Commit 63887d3b authored by Frederik Schwan's avatar Frederik Schwan Committed by Sven-Hendrik Haase
Browse files

fix E208 'File permissions not mentioned'

parent 04b2e3b1
......@@ -8,7 +8,7 @@
creates: /var/lib/mysql/mysql
- name: configure mariadb
template: src=server.cnf.j2 dest=/etc/my.cnf.d/server.cnf
template: src=server.cnf.j2 dest=/etc/my.cnf.d/server.cnf owner=root group=root mode=0644
notify:
- restart mariadb
......@@ -36,7 +36,7 @@
no_log: true
- name: create client configuration for root
template: src=client.cnf.j2 dest=/root/.my.cnf
template: src=client.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0644
no_log: true
- name: configure zabbix-agent user
......
......@@ -118,7 +118,7 @@
- name: deploy new release
become: true
become_user: patchwork
file: path=/etc/uwsgi/vassals/patchwork.ini state=touch
file: path=/etc/uwsgi/vassals/patchwork.ini state=touch owner=root group=root mode=0644
when: (release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: start and enable patchwork memcached service and notification timer
......
......@@ -22,13 +22,13 @@
tags: ['archusers']
- name: install phrik sudoers config
copy: src=sudoers dest=/etc/sudoers.d/phrik
copy: src=sudoers dest=/etc/sudoers.d/phrik owner=root group=root mode=0440
- name: install polkit rule for restarting phrik
copy: src=20-manage-phrik.rules dest=/etc/polkit-1/rules.d/20-manage-phrik.rules
copy: src=20-manage-phrik.rules dest=/etc/polkit-1/rules.d/20-manage-phrik.rules owner=root group=root mode=0644
- name: install phrik systemd service
copy: src=phrik.service dest=/etc/systemd/system/phrik.service
copy: src=phrik.service dest=/etc/systemd/system/phrik.service owner=root group=root mode=0644
- name: start and enable pkgfile and phrikservice
systemd:
......
......@@ -16,6 +16,7 @@
group: postgres
attributes: "+C"
path: /var/lib/postgres/data
mode: 0700
when: filesystem == "btrfs"
- name: initialize postgres
......
......@@ -21,7 +21,7 @@
delegate_to: localhost
- name: fill tempfile
copy: content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}"
copy: content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}" owner=root group=root mode=0644
delegate_to: localhost
- name: upload authorized_keys file
......
......@@ -34,7 +34,7 @@
user: name=security shell=/bin/false home="{{ security_tracker_dir }}" createhome=no
- name: fix home permissions
file: state=directory owner=security group=security path="{{ security_tracker_dir }}"
file: state=directory mode=0750 owner=security group=security path="{{ security_tracker_dir }}"
- name: copy security-tracker units
copy: src="{{ item }}" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
......@@ -89,7 +89,7 @@
- name: deploy new release
become: true
become_user: security
file: path=/etc/uwsgi/vassals/security-tracker.ini state=touch
file: path=/etc/uwsgi/vassals/security-tracker.ini state=touch owner=root group=root mode=0644
when: release.changed
- name: start and enable security-tracker timer
......
......@@ -26,7 +26,7 @@
- systemd daemon reload
- name: create pacman.d hooks dir
file: state=directory owner=root group=root path="/etc/pacman.d/hooks"
file: state=directory path="/etc/pacman.d/hooks" owner=root group=root mode=0755
- name: install pacman sa-update hook
copy: src=sa-update.hook dest=/etc/pacman.d/hooks/sa-update.hook owner=root group=root mode=0644
......
......@@ -22,6 +22,9 @@
insertafter: '^# %wheel ALL=\(ALL\) ALL'
line: '%wheel ALL=(ALL) ALL'
validate: 'visudo -cf %s'
mode: 0440
user: root
group: root
- name: secure path to protect against attacks
lineinfile:
......@@ -31,3 +34,6 @@
insertafter: '^# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
line: 'Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin"'
validate: 'visudo -cf %s'
mode: 0440
user: root
group: root
......@@ -35,6 +35,9 @@
insertafter: '^#CacheDir'
regexp: '^CacheDir'
line: 'CacheDir = /var/cache/pacman/pkg/ /srv/ftp/pool/packages/ /srv/ftp/pool/community/'
mode: 0644
user: root
group: root
- name: make nginx log dir
file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=root mode=0755
......
......@@ -13,7 +13,7 @@
- run wkd service
- name: create pacman.d hooks dir
file: state=directory owner=root group=root path=/etc/pacman.d/hooks
file: state=directory path=/etc/pacman.d/hooks mode=0755 owner=root group=root
- name: install pgp_import hook
template: src=update-wkd-pacman-hook.j2 dest=/etc/pacman.d/hooks/update-wkd.hook owner=root group=root mode=0644
......
......@@ -106,7 +106,7 @@
when: "'nginx' in group_names"
- name: install sudo config
template: src=zabbix-agent-sudoers.conf.j2 dest=/etc/sudoers.d/zabbix-agent-sudoers
template: src=zabbix-agent-sudoers.conf.j2 dest=/etc/sudoers.d/zabbix-agent-sudoers mode=0440 owner=root group=root
- name: copy nginx-zabbix.service
copy: src=nginx-zabbix.service dest=/etc/systemd/system/nginx-zabbix.service owner=root group=root mode=0644
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment