diff --git a/admin-users/tasks/adduser_debian.yml b/admin-users/tasks/adduser_debian.yml index 6caa7d46..abbfb389 100644 --- a/admin-users/tasks/adduser_debian.yml +++ b/admin-users/tasks/adduser_debian.yml @@ -30,7 +30,7 @@ - name: Fix perms on homedirectory for '{{ user.name }}' file: name: '/home/{{ user.name }}' - mode: 0700 + mode: "700" state: directory - name: is evomaintenance installed? @@ -50,7 +50,7 @@ file: dest: '/home/{{ user.name }}/.ssh/' state: directory - mode: 0700 + mode: "700" owner: '{{ user.name }}' group: '{{ user.name }}' @@ -118,7 +118,7 @@ - name: Verify Evolinux sudoers file permissions file: path: /etc/sudoers.d/evolinux - mode: 0440 + mode: "440" state: file - name: Add user in sudoers file for '{{ user.name }}' diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index 9e128774..da1d43fd 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -29,7 +29,7 @@ dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf" owner: root group: root - mode: 0644 + mode: "644" force: yes tags: - apache @@ -40,7 +40,7 @@ dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf" owner: root group: root - mode: 0644 + mode: "644" force: no tags: - apache @@ -61,7 +61,7 @@ dest: /etc/apache2/private_ipaddr_whitelist.conf owner: root group: root - mode: 0640 + mode: "640" force: no tags: - apache @@ -92,7 +92,7 @@ dest: /etc/apache2/private_htpasswd owner: root group: root - mode: 0640 + mode: "640" force: no notify: reload apache tags: diff --git a/apt-repositories/tasks/main.yml b/apt-repositories/tasks/main.yml index 81dead7a..7d249b90 100644 --- a/apt-repositories/tasks/main.yml +++ b/apt-repositories/tasks/main.yml @@ -6,7 +6,7 @@ dest: /etc/apt/sources.list.d/backports.list force: yes backup: yes - mode: 0640 + mode: "640" notify: apt update when: ansible_distribution_major_version == '8' @@ -16,7 +16,7 @@ dest: /etc/apt/sources.list.d/backports.list force: yes backup: yes - mode: 0640 + mode: "640" notify: apt update when: ansible_distribution_major_version == '9' @@ -26,7 +26,7 @@ dest: /etc/apt/preferences.d/backports force: yes backup: yes - mode: 0640 + mode: "640" notify: apt update when: ansible_distribution_major_version == '8' @@ -36,7 +36,7 @@ dest: /etc/apt/preferences.d/backports force: yes backup: yes - mode: 0640 + mode: "640" notify: apt update when: ansible_distribution_major_version == '9' diff --git a/drbd-utils/tasks/munin.yml b/drbd-utils/tasks/munin.yml index 9bba426c..ca96909f 100644 --- a/drbd-utils/tasks/munin.yml +++ b/drbd-utils/tasks/munin.yml @@ -4,7 +4,7 @@ get_url: url: 'https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/drbd/drbd' dest: '/etc/munin/plugins/' - mode: 0755 + mode: "755" notify: restart munin-node - name: Copy Munin plugin conf diff --git a/drbd-utils/tasks/nagios.yml b/drbd-utils/tasks/nagios.yml index 22b65601..41e8eab4 100644 --- a/drbd-utils/tasks/nagios.yml +++ b/drbd-utils/tasks/nagios.yml @@ -3,4 +3,4 @@ get_url: url: 'https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=3367&cf_id=30' dest: '/usr/local/lib/nagios/plugins/check_drbd' - mode: 0755 + mode: "755" diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml index bba36dee..045cf3e2 100644 --- a/elasticsearch/tasks/tmpdir.yml +++ b/elasticsearch/tasks/tmpdir.yml @@ -12,7 +12,7 @@ path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" owner: elasticsearch group: elasticsearch - mode: 0755 + mode: "755" state: directory tags: - elasticsearch diff --git a/etc-git/tasks/main.yml b/etc-git/tasks/main.yml index 2371c3d9..0ef8762a 100644 --- a/etc-git/tasks/main.yml +++ b/etc-git/tasks/main.yml @@ -24,7 +24,7 @@ path: /etc/.git owner: root group: root - mode: 0700 + mode: "700" state: directory - name: /etc/.gitignore is present @@ -33,7 +33,7 @@ dest: /etc/.gitignore owner: root group: root - mode: 0600 + mode: "600" - name: does /etc/ have any commit? command: "git log" diff --git a/evoacme/tasks/acme.yml b/evoacme/tasks/acme.yml index e3763697..2ae05999 100644 --- a/evoacme/tasks/acme.yml +++ b/evoacme/tasks/acme.yml @@ -16,7 +16,7 @@ - name: Fix crt dir's right file: path: "{{ evoacme_crt_dir }}" - mode: 0755 + mode: "755" owner: acme group: acme state: directory @@ -24,7 +24,7 @@ - name: Fix log dir's right file: path: "{{ evoacme_log_dir }}" - mode: 0755 + mode: "755" owner: acme group: acme state: directory @@ -32,7 +32,7 @@ - name: Fix challenge dir's right file: path: "{{ evoacme_acme_dir }}" - mode: 0755 + mode: "755" owner: acme group: acme state: directory diff --git a/evoacme/tasks/apache.yml b/evoacme/tasks/apache.yml index cc22f234..0dc0403c 100644 --- a/evoacme/tasks/apache.yml +++ b/evoacme/tasks/apache.yml @@ -4,7 +4,7 @@ dest: /etc/apache2/conf-available/letsencrypt.conf owner: root group: root - mode: 0644 + mode: "644" notify: reload apache2 - name: Enable acme challenge conf diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml index 417b2644..2d7589c0 100644 --- a/evoacme/tasks/certbot.yml +++ b/evoacme/tasks/certbot.yml @@ -69,13 +69,13 @@ content: | #!/bin/sh sudo /opt/certbot/certbot-auto $@ - mode: 0755 + mode: "755" - name: Add sudo right for source install copy: src: files/sudoers dest: /etc/sudoers.d/certbot - mode: 0440 + mode: "440" validate: '/usr/sbin/visudo -cf %s' when: evoacme_certbot_release is undefined @@ -88,4 +88,4 @@ copy: src: certbot.cron dest: /etc/cron.daily/certbot - mode: 0755 + mode: "755" diff --git a/evoacme/tasks/conf.yml b/evoacme/tasks/conf.yml index e9bc0c15..1f1fd507 100644 --- a/evoacme/tasks/conf.yml +++ b/evoacme/tasks/conf.yml @@ -30,4 +30,4 @@ dest: /etc/default/evoacme owner: root group: root - mode: 0644 + mode: "644" diff --git a/evoacme/tasks/nginx.yml b/evoacme/tasks/nginx.yml index f8b625ff..af2e86ee 100644 --- a/evoacme/tasks/nginx.yml +++ b/evoacme/tasks/nginx.yml @@ -4,4 +4,4 @@ dest: /etc/nginx/letsencrypt.conf owner: root group: root - mode: 0644 + mode: "644" diff --git a/evoacme/tasks/scripts.yml b/evoacme/tasks/scripts.yml index 052f22db..0eec55ff 100644 --- a/evoacme/tasks/scripts.yml +++ b/evoacme/tasks/scripts.yml @@ -5,7 +5,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "755" - name: Copy make-csr.sh script copy: @@ -13,7 +13,7 @@ dest: /usr/local/bin/make-csr owner: root group: root - mode: 0755 + mode: "755" - name: Copy evoacme script copy: @@ -21,4 +21,4 @@ dest: /usr/local/bin/evoacme owner: root group: root - mode: 0755 + mode: "755" diff --git a/evolinux-base/tasks/apt.yml b/evolinux-base/tasks/apt.yml index 23a64f72..c44a61d5 100644 --- a/evolinux-base/tasks/apt.yml +++ b/evolinux-base/tasks/apt.yml @@ -6,7 +6,7 @@ line: "{{ item }}" create: yes state: present - mode: 0640 + mode: "640" with_items: - "APT::Install-Recommends \"0\";" - "APT::Install-Suggests \"0\";" @@ -18,7 +18,7 @@ line: "{{ item }}" create: yes state: present - mode: 0640 + mode: "640" with_items: - "DPkg::Pre-Invoke { \"mount -oremount,exec /tmp && mount -oremount,rw /usr || true\"; };" - "DPkg::Post-Invoke { \"mount -oremount /tmp && mount -oremount /usr || exit 0\"; };" @@ -57,7 +57,7 @@ dest: /etc/apt/sources.list.d/evolix_public.list force: yes backup: yes - mode: 0640 + mode: "640" when: evolinux_apt_public_sources - name: Remove Aptitude diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index af7007c4..642b965f 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -3,15 +3,15 @@ file: path: /var/www state: directory - mode: 0755 + mode: "0755" when: evolinux_default_www_files - name: images are copied copy: src: default_www/img dest: /var/www/ - mode: 0755 - directory_mode: 0755 + mode: "0755" + directory_mode: "0755" follow: yes when: evolinux_default_www_files @@ -19,7 +19,7 @@ template: src: default_www/index.html.j2 dest: /var/www/index.html - mode: 0755 + mode: "0755" when: evolinux_default_www_files # SSL cert @@ -40,7 +40,7 @@ path: /etc/ssl/private/{{ ansible_fqdn }}.key owner: root group: ssl-cert - mode: 0640 + mode: "640" - name: Create certificate for default site command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt @@ -60,7 +60,7 @@ template: src: default_www/nginx_default_site.j2 dest: /etc/nginx/sites-available/000-default - mode: 0640 + mode: "640" # force: yes notify: reload nginx tags: @@ -91,7 +91,7 @@ template: src: default_www/apache_default_site.j2 dest: /etc/apache2/sites-available/000-default - mode: 0640 + mode: "640" # force: yes notify: reload apache tags: diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml index 28b1e8e6..d2a17077 100644 --- a/evolinux-base/tasks/hardware.yml +++ b/evolinux-base/tasks/hardware.yml @@ -39,7 +39,7 @@ template: src: hardware/cciss-vol-statusd.j2 dest: /etc/init.d/cciss-vol-statusd - mode: 0755 + mode: "755" - name: Enable HP hardware in sysctl service: @@ -66,7 +66,7 @@ template: src: hardware/megaclisas-statusd.j2 dest: /etc/default/megaclisas-statusd - mode: 0755 + mode: "755" - name: Enable DELL/LSI hardware in sysctl service: diff --git a/evolinux-base/tasks/logs.yml b/evolinux-base/tasks/logs.yml index 61eaa2ba..f3016300 100644 --- a/evolinux-base/tasks/logs.yml +++ b/evolinux-base/tasks/logs.yml @@ -6,7 +6,7 @@ copy: src: logs/rsyslog.conf dest: /etc/rsyslog.conf - mode: 0644 + mode: "644" notify: restart rsyslog when: evolinux_logs_rsyslog_conf diff --git a/evolinux-base/tasks/root.yml b/evolinux-base/tasks/root.yml index 77001ee0..0bf9e791 100644 --- a/evolinux-base/tasks/root.yml +++ b/evolinux-base/tasks/root.yml @@ -4,7 +4,7 @@ file: path: /root state: directory - mode: 0700 + mode: "700" when: evolinux_root_chmod - name: "Customize root's bashrc..." diff --git a/evolinux-base/tasks/system.yml b/evolinux-base/tasks/system.yml index ade92b59..f65e02a0 100644 --- a/evolinux-base/tasks/system.yml +++ b/evolinux-base/tasks/system.yml @@ -1,17 +1,10 @@ --- -# WARN: the documentation says that the mode is in "octal mode" -# but if the leading digit is not 0 it must be added again. -# 755 -> 0755 -# 2755 -> 02755 -# 1777 -> 01777 -# Bottom line: if the mode is not preceded by a 0, it will mess your rights up. - - name: /tmp must be world-writable file: path: /tmp state: directory - mode: 01777 + mode: "1777" when: evolinux_system_chmod_tmp - name: Setting default locales @@ -126,7 +119,7 @@ src: system/init_alert5.j2 dest: /etc/init.d/alert5 force: no - mode: 0755 + mode: "755" when: evolinux_system_alert5_init - name: Enable alert5 init script diff --git a/fail2ban/tasks/main.yml b/fail2ban/tasks/main.yml index 0a25e269..ad4ecdd5 100644 --- a/fail2ban/tasks/main.yml +++ b/fail2ban/tasks/main.yml @@ -10,7 +10,7 @@ copy: src: "{{ item }}" dest: /etc/fail2ban/filter.d/ - mode: 0644 + mode: "644" with_items: - dovecot-evolix.conf - sasl-evolix.conf @@ -20,5 +20,5 @@ template: src: jail.local.j2 dest: /etc/fail2ban/jail.local - mode: 0644 + mode: "644" notify: restart fail2ban diff --git a/kibana/tasks/main.yml b/kibana/tasks/main.yml index 6d501887..7fe3e632 100644 --- a/kibana/tasks/main.yml +++ b/kibana/tasks/main.yml @@ -18,6 +18,6 @@ copy: src: logrotate dest: /etc/logrotate.d/kibana - mode: 0644 + mode: "644" owner: root group: root diff --git a/kvm-host/tasks/munin.yml b/kvm-host/tasks/munin.yml index fdfe7fb4..007004c4 100644 --- a/kvm-host/tasks/munin.yml +++ b/kvm-host/tasks/munin.yml @@ -4,7 +4,7 @@ get_url: url: "https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/virtualization/{{ item }}" dest: "/etc/munin/plugins/" - mode: 0755 + mode: "755" with_items: - kvm_cpu - kvm_io diff --git a/listupgrade/tasks/main.yml b/listupgrade/tasks/main.yml index e164fc51..c50788eb 100644 --- a/listupgrade/tasks/main.yml +++ b/listupgrade/tasks/main.yml @@ -3,13 +3,13 @@ file: path: "/usr/share/scripts" state: directory - mode: 0700 + mode: "700" - name: Copy listupgrade script template: src: listupgrade.sh.j2 dest: "/usr/share/scripts/listupgrade.sh" - mode: 0700 + mode: "700" owner: root group: root force: yes @@ -19,13 +19,13 @@ file: path: /etc/evolinux state: directory - mode: 0600 + mode: "600" - name: Copy listupgrade config template: src: listupgrade.cnf.j2 dest: /etc/evolinux/listupgrade.cnf - mode: 0600 + mode: "600" owner: root group: root force: no @@ -34,6 +34,6 @@ template: src: listupgrade_cron.j2 dest: /etc/cron.d/listupgrade - mode: 0600 + mode: "600" owner: root group: root diff --git a/monit/tasks/main.yml b/monit/tasks/main.yml index 604667a5..237f2ae8 100644 --- a/monit/tasks/main.yml +++ b/monit/tasks/main.yml @@ -12,7 +12,7 @@ template: src: custom.conf.j2 dest: /etc/monit/conf.d/custom.conf - mode: 0640 + mode: "640" force: yes notify: restart monit tags: diff --git a/mysql/tasks/config.yml b/mysql/tasks/config.yml index 617f846d..a15e253d 100644 --- a/mysql/tasks/config.yml +++ b/mysql/tasks/config.yml @@ -5,7 +5,7 @@ dest: /etc/mysql/conf.d/z-evolinux-defaults.cnf owner: root group: root - mode: 0644 + mode: "644" force: yes tags: - mysql @@ -16,7 +16,7 @@ dest: /etc/mysql/conf.d/zzz-evolinux-custom.cnf owner: root group: root - mode: 0640 + mode: "640" force: no tags: - mysql diff --git a/mysql/tasks/log2mail.yml b/mysql/tasks/log2mail.yml index f4e4c2e0..0e43dc1c 100644 --- a/mysql/tasks/log2mail.yml +++ b/mysql/tasks/log2mail.yml @@ -12,7 +12,7 @@ template: src: log2mail.j2 dest: /etc/log2mail/config/mysql.conf - mode: 0640 + mode: "640" when: log2mail_config_dir.stat.exists tags: - mysql diff --git a/mysql/tasks/tmpdir.yml b/mysql/tasks/tmpdir.yml index 3d291862..bb5c828f 100644 --- a/mysql/tasks/tmpdir.yml +++ b/mysql/tasks/tmpdir.yml @@ -6,7 +6,7 @@ path: "{{ mysql_custom_tmpdir }}" owner: mysql group: mysql - mode: 0700 + mode: "700" state: directory tags: - mysql diff --git a/mysql/tasks/users.yml b/mysql/tasks/users.yml index 24dff43e..58d08589 100644 --- a/mysql/tasks/users.yml +++ b/mysql/tasks/users.yml @@ -42,7 +42,7 @@ - name: mysqladmin is the default user ini_file: dest: /root/.my.cnf - mode: 0600 + mode: "600" section: client option: '{{ item.option }}' value: '{{ item.value }}' diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index dee06890..321e25e5 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -22,7 +22,7 @@ template: src: mytop.j2 dest: /root/.mytop - mode: 0600 + mode: "600" force: yes tags: - mytop @@ -34,7 +34,7 @@ copy: src: mysqltuner.pl dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl" - mode: 0700 + mode: "700" tags: - mysql - mysqltuner @@ -51,7 +51,7 @@ copy: src: mysql-optimize.sh dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" - mode: 0700 + mode: "700" tags: - mysql @@ -84,7 +84,7 @@ - name: Ensure /usr/share/scripts exists file: dest: /usr/share/scripts - mode: 0700 + mode: "700" state: directory tags: - mysql @@ -93,6 +93,6 @@ copy: src: my-add.sh dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh" - mode: 0700 + mode: "700" tags: - mysql diff --git a/nagios-nrpe/tasks/main.yml b/nagios-nrpe/tasks/main.yml index dbe910b4..fc7c1547 100644 --- a/nagios-nrpe/tasks/main.yml +++ b/nagios-nrpe/tasks/main.yml @@ -20,7 +20,7 @@ - name: Nagios config is secure file: dest: /etc/nagios/ - mode: 0750 + mode: "750" group: nagios state: directory notify: restart nagios-nrpe-server @@ -30,7 +30,7 @@ - name: Nagios plugins directory is secure file: dest: "{{ nagios_plugins_directory }}/" - mode: 0755 + mode: "755" group: nagios recurse: yes state: directory @@ -41,5 +41,5 @@ src: plugins/ dest: "{{ nagios_plugins_directory }}/" group: nagios - mode: 0755 + mode: "755" notify: restart nagios-nrpe-server diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml index d8bae30e..ae1f7578 100644 --- a/nginx/tasks/main.yml +++ b/nginx/tasks/main.yml @@ -33,7 +33,7 @@ copy: src: nginx/evolinux-defaults.conf dest: /etc/nginx/conf.d/z-evolinux-defaults.conf - mode: 0640 + mode: "640" # force: yes notify: reload nginx tags: @@ -49,8 +49,8 @@ dest: /etc/nginx/snippets/private_ipaddr_whitelist owner: www-data group: www-data - directory_mode: 0640 - mode: 0640 + directory_mode: "640" + mode: "640" force: no notify: reload nginx tags: @@ -82,8 +82,8 @@ dest: /etc/nginx/snippets/private_htpasswd owner: www-data group: www-data - directory_mode: 0640 - mode: 0640 + directory_mode: "640" + mode: "640" force: no notify: reload nginx tags: diff --git a/nginx/tasks/munin_graphs.yml b/nginx/tasks/munin_graphs.yml index 1133f525..f35337f7 100644 --- a/nginx/tasks/munin_graphs.yml +++ b/nginx/tasks/munin_graphs.yml @@ -4,7 +4,7 @@ copy: src: munin/evolinux.nginx dest: /etc/munin/plugin-conf.d/ - mode: 0644 + mode: "644" notify: restart munin - name: Enable Munin plugins for Nginx diff --git a/nginx/tasks/munin_vhost.yml b/nginx/tasks/munin_vhost.yml index c97da1a2..e56844e6 100644 --- a/nginx/tasks/munin_vhost.yml +++ b/nginx/tasks/munin_vhost.yml @@ -26,7 +26,7 @@ copy: src: init.d/spawn-fcgi-munin-graph dest: /etc/init.d/ - mode: 0755 + mode: "755" - name: Ensure that Munin-fcgi is started/stopped correctly service: diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml index 2fb3f545..51abf5b5 100644 --- a/postfix/tasks/main.yml +++ b/postfix/tasks/main.yml @@ -19,7 +19,7 @@ dest: /etc/postfix/main.cf owner: root group: root - mode: 0644 + mode: "644" force: yes when: default_main_cf.stdout == "5450c05d65878e99dad696c7c722e511 -" notify: restart postfix diff --git a/postgresql/tasks/config.yml b/postgresql/tasks/config.yml index 8cbcede6..47cedccf 100644 --- a/postgresql/tasks/config.yml +++ b/postgresql/tasks/config.yml @@ -11,7 +11,7 @@ state: directory owner: postgres group: postgres - mode: 0755 + mode: "755" - name: Copy PostgreSQL config file template: @@ -19,5 +19,5 @@ dest: /etc/postgresql/9.4/main/conf.d/evolinux.conf owner: postgres group: postgres - mode: 0644 + mode: "644" notify: restart postgresql diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml index 8acaa3fc..219aad9b 100644 --- a/proftpd/tasks/main.yml +++ b/proftpd/tasks/main.yml @@ -19,7 +19,7 @@ template: src: evolinux.conf.j2 dest: /etc/proftpd/conf.d/z-evolinux.conf - mode: 0644 + mode: "644" notify: restart proftpd tags: - proftpd diff --git a/rabbitmq/tasks/main.yml b/rabbitmq/tasks/main.yml index 576ed49c..38cda270 100644 --- a/rabbitmq/tasks/main.yml +++ b/rabbitmq/tasks/main.yml @@ -11,7 +11,7 @@ dest: /etc/rabbitmq/rabbitmq-env.conf owner: rabbitmq group: rabbitmq - mode: 0600 + mode: "600" force: no - name: create rabbitmq.config @@ -20,7 +20,7 @@ dest: /etc/rabbitmq/rabbitmq.config owner: rabbitmq group: rabbitmq - mode: 0600 + mode: "600" force: no - name: set ulimit -n to 2048 diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml index 69b8298a..6822b798 100644 --- a/redis/tasks/main.yml +++ b/redis/tasks/main.yml @@ -11,7 +11,7 @@ template: src: redis.conf.j2 dest: "{{ redis_conf_path }}" - mode: 0644 + mode: "644" notify: restart redis tags: - redis diff --git a/squid/tasks/log2mail.yml b/squid/tasks/log2mail.yml index d525fbae..219980fd 100644 --- a/squid/tasks/log2mail.yml +++ b/squid/tasks/log2mail.yml @@ -10,7 +10,7 @@ template: src: log2mail.j2 dest: /etc/log2mail/config/squid.conf - mode: 0640 + mode: "640" owner: log2mail group: adm notify: restart log2mail diff --git a/tomcat-instance/tasks/alias.yml b/tomcat-instance/tasks/alias.yml index 18046363..502a9f61 100644 --- a/tomcat-instance/tasks/alias.yml +++ b/tomcat-instance/tasks/alias.yml @@ -3,7 +3,7 @@ file: path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin" state: directory - mode: 0770 + mode: "770" owner: "{{ tomcat_instance_name }}" group: "{{ tomcat_instance_name }}" @@ -11,7 +11,7 @@ template: src: "{{ item }}" dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin/" - mode: 0770 + mode: "770" owner: "{{ tomcat_instance_name }}" group: "{{ tomcat_instance_name }}" with_fileglob: diff --git a/tomcat-instance/tasks/bootstrap.yml b/tomcat-instance/tasks/bootstrap.yml index e356eb4c..f2493864 100644 --- a/tomcat-instance/tasks/bootstrap.yml +++ b/tomcat-instance/tasks/bootstrap.yml @@ -3,7 +3,7 @@ file: path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/{{ item }}" state: directory - mode: 02770 + mode: "2770" with_items: - 'conf' - 'logs' @@ -19,13 +19,13 @@ template: src: 'templates/server.xml.j2' dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/server.xml" - mode: 0660 + mode: "660" - name: Copy env file template: src: 'templates/env.j2' dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/env" - mode: 0660 + mode: "660" - name: Fix owner file: diff --git a/tomcat-instance/tasks/systemd.yml b/tomcat-instance/tasks/systemd.yml index 7b801000..c27a3e00 100644 --- a/tomcat-instance/tasks/systemd.yml +++ b/tomcat-instance/tasks/systemd.yml @@ -7,6 +7,6 @@ lineinfile: dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/.profile" state: present - mode: 0640 + mode: "640" create: yes line: 'export XDG_RUNTIME_DIR=/run/user/$UID' diff --git a/tomcat-instance/tasks/tomcat.yml b/tomcat-instance/tasks/tomcat.yml index 88d7a03c..ec51ca9f 100644 --- a/tomcat-instance/tasks/tomcat.yml +++ b/tomcat-instance/tasks/tomcat.yml @@ -14,11 +14,11 @@ state: directory owner: 'root' group: 'root' - mode: 0755 + mode: "755" - name: Copy systemd unit copy: src: 'files/tomcat.service' dest: "/etc/systemd/user/tomcat.service" - mode: 0755 + mode: "755" notify: systemd reload diff --git a/tomcat-instance/tasks/user.yml b/tomcat-instance/tasks/user.yml index 53b9733f..569d3615 100644 --- a/tomcat-instance/tasks/user.yml +++ b/tomcat-instance/tasks/user.yml @@ -17,7 +17,7 @@ file: path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}" state: directory - mode: 02770 + mode: "2770" - name: Set mail alias for user lineinfile: @@ -31,7 +31,7 @@ lineinfile: dest: '/etc/sudoers.d/tomcat' state: present - mode: 0440 + mode: "440" create: yes line: "%{{ tomcat_instance_name }} ALL = ({{ tomcat_instance_name }}) SETENV: ALL" validate: 'visudo -cf %s' @@ -40,7 +40,7 @@ lineinfile: dest: '/etc/sudoers.d/tomcat' state: present - mode: 0440 + mode: "440" create: yes line: "{{ tomcat_instance_deploy_user }} ALL = ({{ tomcat_instance_name }}) NOPASSWD: SETENV: ALL" validate: 'visudo -cf %s' diff --git a/varnish/tasks/main.yml b/varnish/tasks/main.yml index 111ef8a2..35711414 100644 --- a/varnish/tasks/main.yml +++ b/varnish/tasks/main.yml @@ -14,7 +14,7 @@ copy: src: "reload-vcl.sh" dest: "/etc/varnish/reload-vcl.sh" - mode: 0700 + mode: "700" owner: root group: root