DTSV/Ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

add quotes around octal values

Browse Source 
YAML loaders will load them as strings, providing a consistent behavior. This is also safer as JSON does not support octal values either.
This commit is contained in:
Oli
2023-02-19 14:18:09 +00:00
parent 4d1d486512
commit 34f3c54ceb
18 changed files with 39 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/bastion/tasks/ssh.yml
View File

@@ -4,6 +4,6 @@
copy:
src: "ssh/"
dest: "~/.ssh/"
mode: 0600
mode: "0600"
directory_mode: true
become_user: "{{ main_user }}"

4
roles/bastion/tasks/terraform.yml
View File

@@ -4,7 +4,7 @@
template:
src: "tfvars_token.j2"
dest: "~/.tfvars_token_dtsv"
mode: 0640
mode: "0640"
become_user: "{{ main_user }}"
- name: Add .tfvars_token to .bash_profile
@@ -12,5 +12,5 @@
path: "~/.bash_profile"
create: true
line: "source ~/.tfvars_token_dtsv"
mode: 0644
mode: "0644"
become_user: "{{ main_user }}"

6
roles/lego/tasks/main.yml
View File

@@ -25,7 +25,7 @@
remote_src: true
src: "/var/tmp/lego.tar.gz"
dest: "/var/tmp"
mode: 0755
mode: "0755"
extra_opts:
- --one-top-level
include:
@@ -34,7 +34,7 @@
- name: Create lego config directory
file:
path: "{{ lego_config_dir }}"
mode: 0755
mode: "0755"
state: directory
- name: Check lego registration
@@ -57,6 +57,6 @@
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
mode: 0644
mode: "0644"
loop: [lego.service, lego.timer]
notify: [restart lego_service, restart lego_timer]

2
roles/mariadb/tasks/mariadb.yml
View File

@@ -32,5 +32,5 @@
dest: /etc/mysql/my.cnf
owner: mysql
group: mysql
mode: 0600
mode: "0600"
notify: restart mariadb

2
roles/mariadb/tasks/mysqld_exporter.yml
View File

@@ -44,5 +44,5 @@
dest: /etc/systemd/system/mysqld_exporter.service
owner: root
group: root
mode: 0644
mode: "0644"
notify: restart mysqld_exporter

10
roles/nextcloud/tasks/configure.yml
View File

@@ -72,7 +72,7 @@
remote_src: true
owner: "{{ nextcloud_exporter_system_user }}"
group: "{{ nextcloud_exporter_system_group }}"
mode: 0755
mode: "0755"
notify: restart nextcloud_exporter
- name: Get latest nextcloud_notify_push version
@@ -116,7 +116,7 @@
remote_src: true
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
mode: 0700
mode: "0700"
notify: restart nextcloud_notify_push
- name: Copy nextcloud_nightlycron
@@ -125,7 +125,7 @@
dest: "{{ nextcloud_background_script_dir }}/nextcloud_nightlycron.sh"
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
mode: 0700
mode: "0700"
- name: Copy Nextcloud systemd service file
template:
@@ -133,7 +133,7 @@
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
mode: 0644
mode: "0644"
loop:
- nextcloudcron.service
- nextcloudcron.timer
@@ -149,4 +149,4 @@
template:
src: logrotate.nextcloud.j2
dest: /etc/logrotate.d/nextcloud
mode: 0644
mode: "0644"

4
roles/nextcloud/tasks/nextcloud.yml
View File

@@ -16,7 +16,7 @@
state: directory
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
mode: 0770
mode: "0770"
force: false
- name: Download nextcloud latest from nextcloud.com
@@ -55,7 +55,7 @@
src: "nextcloud.config.json.j2"
dest: /tmp/nextcloud.config.json
owner: "{{ webserver_user }}"
mode: 0600
mode: "0600"
- name: Ensure nextcloud installation is finished
become: true

6
roles/nextcloud/tasks/rclone.yml
View File

@@ -4,7 +4,7 @@
- name: Create Rclone mount directory
file:
path: "{{ nextcloud_rclone_mount_dir }}"
mode: 0770
mode: "0770"
state: directory
# Touch rclone log file to set permissions
@@ -12,7 +12,7 @@
file:
path: "{{ rclone_log_dir }}/mount_nextcloud.log"
state: touch
mode: 0640
mode: "0640"
access_time: preserve
modification_time: preserve
@@ -20,7 +20,7 @@
template:
src: rclone_mount_nextcloud.service.j2
dest: /etc/systemd/system/rclone_mount_nextcloud.service
mode: 0640
mode: "0640"
notify: restart rclone_mount_nextcloud
- name: "Add {{ webserver_user }} user to rclone group"

4
roles/nginx/tasks/main.yml
View File

@@ -27,14 +27,14 @@
- name: Create global config folder
file:
path: "/etc/nginx/global"
mode: 0755
mode: "0755"
state: directory
- name: Copy Nginx SSL Config
template:
dest: /etc/nginx/global/ssl.conf
src: ssl.conf.j2
mode: 0644
mode: "0644"
notify: reload nginx
- name: Download pre-defined DHE group # as recommended by IETF RFC 7919

2
roles/node_exporter/tasks/main.yml
View File

@@ -61,5 +61,5 @@
dest: /etc/systemd/system/node_exporter.service
owner: root
group: root
mode: 0644
mode: "0644"
notify: restart node_exporter

2
roles/php/tasks/main.yml
View File

@@ -24,6 +24,6 @@
template:
dest: /etc/nginx/conf.d/php-handler.conf
src: php-handler.conf.j2
mode: 0644
mode: "0644"
when: '"fpm" in php_modules'
notify: reload nginx

2
roles/postgresql/tasks/postgres_exporter.yml
View File

@@ -44,5 +44,5 @@
dest: /etc/systemd/system/postgres_exporter.service
owner: root
group: root
mode: 0644
mode: "0644"
notify: restart postgres_exporter

10
roles/rclone/tasks/main.yml
View File

@@ -38,7 +38,7 @@
file:
path: "{{ rclone_config_dir }}"
state: directory
mode: 700
mode: "0700"
- name: Create rclone group
group:
@@ -69,7 +69,7 @@
- name: Create rclone cache/log directory
file:
path: "{{ item }}"
mode: 0750
mode: "0750"
state: directory
loop:
- "{{ rclone_cache_dir }}"
@@ -79,13 +79,13 @@
template:
src: logrotate.rclone.j2
dest: /etc/logrotate.d/rclone
mode: 0644
mode: "0644"
- name: Copy service account files
copy:
src: "{{ item }}"
dest: "{{ rclone_config_dir }}/{{ item }}"
mode: 0600
mode: "0600"
loop:
- TD_DTSV_service_account.json
@@ -93,4 +93,4 @@
copy:
src: set-rclone-password
dest: ~/set-rclone-password
mode: 0644
mode: "0644"

2
roles/redis/tasks/main.yml
View File

@@ -10,5 +10,5 @@
dest: /etc/redis/redis.conf
owner: redis
group: redis
mode: 0640
mode: "0640"
notify: restart redis

2
roles/systemd_exporter/tasks/main.yml
View File

@@ -44,5 +44,5 @@
dest: /etc/systemd/system/systemd_exporter.service
owner: root
group: root
mode: 0644
mode: "0644"
notify: restart systemd_exporter

12
roles/webserver/tasks/nginx.yml
View File

@@ -4,7 +4,7 @@
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0644
mode: "0644"
loop:
- {src: "nginx.conf.j2", dest: "/etc/nginx/nginx.conf"}
- {src: "cert.conf.j2", dest: "/etc/nginx/global/cert.conf"}
@@ -17,7 +17,7 @@
template:
src: "{{ item }}"
dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2$', '') }}
mode: 0644
mode: "0644"
with_fileglob: "../templates/conf.d/*.j2"
notify: reload nginx
@@ -27,7 +27,7 @@
file:
path: "{{ webserver_nginx_cert_path }}"
state: directory
mode: 0755
mode: "0755"
- name: Copy SSL certificates for {{ webserver_domain }}
copy:
@@ -37,19 +37,19 @@
dest: "{{ webserver_nginx_cert_path }}/{{ webserver_domain }}.{{ item }}"
owner: root
group: root
mode: 0600
mode: "0600"
loop: [crt, key, issuer.crt]
notify: reload nginx
- name: Create nginx.service.d directory
file:
path: /etc/systemd/system/nginx.service.d
mode: 0755
mode: "0755"
state: directory
- name: Increase max open files
template:
src: nginx_systemd.conf.j2
dest: /etc/systemd/system/nginx.service.d/nginx.conf
mode: 0644
mode: "0644"
notify: restart nginx

2
roles/webserver/tasks/rclone.yml
View File

@@ -3,6 +3,6 @@
template:
src: "rclone.conf.j2"
dest: "{{ rclone_config_file }}"
mode: 0600
mode: "0600"
# rclone config file changes while using to force update via ansible use rclone_config_force
force: "{{ rclone_config_force }}"

4
roles/wordpress/tasks/main.yml
View File

@@ -34,7 +34,7 @@
state: directory
owner: "{{ webserver_user }}"
group: "{{ wordpress_group }}"
mode: 0755
mode: "0755"
- name: Copy configuration file
template:
@@ -42,4 +42,4 @@
dest: "{{ wordpress_dir }}/wp-config.php"
owner: "{{ webserver_user }}"
group: "{{ wordpress_group }}"
mode: 0640
mode: "0640"