 +21,7 @@ dest: /etc/nginx/nginx.d/uptimekuma.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Install backup script @@ -30,7 +30,7 @@ dest: /opt/uptimekuma/backup.sh owner: root group: root - mode: 0700 + mode: "0700" - name: Start community.docker.docker_compose: diff --git a/roles/urlwatch/tasks/main.yml b/roles/urlwatch/tasks/main.yml index f222c90..a635911 100644 --- a/roles/urlwatch/tasks/main.yml +++ b/roles/urlwatch/tasks/main.yml @@ -14,7 +14,7 @@ dest: "/etc/systemd/system/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - urlwatch.service - urlwatch.timer @@ -25,7 +25,7 @@ state: directory owner: xenrox group: xenrox - mode: 0700 + mode: "0700" - name: Configure ansible.builtin.template: @@ -33,7 +33,7 @@ dest: /home/xenrox/.config/urlwatch/urlwatch.yaml owner: xenrox group: xenrox - mode: 0600 + mode: "0600" notify: Restart urlwatch - name: Set urls @@ -42,7 +42,7 @@ dest: /home/xenrox/.config/urlwatch/urls.yaml owner: xenrox group: xenrox - mode: 0644 + mode: "0644" - name: Start and enable ansible.builtin.systemd: diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml index 524c4f3..2d8b9a2 100644 --- a/roles/vault/tasks/main.yml +++ b/roles/vault/tasks/main.yml @@ -30,7 +30,7 @@ dest: /tmp/vault_table.sql owner: root group: root - mode: 0644 + mode: "0644" when: vault_db.changed - name: Import DB schema @@ -50,7 +50,7 @@ dest: /etc/vault.hcl owner: vault group: vault - mode: 0600 + mode: "0600" notify: Restart vault - name: Start and enable @@ -65,5 +65,5 @@ dest: /etc/nginx/nginx.d/vault.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx diff --git a/roles/vaultwarden/tasks/main.yml b/roles/vaultwarden/tasks/main.yml index c5cc5a6..a03fd58 100644 --- a/roles/vaultwarden/tasks/main.yml +++ b/roles/vaultwarden/tasks/main.yml @@ -33,7 +33,7 @@ dest: /etc/vaultwarden.env owner: vaultwarden group: vaultwarden - mode: 0600 + mode: "0600" notify: Restart vaultwarden - name: Start and enable @@ -48,7 +48,7 @@ dest: /etc/nginx/nginx.d/pass.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart nginx - name: Install fail2ban filter @@ -57,7 +57,7 @@ dest: /etc/fail2ban/filter.d/vaultwarden.local owner: root group: root - mode: 0644 + mode: "0644" notify: Restart fail2ban - name: Install fail2ban jail @@ -66,5 +66,5 @@ dest: /etc/fail2ban/jail.d/vaultwarden.local owner: root group: root - mode: 0644 + mode: "0644" notify: Restart fail2ban diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index bf82c3b..6df4331 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -10,7 +10,7 @@ dest: "/etc/systemd/network/{{ item }}" owner: root group: systemd-network - mode: 0640 + mode: "0640" with_items: - wg0.netdev - wg0.network diff --git a/roles/wireguard_desktop/tasks/main.yml b/roles/wireguard_desktop/tasks/main.yml index cc4f3a8..2fcee15 100644 --- a/roles/wireguard_desktop/tasks/main.yml +++ b/roles/wireguard_desktop/tasks/main.yml @@ -5,7 +5,7 @@ dest: /etc/wireguard/wg-vpn.conf owner: root group: root - mode: 0600 + mode: "0600" - name: Configure wg-internal ansible.builtin.template: @@ -13,4 +13,4 @@ dest: /etc/wireguard/wg-internal.conf owner: root group: root - mode: 0600 + mode: "0600" diff --git a/roles/wireguard_vpn_server/tasks/main.yml b/roles/wireguard_vpn_server/tasks/main.yml index 21e929b..bdda78a 100644 --- a/roles/wireguard_vpn_server/tasks/main.yml +++ b/roles/wireguard_vpn_server/tasks/main.yml @@ -10,7 +10,7 @@ dest: "/etc/systemd/network/{{ item }}" owner: root group: systemd-network - mode: 0640 + mode: "0640" with_items: - wg1.netdev - wg1.network @@ -55,7 +55,7 @@ dest: /etc/firewalld/services owner: root group: root - mode: 0644 + mode: "0644" register: wireguard_vpn_service - name: Reload firewalld @@ -77,7 +77,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Install resolved override file ansible.builtin.copy: @@ -85,7 +85,7 @@ dest: /etc/systemd/resolved.conf.d/wireguard_dns.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Restart systemd-resolved - name: Firewalld allow DNS diff --git a/roles/xenrox/tasks/main.yml b/roles/xenrox/tasks/main.yml index 46313b5..799b077 100644 --- a/roles/xenrox/tasks/main.yml +++ b/roles/xenrox/tasks/main.yml @@ -14,7 +14,7 @@ dest: /etc/sudoers.d/override owner: root group: root - mode: 0440 + mode: "0440" - name: Create user ansible.builtin.user: -- 2.44.0