add quotes around octal values

YAML loaders will load them as strings, providing a consistent behavior. This is also safer as JSON does not support octal values either.
2023-02-19 14:18:09 +00:00
parent 4d1d486512
commit 34f3c54ceb
18 changed files with 39 additions and 39 deletions
--- a/roles/bastion/tasks/ssh.yml
+++ b/roles/bastion/tasks/ssh.yml
@@ -4,6 +4,6 @@
  copy:
    src: "ssh/"
    dest: "~/.ssh/"
-    mode: 0600
+    mode: "0600"
    directory_mode: true
  become_user: "{{ main_user }}"
--- a/roles/bastion/tasks/terraform.yml
+++ b/roles/bastion/tasks/terraform.yml
@@ -4,7 +4,7 @@
  template:
    src: "tfvars_token.j2"
    dest: "~/.tfvars_token_dtsv"
-    mode: 0640
+    mode: "0640"
  become_user: "{{ main_user }}"
 - name: Add .tfvars_token to .bash_profile
@@ -12,5 +12,5 @@
    path: "~/.bash_profile"
    create: true
    line: "source ~/.tfvars_token_dtsv"
-    mode: 0644
+    mode: "0644"
  become_user: "{{ main_user }}"
--- a/roles/lego/tasks/main.yml
+++ b/roles/lego/tasks/main.yml
@@ -25,7 +25,7 @@
    remote_src: true
    src: "/var/tmp/lego.tar.gz"
    dest: "/var/tmp"
-    mode: 0755
+    mode: "0755"
    extra_opts:
      - --one-top-level
    include:
@@ -34,7 +34,7 @@
 - name: Create lego config directory
  file:
    path: "{{ lego_config_dir }}"
-    mode: 0755
+    mode: "0755"
    state: directory
 - name: Check lego registration
@@ -57,6 +57,6 @@
  template:
    src: "{{ item }}.j2"
    dest: "/etc/systemd/system/{{ item }}"
-    mode: 0644
+    mode: "0644"
  loop: [lego.service, lego.timer]
  notify: [restart lego_service, restart lego_timer]
--- a/roles/mariadb/tasks/mariadb.yml
+++ b/roles/mariadb/tasks/mariadb.yml
@@ -32,5 +32,5 @@
    dest: /etc/mysql/my.cnf
    owner: mysql
    group: mysql
-    mode: 0600
+    mode: "0600"
  notify: restart mariadb
--- a/roles/mariadb/tasks/mysqld_exporter.yml
+++ b/roles/mariadb/tasks/mysqld_exporter.yml
@@ -44,5 +44,5 @@
    dest: /etc/systemd/system/mysqld_exporter.service
    owner: root
    group: root
-    mode: 0644
+    mode: "0644"
  notify: restart mysqld_exporter
--- a/roles/nextcloud/tasks/configure.yml
+++ b/roles/nextcloud/tasks/configure.yml
@@ -72,7 +72,7 @@
    remote_src: true
    owner: "{{ nextcloud_exporter_system_user }}"
    group: "{{ nextcloud_exporter_system_group }}"
-    mode: 0755
+    mode: "0755"
  notify: restart nextcloud_exporter
 - name: Get latest nextcloud_notify_push version
@@ -116,7 +116,7 @@
    remote_src: true
    owner: "{{ webserver_user }}"
    group: "{{ webserver_group }}"
-    mode: 0700
+    mode: "0700"
  notify: restart nextcloud_notify_push
 - name: Copy nextcloud_nightlycron
@@ -125,7 +125,7 @@
    dest: "{{ nextcloud_background_script_dir }}/nextcloud_nightlycron.sh"
    owner: "{{ webserver_user }}"
    group: "{{ webserver_group }}"
-    mode: 0700
+    mode: "0700"
 - name: Copy Nextcloud systemd service file
  template:
@@ -133,7 +133,7 @@
    dest: "/etc/systemd/system/{{ item }}"
    owner: root
    group: root
-    mode: 0644
+    mode: "0644"
  loop:
    - nextcloudcron.service
    - nextcloudcron.timer
@@ -149,4 +149,4 @@
  template:
    src: logrotate.nextcloud.j2
    dest: /etc/logrotate.d/nextcloud
-    mode: 0644
+    mode: "0644"
--- a/roles/nextcloud/tasks/nextcloud.yml
+++ b/roles/nextcloud/tasks/nextcloud.yml
@@ -16,7 +16,7 @@
        state: directory
        owner: "{{ webserver_user }}"
        group: "{{ webserver_group }}"
-        mode: 0770
+        mode: "0770"
        force: false
    - name: Download nextcloud latest from nextcloud.com
@@ -55,7 +55,7 @@
        src: "nextcloud.config.json.j2"
        dest: /tmp/nextcloud.config.json
        owner: "{{ webserver_user }}"
-        mode: 0600
+        mode: "0600"
    - name: Ensure nextcloud installation is finished
      become: true
--- a/roles/nextcloud/tasks/rclone.yml
+++ b/roles/nextcloud/tasks/rclone.yml
@@ -4,7 +4,7 @@
 - name: Create Rclone mount directory
  file:
    path: "{{ nextcloud_rclone_mount_dir }}"
-    mode: 0770
+    mode: "0770"
    state: directory
 # Touch rclone log file to set permissions
@@ -12,7 +12,7 @@
  file:
    path: "{{ rclone_log_dir }}/mount_nextcloud.log"
    state: touch
-    mode: 0640
+    mode: "0640"
    access_time: preserve
    modification_time: preserve
@@ -20,7 +20,7 @@
  template:
    src: rclone_mount_nextcloud.service.j2
    dest: /etc/systemd/system/rclone_mount_nextcloud.service
-    mode: 0640
+    mode: "0640"
  notify: restart rclone_mount_nextcloud
 - name: "Add {{ webserver_user }} user to rclone group"
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -27,14 +27,14 @@
 - name: Create global config folder
  file:
    path: "/etc/nginx/global"
-    mode: 0755
+    mode: "0755"
    state: directory
 - name: Copy Nginx SSL Config
  template:
    dest: /etc/nginx/global/ssl.conf
    src: ssl.conf.j2
-    mode: 0644
+    mode: "0644"
  notify: reload nginx
 - name: Download pre-defined DHE group  # as recommended by IETF RFC 7919
--- a/roles/node_exporter/tasks/main.yml
+++ b/roles/node_exporter/tasks/main.yml
@@ -61,5 +61,5 @@
    dest: /etc/systemd/system/node_exporter.service
    owner: root
    group: root
-    mode: 0644
+    mode: "0644"
  notify: restart node_exporter
--- a/roles/php/tasks/main.yml
+++ b/roles/php/tasks/main.yml
@@ -24,6 +24,6 @@
  template:
    dest: /etc/nginx/conf.d/php-handler.conf
    src: php-handler.conf.j2
-    mode: 0644
+    mode: "0644"
  when: '"fpm" in php_modules'
  notify: reload nginx
--- a/roles/postgresql/tasks/postgres_exporter.yml
+++ b/roles/postgresql/tasks/postgres_exporter.yml
@@ -44,5 +44,5 @@
    dest: /etc/systemd/system/postgres_exporter.service
    owner: root
    group: root
-    mode: 0644
+    mode: "0644"
  notify: restart postgres_exporter
--- a/roles/rclone/tasks/main.yml
+++ b/roles/rclone/tasks/main.yml
@@ -38,7 +38,7 @@
  file:
    path: "{{ rclone_config_dir }}"
    state: directory
-    mode: 700
+    mode: "0700"
 - name: Create rclone group
  group:
@@ -69,7 +69,7 @@
 - name: Create rclone cache/log directory
  file:
    path: "{{ item }}"
-    mode: 0750
+    mode: "0750"
    state: directory
  loop:
    - "{{ rclone_cache_dir }}"
@@ -79,13 +79,13 @@
  template:
    src: logrotate.rclone.j2
    dest: /etc/logrotate.d/rclone
-    mode: 0644
+    mode: "0644"
 - name: Copy service account files
  copy:
    src: "{{ item }}"
    dest: "{{ rclone_config_dir }}/{{ item }}"
-    mode: 0600
+    mode: "0600"
  loop:
    - TD_DTSV_service_account.json
@@ -93,4 +93,4 @@
  copy:
    src: set-rclone-password
    dest: ~/set-rclone-password
-    mode: 0644
+    mode: "0644"
--- a/roles/redis/tasks/main.yml
+++ b/roles/redis/tasks/main.yml
@@ -10,5 +10,5 @@
    dest: /etc/redis/redis.conf
    owner: redis
    group: redis
-    mode: 0640
+    mode: "0640"
  notify: restart redis
--- a/roles/systemd_exporter/tasks/main.yml
+++ b/roles/systemd_exporter/tasks/main.yml
@@ -44,5 +44,5 @@
    dest: /etc/systemd/system/systemd_exporter.service
    owner: root
    group: root
-    mode: 0644
+    mode: "0644"
  notify: restart systemd_exporter
--- a/roles/webserver/tasks/nginx.yml
+++ b/roles/webserver/tasks/nginx.yml
@@ -4,7 +4,7 @@
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    mode: 0644
+    mode: "0644"
  loop:
    - {src: "nginx.conf.j2", dest: "/etc/nginx/nginx.conf"}
    - {src: "cert.conf.j2", dest: "/etc/nginx/global/cert.conf"}
@@ -17,7 +17,7 @@
  template:
    src: "{{ item }}"
    dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2$', '') }}
-    mode: 0644
+    mode: "0644"
  with_fileglob: "../templates/conf.d/*.j2"
  notify: reload nginx
@@ -27,7 +27,7 @@
  file:
    path: "{{ webserver_nginx_cert_path }}"
    state: directory
-    mode: 0755
+    mode: "0755"
 - name: Copy SSL certificates for {{ webserver_domain }}
  copy:
@@ -37,19 +37,19 @@
    dest: "{{ webserver_nginx_cert_path }}/{{ webserver_domain }}.{{ item }}"
    owner: root
    group: root
-    mode: 0600
+    mode: "0600"
  loop: [crt, key, issuer.crt]
  notify: reload nginx
 - name: Create nginx.service.d directory
  file:
    path: /etc/systemd/system/nginx.service.d
-    mode: 0755
+    mode: "0755"
    state: directory
 - name: Increase max open files
  template:
    src: nginx_systemd.conf.j2
    dest: /etc/systemd/system/nginx.service.d/nginx.conf
-    mode: 0644
+    mode: "0644"
  notify: restart nginx
--- a/roles/webserver/tasks/rclone.yml
+++ b/roles/webserver/tasks/rclone.yml
@@ -3,6 +3,6 @@
  template:
    src: "rclone.conf.j2"
    dest: "{{ rclone_config_file }}"
-    mode: 0600
+    mode: "0600"
    # rclone config file changes while using to force update via ansible use rclone_config_force
    force: "{{ rclone_config_force }}"
--- a/roles/wordpress/tasks/main.yml
+++ b/roles/wordpress/tasks/main.yml
@@ -34,7 +34,7 @@
    state: directory
    owner: "{{ webserver_user }}"
    group: "{{ wordpress_group }}"
-    mode: 0755
+    mode: "0755"
 - name: Copy configuration file
  template:
@@ -42,4 +42,4 @@
    dest: "{{ wordpress_dir }}/wp-config.php"
    owner: "{{ webserver_user }}"
    group: "{{ wordpress_group }}"
-    mode: 0640
+    mode: "0640"