Commit 63887d3b authored by Frederik Schwan's avatar Frederik Schwan Committed by Sven-Hendrik Haase
Browse files

fix E208 'File permissions not mentioned'

parent 04b2e3b1
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
hosts: 127.0.0.1 hosts: 127.0.0.1
tasks: tasks:
- name: create borg-keys directory - name: create borg-keys directory
file: path="{{ playbook_dir }}/../../borg-keys/" state=directory file: path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve
- name: fetch borg keys - name: fetch borg keys
hosts: borg_clients hosts: borg_clients
......
...@@ -14,10 +14,10 @@ ...@@ -14,10 +14,10 @@
get_url: url=https://sources.archlinux.org/other/pacman/pacman-{{ pacman_version }}.tar.gz dest={{ tempdir.path }}/pacman.tar.gz get_url: url=https://sources.archlinux.org/other/pacman/pacman-{{ pacman_version }}.tar.gz dest={{ tempdir.path }}/pacman.tar.gz
- name: create extraction dir - name: create extraction dir
file: path={{ tempdir.path }}/pacman state=directory file: path={{ tempdir.path }}/pacman state=directory owner=root group=root mode=0755
- name: unpack tarball - name: unpack tarball
unarchive: src={{ tempdir.path }}/pacman.tar.gz dest={{ tempdir.path }}/pacman/ unarchive: src={{ tempdir.path }}/pacman.tar.gz dest={{ tempdir.path }}/pacman/ owner=root group=root mode=0755
- name: configure - name: configure
command: ./configure chdir={{ tempdir.path }}/pacman/pacman-{{ pacman_version }} command: ./configure chdir={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}
......
...@@ -21,26 +21,36 @@ ...@@ -21,26 +21,36 @@
copy: copy:
dest: "{{ playbook_dir }}/../../docs/ssh-hostkeys.txt" dest: "{{ playbook_dir }}/../../docs/ssh-hostkeys.txt"
content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].ssh_hostkeys.stdout }}\n\n{% endfor %}" content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].ssh_hostkeys.stdout }}\n\n{% endfor %}"
mode: preserve
delegate_to: localhost delegate_to: localhost
- name: store known_hosts - name: store known_hosts
copy: copy:
dest: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" dest: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].known_hosts.stdout }}\n\n{% endfor %}" content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].known_hosts.stdout }}\n\n{% endfor %}"
owner: root
group: root
mode: 0644
delegate_to: localhost delegate_to: localhost
- name: manually append rsync.net host keys - name: manually append rsync.net host keys
lineinfile: lineinfile:
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
line: "{% for host in query('inventory_hostnames', 'rsync_net') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}" line: "{% for host in query('inventory_hostnames', 'rsync_net') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
owner: root
group: root
mode: 0644
delegate_to: localhost delegate_to: localhost
- name: manually append Hetzner Storageboxes host keys - name: manually append Hetzner Storageboxes host keys
lineinfile: lineinfile:
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
line: "{% for host in query('inventory_hostnames', 'hetzner_storageboxes') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}" line: "{% for host in query('inventory_hostnames', 'hetzner_storageboxes') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
owner: root
group: root
mode: 0644
delegate_to: localhost delegate_to: localhost
- name: upload known_hosts to all nodes - name: upload known_hosts to all nodes
hosts: all,!rsync_net,!hetzner_storageboxes hosts: all,!rsync_net,!hetzner_storageboxes
tasks: tasks:
- name: upload known_hosts - name: upload known_hosts
copy: dest=/etc/ssh/ssh_known_hosts src="{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" copy: dest=/etc/ssh/ssh_known_hosts src="{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" owner=root group=root mode=0644
tags: ['upload-known-hosts'] tags: ['upload-known-hosts']
...@@ -17,17 +17,17 @@ ...@@ -17,17 +17,17 @@
copy: src=virtualbox.conf dest=/etc/modules-load.d/virtualbox.conf owner=root group=root mode=0644 copy: src=virtualbox.conf dest=/etc/modules-load.d/virtualbox.conf owner=root group=root mode=0644
- name: adjust permissions of git checkout - name: adjust permissions of git checkout
file: path="{{ archboxes_git_dir }}" state=directory recurse=yes owner="{{ archboxes_user }}" group="{{ archboxes_user }}" file: path="{{ archboxes_git_dir }}" state=directory recurse=yes owner="{{ archboxes_user }}" group="{{ archboxes_user }}" mode=preserve
- name: ensure controller.py of arch-boxes is executable - name: ensure controller.py of arch-boxes is executable
file: path="{{ archboxes_git_dir }}/controller.py" mode='0744' file: path="{{ archboxes_git_dir }}/controller.py" mode=0744 owner=root group=root
- name: replace placeholder to vagrantcloud API Key - name: replace placeholder to vagrantcloud API Key
no_log: true no_log: true
replace: path="{{ archboxes_git_dir }}/vagrant.json" regexp='PLACEHOLDER' replace="{{ vault_archboxes_apikey }}" replace: path="{{ archboxes_git_dir }}/vagrant.json" regexp='PLACEHOLDER' replace="{{ vault_archboxes_apikey }}" owner=root group=root mode=0600
- name: install sudoers file - name: install sudoers file
template: src=sudoers.d.j2 dest=/etc/sudoers.d/archboxes template: src=sudoers.d.j2 dest=/etc/sudoers.d/archboxes owner=root group=root mode=0440
- name: install arch-boxes service - name: install arch-boxes service
template: src='arch-boxes.service.j2' dest='/etc/systemd/system/arch-boxes.service' owner=root group=root mode=0644 template: src='arch-boxes.service.j2' dest='/etc/systemd/system/arch-boxes.service' owner=root group=root mode=0644
......
...@@ -109,4 +109,4 @@ ...@@ -109,4 +109,4 @@
template: src=makepkg.conf.j2 dest=/etc/makepkg.conf owner=root group=root mode=0644 template: src=makepkg.conf.j2 dest=/etc/makepkg.conf owner=root group=root mode=0644
- name: install archbuild sudoers config - name: install archbuild sudoers config
copy: src=sudoers dest=/etc/sudoers.d/archbuild copy: src=sudoers dest=/etc/sudoers.d/archbuild owner=root group=root mode=0440
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
user: name=archweb shell=/bin/false home="{{ archweb_dir }}" createhome=no user: name=archweb shell=/bin/false home="{{ archweb_dir }}" createhome=no
- name: fix home permissions - name: fix home permissions
file: state=directory owner=archweb group=archweb path="{{ archweb_dir }}" file: state=directory owner=archweb group=archweb mode=0750 path="{{ archweb_dir }}"
- name: set archweb groups - name: set archweb groups
user: name=archweb groups=uwsgi user: name=archweb groups=uwsgi
...@@ -33,7 +33,7 @@ ...@@ -33,7 +33,7 @@
when: archweb_site|bool when: archweb_site|bool
- name: make rsync iso dir - name: make rsync iso dir
file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb mode=0755
when: archweb_site|bool when: archweb_site|bool
- name: clone archweb repo - name: clone archweb repo
...@@ -59,11 +59,11 @@ ...@@ -59,11 +59,11 @@
register: virtualenv register: virtualenv
- name: create media dir - name: create media dir
file: state=directory owner=archweb group=archweb path="{{ archweb_dir }}/media" file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}/media"
when: archweb_site|bool when: archweb_site|bool
- name: fix home permissions - name: fix home permissions
file: state=directory owner=archweb group=archweb path="{{ archweb_dir }}" file: state=directory owner=archweb group=archweb mode=0750 path="{{ archweb_dir }}"
- name: configure archweb - name: configure archweb
template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=0660 template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=0660
...@@ -196,7 +196,7 @@ ...@@ -196,7 +196,7 @@
when: archweb_services or archweb_pgp_import when: archweb_services or archweb_pgp_import
- name: create pacman.d hooks dir - name: create pacman.d hooks dir
file: state=directory owner=root group=root path="/etc/pacman.d/hooks" file: state=directory owner=root group=root mode=0750 path="/etc/pacman.d/hooks"
when: archweb_services or archweb_pgp_import when: archweb_services or archweb_pgp_import
- name: install pgp_import hook - name: install pgp_import hook
...@@ -265,7 +265,7 @@ ...@@ -265,7 +265,7 @@
- name: deploy new release - name: deploy new release
become: true become: true
become_user: archweb become_user: archweb
file: path=/etc/uwsgi/vassals/archweb.ini state=touch file: path=/etc/uwsgi/vassals/archweb.ini state=touch owner=root group=root mode=0600
when: archweb_site and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy) when: archweb_site and (release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
notify: restart archweb memcached notify: restart archweb memcached
...@@ -320,7 +320,7 @@ ...@@ -320,7 +320,7 @@
when: archweb_donor_import|bool when: archweb_donor_import|bool
- name: create retro dir - name: create retro dir
file: state=directory owner=archweb group=archweb path="{{ archweb_retro_dir }}" file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_retro_dir }}"
when: archweb_site|bool when: archweb_site|bool
- name: clone archweb-retro repo - name: clone archweb-retro repo
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
register: user_created register: user_created
- name: fix home permissions - name: fix home permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}" file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}"
- name: set up nginx - name: set up nginx
template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644 template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644
...@@ -47,16 +47,16 @@ ...@@ -47,16 +47,16 @@
- run wiki updatescript - run wiki updatescript
- name: fix home permissions - name: fix home permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}" file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}"
- name: fix cache permissions - name: fix cache permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}/cache" file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/cache"
- name: fix sessions permissions - name: fix sessions permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}/sessions" file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/sessions"
- name: fix uploads permissions - name: fix uploads permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}/uploads" file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/uploads"
- name: configure archwiki - name: configure archwiki
template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640 template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640
...@@ -119,7 +119,7 @@ ...@@ -119,7 +119,7 @@
file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644 file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
- name: create pacman.d hooks dir - name: create pacman.d hooks dir
file: state=directory owner=root group=root path=/etc/pacman.d/hooks file: state=directory owner=root group=root mode=0755 path=/etc/pacman.d/hooks
- name: install archwiki question updater hook - name: install archwiki question updater hook
template: src=archwiki-question-updater.hook.j2 dest=/etc/pacman.d/hooks/archwiki-question-updater.hook owner=root group=root mode=0644 template: src=archwiki-question-updater.hook.j2 dest=/etc/pacman.d/hooks/archwiki-question-updater.hook owner=root group=root mode=0644
...@@ -56,7 +56,7 @@ ...@@ -56,7 +56,7 @@
register: tubylaws_release register: tubylaws_release
- name: create necessary directories - name: create necessary directories
file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755
with_items: with_items:
- 'aurblup' - 'aurblup'
- 'sessions' - 'sessions'
...@@ -91,13 +91,13 @@ ...@@ -91,13 +91,13 @@
when: release.changed or db_created.changed when: release.changed or db_created.changed
- name: create aurweb conf dir - name: create aurweb conf dir
file: path={{ aurweb_conf_dir }} state=directory file: path={{ aurweb_conf_dir }} state=directory owner=root group=root mode=0755
- name: copy aurweb configuration file - name: copy aurweb configuration file
copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes owner=root group=root mode=0644
- name: install custom aurweb configuration - name: install custom aurweb configuration
template: src=config.j2 dest={{ aurweb_conf_dir }}/config template: src=config.j2 dest={{ aurweb_conf_dir }}/config owner=root group=root mode=0644
- name: Install python module - name: Install python module
command: "python3 setup.py install --install-scripts=/usr/local/bin" command: "python3 setup.py install --install-scripts=/usr/local/bin"
...@@ -126,11 +126,11 @@ ...@@ -126,11 +126,11 @@
when: tubylaws_release.changed when: tubylaws_release.changed
- name: Install Trusted User documentation - name: Install Trusted User documentation
copy: src={{ aurweb_dir }}/tu-bylaws/tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/tu-bylaws.html remote_src=yes copy: src={{ aurweb_dir }}/tu-bylaws/tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/tu-bylaws.html remote_src=yes owner={{ aurweb_user }} group=http mode=0644
when: tubylaws_release.changed when: tubylaws_release.changed
- name: Install Trusted User documentation symlink - name: Install Trusted User documentation symlink
file: src=tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/TUbylaws.html state=link file: src=tu-bylaws.html dest={{ aurweb_dir }}/web/html/trusted-user/TUbylaws.html state=link owner={{ aurweb_user }} group=http mode=0644
when: tubylaws_release.changed when: tubylaws_release.changed
- name: set up nginx - name: set up nginx
...@@ -152,7 +152,7 @@ ...@@ -152,7 +152,7 @@
service: name=php-fpm@{{ aurweb_user }}.socket state=started enabled=true service: name=php-fpm@{{ aurweb_user }}.socket state=started enabled=true
- name: install cgit configuration - name: install cgit configuration
template: src=cgitrc.j2 dest="{{ aurweb_conf_dir }}/cgitrc" template: src=cgitrc.j2 dest="{{ aurweb_conf_dir }}/cgitrc" owner=root group=root mode=0644
- name: configure cgit uwsgi service - name: configure cgit uwsgi service
template: src=cgit.ini.j2 dest=/etc/uwsgi/vassals/cgit.ini owner={{ aurweb_user }} group=http mode=0644 template: src=cgit.ini.j2 dest=/etc/uwsgi/vassals/cgit.ini owner={{ aurweb_user }} group=http mode=0644
...@@ -160,7 +160,7 @@ ...@@ -160,7 +160,7 @@
- name: deploy new cgit release - name: deploy new cgit release
become: true become: true
become_user: "{{ aurweb_user }}" become_user: "{{ aurweb_user }}"
file: path=/etc/uwsgi/vassals/cgit.ini state=touch file: path=/etc/uwsgi/vassals/cgit.ini state=touch owner=root group=root mode=0644
when: cgit.changed when: cgit.changed
- name: configure smartgit uwsgi service - name: configure smartgit uwsgi service
...@@ -169,7 +169,7 @@ ...@@ -169,7 +169,7 @@
- name: deploy new smartgit release - name: deploy new smartgit release
become: true become: true
become_user: "{{ aurweb_user }}" become_user: "{{ aurweb_user }}"
file: path=/etc/uwsgi/vassals/smartgit.ini state=touch file: path=/etc/uwsgi/vassals/smartgit.ini state=touch mode=preserve
when: git.changed when: git.changed
- name: create git repo dir - name: create git repo dir
...@@ -227,6 +227,9 @@ ...@@ -227,6 +227,9 @@
file: file:
src: "{{ aurweb_git_hook }}" src: "{{ aurweb_git_hook }}"
dest: "{{ aurweb_git_dir }}/hooks/update" dest: "{{ aurweb_git_dir }}/hooks/update"
owner: root
group: root
mode: 0755
state: link state: link
- name: install AUR systemd service and timers - name: install AUR systemd service and timers
......
