Commit 63887d3b authored by Frederik Schwan's avatar Frederik Schwan Committed by Sven-Hendrik Haase
Browse files

fix E208 'File permissions not mentioned'

parent 04b2e3b1
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
creates: /var/lib/mysql/mysql creates: /var/lib/mysql/mysql
- name: configure mariadb - name: configure mariadb
template: src=server.cnf.j2 dest=/etc/my.cnf.d/server.cnf template: src=server.cnf.j2 dest=/etc/my.cnf.d/server.cnf owner=root group=root mode=0644
notify: notify:
- restart mariadb - restart mariadb
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
no_log: true no_log: true
- name: create client configuration for root - name: create client configuration for root
template: src=client.cnf.j2 dest=/root/.my.cnf template: src=client.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0644
no_log: true no_log: true
- name: configure zabbix-agent user - name: configure zabbix-agent user
......
...@@ -118,7 +118,7 @@ ...@@ -118,7 +118,7 @@
- name: deploy new release - name: deploy new release
become: true become: true
become_user: patchwork become_user: patchwork
file: path=/etc/uwsgi/vassals/patchwork.ini state=touch file: path=/etc/uwsgi/vassals/patchwork.ini state=touch owner=root group=root mode=0644
when: (release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy) when: (release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: start and enable patchwork memcached service and notification timer - name: start and enable patchwork memcached service and notification timer
......
...@@ -22,13 +22,13 @@ ...@@ -22,13 +22,13 @@
tags: ['archusers'] tags: ['archusers']
- name: install phrik sudoers config - name: install phrik sudoers config
copy: src=sudoers dest=/etc/sudoers.d/phrik copy: src=sudoers dest=/etc/sudoers.d/phrik owner=root group=root mode=0440
- name: install polkit rule for restarting phrik - name: install polkit rule for restarting phrik
copy: src=20-manage-phrik.rules dest=/etc/polkit-1/rules.d/20-manage-phrik.rules copy: src=20-manage-phrik.rules dest=/etc/polkit-1/rules.d/20-manage-phrik.rules owner=root group=root mode=0644
- name: install phrik systemd service - name: install phrik systemd service
copy: src=phrik.service dest=/etc/systemd/system/phrik.service copy: src=phrik.service dest=/etc/systemd/system/phrik.service owner=root group=root mode=0644
- name: start and enable pkgfile and phrikservice - name: start and enable pkgfile and phrikservice
systemd: systemd:
......
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
group: postgres group: postgres
attributes: "+C" attributes: "+C"
path: /var/lib/postgres/data path: /var/lib/postgres/data
mode: 0700
when: filesystem == "btrfs" when: filesystem == "btrfs"
- name: initialize postgres - name: initialize postgres
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
delegate_to: localhost delegate_to: localhost
- name: fill tempfile - name: fill tempfile
copy: content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}" copy: content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}" owner=root group=root mode=0644
delegate_to: localhost delegate_to: localhost
- name: upload authorized_keys file - name: upload authorized_keys file
......
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
user: name=security shell=/bin/false home="{{ security_tracker_dir }}" createhome=no user: name=security shell=/bin/false home="{{ security_tracker_dir }}" createhome=no
- name: fix home permissions - name: fix home permissions
file: state=directory owner=security group=security path="{{ security_tracker_dir }}" file: state=directory mode=0750 owner=security group=security path="{{ security_tracker_dir }}"
- name: copy security-tracker units - name: copy security-tracker units
copy: src="{{ item }}" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 copy: src="{{ item }}" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
...@@ -89,7 +89,7 @@ ...@@ -89,7 +89,7 @@
- name: deploy new release - name: deploy new release
become: true become: true
become_user: security become_user: security
file: path=/etc/uwsgi/vassals/security-tracker.ini state=touch file: path=/etc/uwsgi/vassals/security-tracker.ini state=touch owner=root group=root mode=0644
when: release.changed when: release.changed
- name: start and enable security-tracker timer - name: start and enable security-tracker timer
......
...@@ -26,7 +26,7 @@ ...@@ -26,7 +26,7 @@
- systemd daemon reload - systemd daemon reload
- name: create pacman.d hooks dir - name: create pacman.d hooks dir
file: state=directory owner=root group=root path="/etc/pacman.d/hooks" file: state=directory path="/etc/pacman.d/hooks" owner=root group=root mode=0755
- name: install pacman sa-update hook - name: install pacman sa-update hook
copy: src=sa-update.hook dest=/etc/pacman.d/hooks/sa-update.hook owner=root group=root mode=0644 copy: src=sa-update.hook dest=/etc/pacman.d/hooks/sa-update.hook owner=root group=root mode=0644
......
...@@ -22,6 +22,9 @@ ...@@ -22,6 +22,9 @@
insertafter: '^# %wheel ALL=\(ALL\) ALL' insertafter: '^# %wheel ALL=\(ALL\) ALL'
line: '%wheel ALL=(ALL) ALL' line: '%wheel ALL=(ALL) ALL'
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
mode: 0440
user: root
group: root
- name: secure path to protect against attacks - name: secure path to protect against attacks
lineinfile: lineinfile:
...@@ -31,3 +34,6 @@ ...@@ -31,3 +34,6 @@
insertafter: '^# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' insertafter: '^# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
line: 'Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin"' line: 'Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin"'
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
mode: 0440
user: root
group: root
...@@ -35,6 +35,9 @@ ...@@ -35,6 +35,9 @@
insertafter: '^#CacheDir' insertafter: '^#CacheDir'
regexp: '^CacheDir' regexp: '^CacheDir'
line: 'CacheDir = /var/cache/pacman/pkg/ /srv/ftp/pool/packages/ /srv/ftp/pool/community/' line: 'CacheDir = /var/cache/pacman/pkg/ /srv/ftp/pool/packages/ /srv/ftp/pool/community/'
mode: 0644
user: root
group: root
- name: make nginx log dir - name: make nginx log dir
file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=root mode=0755 file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=root mode=0755
......
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
- run wkd service - run wkd service
- name: create pacman.d hooks dir - name: create pacman.d hooks dir
file: state=directory owner=root group=root path=/etc/pacman.d/hooks file: state=directory path=/etc/pacman.d/hooks mode=0755 owner=root group=root
- name: install pgp_import hook - name: install pgp_import hook
template: src=update-wkd-pacman-hook.j2 dest=/etc/pacman.d/hooks/update-wkd.hook owner=root group=root mode=0644 template: src=update-wkd-pacman-hook.j2 dest=/etc/pacman.d/hooks/update-wkd.hook owner=root group=root mode=0644
......
...@@ -106,7 +106,7 @@ ...@@ -106,7 +106,7 @@
when: "'nginx' in group_names" when: "'nginx' in group_names"
- name: install sudo config - name: install sudo config
template: src=zabbix-agent-sudoers.conf.j2 dest=/etc/sudoers.d/zabbix-agent-sudoers template: src=zabbix-agent-sudoers.conf.j2 dest=/etc/sudoers.d/zabbix-agent-sudoers mode=0440 owner=root group=root
- name: copy nginx-zabbix.service - name: copy nginx-zabbix.service
copy: src=nginx-zabbix.service dest=/etc/systemd/system/nginx-zabbix.service owner=root group=root mode=0644 copy: src=nginx-zabbix.service dest=/etc/systemd/system/nginx-zabbix.service owner=root group=root mode=0644
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment