Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
63887d3b
Commit
63887d3b
authored
Aug 18, 2020
by
Frederik Schwan
Committed by
Sven-Hendrik Haase
Aug 27, 2020
Browse files
fix E208 'File permissions not mentioned'
parent
04b2e3b1
Changes
31
Hide whitespace changes
Inline
Side-by-side
roles/mariadb/tasks/main.yml
View file @
63887d3b
...
...
@@ -8,7 +8,7 @@
creates
:
/var/lib/mysql/mysql
-
name
:
configure mariadb
template
:
src=server.cnf.j2 dest=/etc/my.cnf.d/server.cnf
template
:
src=server.cnf.j2 dest=/etc/my.cnf.d/server.cnf
owner=root group=root mode=0644
notify
:
-
restart mariadb
...
...
@@ -36,7 +36,7 @@
no_log
:
true
-
name
:
create client configuration for root
template
:
src=client.cnf.j2 dest=/root/.my.cnf
template
:
src=client.cnf.j2 dest=/root/.my.cnf
owner=root group=root mode=0644
no_log
:
true
-
name
:
configure zabbix-agent user
...
...
roles/patchwork/tasks/main.yml
View file @
63887d3b
...
...
@@ -118,7 +118,7 @@
-
name
:
deploy new release
become
:
true
become_user
:
patchwork
file
:
path=/etc/uwsgi/vassals/patchwork.ini state=touch
file
:
path=/etc/uwsgi/vassals/patchwork.ini state=touch
owner=root group=root mode=0644
when
:
(release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
-
name
:
start and enable patchwork memcached service and notification timer
...
...
roles/phrik/tasks/main.yml
View file @
63887d3b
...
...
@@ -22,13 +22,13 @@
tags
:
[
'
archusers'
]
-
name
:
install phrik sudoers config
copy
:
src=sudoers dest=/etc/sudoers.d/phrik
copy
:
src=sudoers dest=/etc/sudoers.d/phrik
owner=root group=root mode=0440
-
name
:
install polkit rule for restarting phrik
copy
:
src=20-manage-phrik.rules dest=/etc/polkit-1/rules.d/20-manage-phrik.rules
copy
:
src=20-manage-phrik.rules dest=/etc/polkit-1/rules.d/20-manage-phrik.rules
owner=root group=root mode=0644
-
name
:
install phrik systemd service
copy
:
src=phrik.service dest=/etc/systemd/system/phrik.service
copy
:
src=phrik.service dest=/etc/systemd/system/phrik.service
owner=root group=root mode=0644
-
name
:
start and enable pkgfile and phrikservice
systemd
:
...
...
roles/postgres/tasks/main.yml
View file @
63887d3b
...
...
@@ -16,6 +16,7 @@
group
:
postgres
attributes
:
"
+C"
path
:
/var/lib/postgres/data
mode
:
0700
when
:
filesystem == "btrfs"
-
name
:
initialize postgres
...
...
roles/rsync_net/tasks/main.yml
View file @
63887d3b
...
...
@@ -21,7 +21,7 @@
delegate_to
:
localhost
-
name
:
fill tempfile
copy
:
content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}"
copy
:
content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}"
owner=root group=root mode=0644
delegate_to
:
localhost
-
name
:
upload authorized_keys file
...
...
roles/security_tracker/tasks/main.yml
View file @
63887d3b
...
...
@@ -34,7 +34,7 @@
user
:
name=security shell=/bin/false home="{{ security_tracker_dir }}" createhome=no
-
name
:
fix home permissions
file
:
state=directory owner=security group=security path="{{ security_tracker_dir }}"
file
:
state=directory
mode=0750
owner=security group=security path="{{ security_tracker_dir }}"
-
name
:
copy security-tracker units
copy
:
src="{{ item }}" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
...
...
@@ -89,7 +89,7 @@
-
name
:
deploy new release
become
:
true
become_user
:
security
file
:
path=/etc/uwsgi/vassals/security-tracker.ini state=touch
file
:
path=/etc/uwsgi/vassals/security-tracker.ini state=touch
owner=root group=root mode=0644
when
:
release.changed
-
name
:
start and enable security-tracker timer
...
...
roles/spampd/tasks/main.yml
View file @
63887d3b
...
...
@@ -26,7 +26,7 @@
-
systemd daemon reload
-
name
:
create pacman.d hooks dir
file
:
state=directory
owner=root group=root
path="/etc/pacman.d/hooks"
file
:
state=directory path="/etc/pacman.d/hooks"
owner=root group=root mode=0755
-
name
:
install pacman sa-update hook
copy
:
src=sa-update.hook dest=/etc/pacman.d/hooks/sa-update.hook owner=root group=root mode=0644
...
...
roles/sudo/tasks/main.yml
View file @
63887d3b
...
...
@@ -22,6 +22,9 @@
insertafter
:
'
^#
%wheel
ALL=\(ALL\)
ALL'
line
:
'
%wheel
ALL=(ALL)
ALL'
validate
:
'
visudo
-cf
%s'
mode
:
0440
user
:
root
group
:
root
-
name
:
secure path to protect against attacks
lineinfile
:
...
...
@@ -31,3 +34,6 @@
insertafter
:
'
^#
Defaults
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
line
:
'
Defaults
secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin"'
validate
:
'
visudo
-cf
%s'
mode
:
0440
user
:
root
group
:
root
roles/syncrepo/tasks/main.yml
View file @
63887d3b
...
...
@@ -35,6 +35,9 @@
insertafter
:
'
^#CacheDir'
regexp
:
'
^CacheDir'
line
:
'
CacheDir
=
/var/cache/pacman/pkg/
/srv/ftp/pool/packages/
/srv/ftp/pool/community/'
mode
:
0644
user
:
root
group
:
root
-
name
:
make nginx log dir
file
:
path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=root mode=0755
...
...
roles/wkd/tasks/main.yml
View file @
63887d3b
...
...
@@ -13,7 +13,7 @@
-
run wkd service
-
name
:
create pacman.d hooks dir
file
:
state=directory
owner=root group=root
path=/etc/pacman.d/hooks
file
:
state=directory path=/etc/pacman.d/hooks
mode=0755 owner=root group=root
-
name
:
install pgp_import hook
template
:
src=update-wkd-pacman-hook.j2 dest=/etc/pacman.d/hooks/update-wkd.hook owner=root group=root mode=0644
...
...
roles/zabbix_agent/tasks/main.yml
View file @
63887d3b
...
...
@@ -106,7 +106,7 @@
when
:
"
'nginx'
in
group_names"
-
name
:
install sudo config
template
:
src=zabbix-agent-sudoers.conf.j2 dest=/etc/sudoers.d/zabbix-agent-sudoers
template
:
src=zabbix-agent-sudoers.conf.j2 dest=/etc/sudoers.d/zabbix-agent-sudoers
mode=0440 owner=root group=root
-
name
:
copy nginx-zabbix.service
copy
:
src=nginx-zabbix.service dest=/etc/systemd/system/nginx-zabbix.service owner=root group=root mode=0644
...
...
Prev
1
2
Next
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment