From 34f3c54cebfc0eef536acc21c86aad4c4fd5409f Mon Sep 17 00:00:00 2001 From: Oli Date: Sun, 19 Feb 2023 14:18:09 +0000 Subject: [PATCH] add quotes around octal values YAML loaders will load them as strings, providing a consistent behavior. This is also safer as JSON does not support octal values either. --- roles/bastion/tasks/ssh.yml | 2 +- roles/bastion/tasks/terraform.yml | 4 ++-- roles/lego/tasks/main.yml | 6 +++--- roles/mariadb/tasks/mariadb.yml | 2 +- roles/mariadb/tasks/mysqld_exporter.yml | 2 +- roles/nextcloud/tasks/configure.yml | 10 +++++----- roles/nextcloud/tasks/nextcloud.yml | 4 ++-- roles/nextcloud/tasks/rclone.yml | 6 +++--- roles/nginx/tasks/main.yml | 4 ++-- roles/node_exporter/tasks/main.yml | 2 +- roles/php/tasks/main.yml | 2 +- roles/postgresql/tasks/postgres_exporter.yml | 2 +- roles/rclone/tasks/main.yml | 10 +++++----- roles/redis/tasks/main.yml | 2 +- roles/systemd_exporter/tasks/main.yml | 2 +- roles/webserver/tasks/nginx.yml | 12 ++++++------ roles/webserver/tasks/rclone.yml | 2 +- roles/wordpress/tasks/main.yml | 4 ++-- 18 files changed, 39 insertions(+), 39 deletions(-) diff --git a/roles/bastion/tasks/ssh.yml b/roles/bastion/tasks/ssh.yml index dde7579..8b614d5 100644 --- a/roles/bastion/tasks/ssh.yml +++ b/roles/bastion/tasks/ssh.yml @@ -4,6 +4,6 @@ copy: src: "ssh/" dest: "~/.ssh/" - mode: 0600 + mode: "0600" directory_mode: true become_user: "{{ main_user }}" diff --git a/roles/bastion/tasks/terraform.yml b/roles/bastion/tasks/terraform.yml index fafb22b..ebe706f 100644 --- a/roles/bastion/tasks/terraform.yml +++ b/roles/bastion/tasks/terraform.yml @@ -4,7 +4,7 @@ template: src: "tfvars_token.j2" dest: "~/.tfvars_token_dtsv" - mode: 0640 + mode: "0640" become_user: "{{ main_user }}" - name: Add .tfvars_token to .bash_profile @@ -12,5 +12,5 @@ path: "~/.bash_profile" create: true line: "source ~/.tfvars_token_dtsv" - mode: 0644 + mode: "0644" become_user: "{{ main_user }}" diff --git a/roles/lego/tasks/main.yml b/roles/lego/tasks/main.yml index 98defdd..16b79c6 100644 --- a/roles/lego/tasks/main.yml +++ b/roles/lego/tasks/main.yml @@ -25,7 +25,7 @@ remote_src: true src: "/var/tmp/lego.tar.gz" dest: "/var/tmp" - mode: 0755 + mode: "0755" extra_opts: - --one-top-level include: @@ -34,7 +34,7 @@ - name: Create lego config directory file: path: "{{ lego_config_dir }}" - mode: 0755 + mode: "0755" state: directory - name: Check lego registration @@ -57,6 +57,6 @@ template: src: "{{ item }}.j2" dest: "/etc/systemd/system/{{ item }}" - mode: 0644 + mode: "0644" loop: [lego.service, lego.timer] notify: [restart lego_service, restart lego_timer] diff --git a/roles/mariadb/tasks/mariadb.yml b/roles/mariadb/tasks/mariadb.yml index 5662a2c..fc0ed84 100644 --- a/roles/mariadb/tasks/mariadb.yml +++ b/roles/mariadb/tasks/mariadb.yml @@ -32,5 +32,5 @@ dest: /etc/mysql/my.cnf owner: mysql group: mysql - mode: 0600 + mode: "0600" notify: restart mariadb diff --git a/roles/mariadb/tasks/mysqld_exporter.yml b/roles/mariadb/tasks/mysqld_exporter.yml index 077f2a4..0a0a5b1 100644 --- a/roles/mariadb/tasks/mysqld_exporter.yml +++ b/roles/mariadb/tasks/mysqld_exporter.yml @@ -44,5 +44,5 @@ dest: /etc/systemd/system/mysqld_exporter.service owner: root group: root - mode: 0644 + mode: "0644" notify: restart mysqld_exporter diff --git a/roles/nextcloud/tasks/configure.yml b/roles/nextcloud/tasks/configure.yml index d3fd5d9..804f939 100644 --- a/roles/nextcloud/tasks/configure.yml +++ b/roles/nextcloud/tasks/configure.yml @@ -72,7 +72,7 @@ remote_src: true owner: "{{ nextcloud_exporter_system_user }}" group: "{{ nextcloud_exporter_system_group }}" - mode: 0755 + mode: "0755" notify: restart nextcloud_exporter - name: Get latest nextcloud_notify_push version @@ -116,7 +116,7 @@ remote_src: true owner: "{{ webserver_user }}" group: "{{ webserver_group }}" - mode: 0700 + mode: "0700" notify: restart nextcloud_notify_push - name: Copy nextcloud_nightlycron @@ -125,7 +125,7 @@ dest: "{{ nextcloud_background_script_dir }}/nextcloud_nightlycron.sh" owner: "{{ webserver_user }}" group: "{{ webserver_group }}" - mode: 0700 + mode: "0700" - name: Copy Nextcloud systemd service file template: @@ -133,7 +133,7 @@ dest: "/etc/systemd/system/{{ item }}" owner: root group: root - mode: 0644 + mode: "0644" loop: - nextcloudcron.service - nextcloudcron.timer @@ -149,4 +149,4 @@ template: src: logrotate.nextcloud.j2 dest: /etc/logrotate.d/nextcloud - mode: 0644 + mode: "0644" diff --git a/roles/nextcloud/tasks/nextcloud.yml b/roles/nextcloud/tasks/nextcloud.yml index 1d5eb7f..b9dc0f9 100644 --- a/roles/nextcloud/tasks/nextcloud.yml +++ b/roles/nextcloud/tasks/nextcloud.yml @@ -16,7 +16,7 @@ state: directory owner: "{{ webserver_user }}" group: "{{ webserver_group }}" - mode: 0770 + mode: "0770" force: false - name: Download nextcloud latest from nextcloud.com @@ -55,7 +55,7 @@ src: "nextcloud.config.json.j2" dest: /tmp/nextcloud.config.json owner: "{{ webserver_user }}" - mode: 0600 + mode: "0600" - name: Ensure nextcloud installation is finished become: true diff --git a/roles/nextcloud/tasks/rclone.yml b/roles/nextcloud/tasks/rclone.yml index 1b78f75..00397e7 100644 --- a/roles/nextcloud/tasks/rclone.yml +++ b/roles/nextcloud/tasks/rclone.yml @@ -4,7 +4,7 @@ - name: Create Rclone mount directory file: path: "{{ nextcloud_rclone_mount_dir }}" - mode: 0770 + mode: "0770" state: directory # Touch rclone log file to set permissions @@ -12,7 +12,7 @@ file: path: "{{ rclone_log_dir }}/mount_nextcloud.log" state: touch - mode: 0640 + mode: "0640" access_time: preserve modification_time: preserve @@ -20,7 +20,7 @@ template: src: rclone_mount_nextcloud.service.j2 dest: /etc/systemd/system/rclone_mount_nextcloud.service - mode: 0640 + mode: "0640" notify: restart rclone_mount_nextcloud - name: "Add {{ webserver_user }} user to rclone group" diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 2fb9ae4..9d5f784 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -27,14 +27,14 @@ - name: Create global config folder file: path: "/etc/nginx/global" - mode: 0755 + mode: "0755" state: directory - name: Copy Nginx SSL Config template: dest: /etc/nginx/global/ssl.conf src: ssl.conf.j2 - mode: 0644 + mode: "0644" notify: reload nginx - name: Download pre-defined DHE group # as recommended by IETF RFC 7919 diff --git a/roles/node_exporter/tasks/main.yml b/roles/node_exporter/tasks/main.yml index 5e5f03d..b3d63c5 100644 --- a/roles/node_exporter/tasks/main.yml +++ b/roles/node_exporter/tasks/main.yml @@ -61,5 +61,5 @@ dest: /etc/systemd/system/node_exporter.service owner: root group: root - mode: 0644 + mode: "0644" notify: restart node_exporter diff --git a/roles/php/tasks/main.yml b/roles/php/tasks/main.yml index 52b7651..6f948c0 100644 --- a/roles/php/tasks/main.yml +++ b/roles/php/tasks/main.yml @@ -24,6 +24,6 @@ template: dest: /etc/nginx/conf.d/php-handler.conf src: php-handler.conf.j2 - mode: 0644 + mode: "0644" when: '"fpm" in php_modules' notify: reload nginx diff --git a/roles/postgresql/tasks/postgres_exporter.yml b/roles/postgresql/tasks/postgres_exporter.yml index c92a721..34358fe 100644 --- a/roles/postgresql/tasks/postgres_exporter.yml +++ b/roles/postgresql/tasks/postgres_exporter.yml @@ -44,5 +44,5 @@ dest: /etc/systemd/system/postgres_exporter.service owner: root group: root - mode: 0644 + mode: "0644" notify: restart postgres_exporter diff --git a/roles/rclone/tasks/main.yml b/roles/rclone/tasks/main.yml index d6d5f6c..b8ae542 100644 --- a/roles/rclone/tasks/main.yml +++ b/roles/rclone/tasks/main.yml @@ -38,7 +38,7 @@ file: path: "{{ rclone_config_dir }}" state: directory - mode: 700 + mode: "0700" - name: Create rclone group group: @@ -69,7 +69,7 @@ - name: Create rclone cache/log directory file: path: "{{ item }}" - mode: 0750 + mode: "0750" state: directory loop: - "{{ rclone_cache_dir }}" @@ -79,13 +79,13 @@ template: src: logrotate.rclone.j2 dest: /etc/logrotate.d/rclone - mode: 0644 + mode: "0644" - name: Copy service account files copy: src: "{{ item }}" dest: "{{ rclone_config_dir }}/{{ item }}" - mode: 0600 + mode: "0600" loop: - TD_DTSV_service_account.json @@ -93,4 +93,4 @@ copy: src: set-rclone-password dest: ~/set-rclone-password - mode: 0644 + mode: "0644" diff --git a/roles/redis/tasks/main.yml b/roles/redis/tasks/main.yml index ed8d044..ee5c432 100644 --- a/roles/redis/tasks/main.yml +++ b/roles/redis/tasks/main.yml @@ -10,5 +10,5 @@ dest: /etc/redis/redis.conf owner: redis group: redis - mode: 0640 + mode: "0640" notify: restart redis diff --git a/roles/systemd_exporter/tasks/main.yml b/roles/systemd_exporter/tasks/main.yml index e5cef27..0bd7ecb 100644 --- a/roles/systemd_exporter/tasks/main.yml +++ b/roles/systemd_exporter/tasks/main.yml @@ -44,5 +44,5 @@ dest: /etc/systemd/system/systemd_exporter.service owner: root group: root - mode: 0644 + mode: "0644" notify: restart systemd_exporter diff --git a/roles/webserver/tasks/nginx.yml b/roles/webserver/tasks/nginx.yml index eefe248..51a3285 100644 --- a/roles/webserver/tasks/nginx.yml +++ b/roles/webserver/tasks/nginx.yml @@ -4,7 +4,7 @@ template: src: "{{ item.src }}" dest: "{{ item.dest }}" - mode: 0644 + mode: "0644" loop: - {src: "nginx.conf.j2", dest: "/etc/nginx/nginx.conf"} - {src: "cert.conf.j2", dest: "/etc/nginx/global/cert.conf"} @@ -17,7 +17,7 @@ template: src: "{{ item }}" dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2$', '') }} - mode: 0644 + mode: "0644" with_fileglob: "../templates/conf.d/*.j2" notify: reload nginx @@ -27,7 +27,7 @@ file: path: "{{ webserver_nginx_cert_path }}" state: directory - mode: 0755 + mode: "0755" - name: Copy SSL certificates for {{ webserver_domain }} copy: @@ -37,19 +37,19 @@ dest: "{{ webserver_nginx_cert_path }}/{{ webserver_domain }}.{{ item }}" owner: root group: root - mode: 0600 + mode: "0600" loop: [crt, key, issuer.crt] notify: reload nginx - name: Create nginx.service.d directory file: path: /etc/systemd/system/nginx.service.d - mode: 0755 + mode: "0755" state: directory - name: Increase max open files template: src: nginx_systemd.conf.j2 dest: /etc/systemd/system/nginx.service.d/nginx.conf - mode: 0644 + mode: "0644" notify: restart nginx diff --git a/roles/webserver/tasks/rclone.yml b/roles/webserver/tasks/rclone.yml index b13b24d..b9091c7 100644 --- a/roles/webserver/tasks/rclone.yml +++ b/roles/webserver/tasks/rclone.yml @@ -3,6 +3,6 @@ template: src: "rclone.conf.j2" dest: "{{ rclone_config_file }}" - mode: 0600 + mode: "0600" # rclone config file changes while using to force update via ansible use rclone_config_force force: "{{ rclone_config_force }}" diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 21e51d9..be1f7bb 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -34,7 +34,7 @@ state: directory owner: "{{ webserver_user }}" group: "{{ wordpress_group }}" - mode: 0755 + mode: "0755" - name: Copy configuration file template: @@ -42,4 +42,4 @@ dest: "{{ wordpress_dir }}/wp-config.php" owner: "{{ webserver_user }}" group: "{{ wordpress_group }}" - mode: 0640 + mode: "0640"