...@@ -42,7 +42,7 @@ ...@@ -42,7 +42,7 @@
changed_when: check_postgres_user.stdout | length > 0 changed_when: check_postgres_user.stdout | length > 0
- name: make postgres backup directory - name: make postgres backup directory
file: path={{ postgres_backup_dir }} owner=root group=root state=directory file: path={{ postgres_backup_dir }} owner=root group=root mode=0755 state=directory
when: check_postgres_user is succeeded and postgres_backup_dir is defined when: check_postgres_user is succeeded and postgres_backup_dir is defined
- name: install mysql backup script - name: install mysql backup script
...@@ -50,11 +50,11 @@ ...@@ -50,11 +50,11 @@
when: mysql_backup_dir is defined when: mysql_backup_dir is defined
- name: install mysql backup config - name: install mysql backup config
template: src=backup-my.cnf.j2 dest={{ mysql_backup_defaults }} template: src=backup-my.cnf.j2 dest={{ mysql_backup_defaults }} owner=root group=root mode=0644
when: mysql_backup_defaults is defined when: mysql_backup_defaults is defined
- name: create mysql backup directory - name: create mysql backup directory
file: path={{ mysql_backup_dir }} state=directory owner=root group=root file: path={{ mysql_backup_dir }} state=directory owner=root group=root mode=0755
when: mysql_backup_dir is defined when: mysql_backup_dir is defined
- name: install gitlab backup script - name: install gitlab backup script
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
template: src=bugbot.j2 dest=/srv/bugbot/env owner=root group=root mode=0600 template: src=bugbot.j2 dest=/srv/bugbot/env owner=root group=root mode=0600
- name: install bugbot systemd service - name: install bugbot systemd service
copy: src=bugbot.service dest=/etc/systemd/system/bugbot.service copy: src=bugbot.service dest=/etc/systemd/system/bugbot.service owner=root group=root mode=0644
- name: start and enable bugbot service - name: start and enable bugbot service
systemd: name=bugbot.service enabled=yes state=started daemon_reload=yes systemd: name=bugbot.service enabled=yes state=started daemon_reload=yes
...@@ -55,7 +55,7 @@ ...@@ -55,7 +55,7 @@
when: configure_network when: configure_network
- name: create symlink to resolv.conf - name: create symlink to resolv.conf
file: src=/run/systemd/resolve/stub-resolv.conf dest=/etc/resolv.conf state=link force=yes file: src=/run/systemd/resolve/stub-resolv.conf dest=/etc/resolv.conf state=link force=yes owner=root group=root mode=0755
when: configure_network and not host_has_local_dns_resolver when: configure_network and not host_has_local_dns_resolver
- name: create resolv.conf - name: create resolv.conf
......
...@@ -14,10 +14,10 @@ ...@@ -14,10 +14,10 @@
register: release register: release
- name: fix home permissions - name: fix home permissions
file: state=directory owner={{ conference_user }} group={{ conference_user }} path="{{ conference_dir }}" file: state=directory owner={{ conference_user }} group={{ conference_user }} mode=0750 path="{{ conference_dir }}"
- name: create static conf.archlinux.org dir - name: create static conf.archlinux.org dir
file: state=directory owner={{ conference_user }} group={{ conference_user }} path="{{ static_conference_dir }}" file: state=directory owner={{ conference_user }} group={{ conference_user }} mode=0755 path="{{ static_conference_dir }}"
- name: generate conf.archlinux.org site - name: generate conf.archlinux.org site
command: hugo command: hugo
......
...@@ -76,7 +76,7 @@ ...@@ -76,7 +76,7 @@
tags: ["archusers"] tags: ["archusers"]
- name: create dbscripts paths - name: create dbscripts paths
file: path="{{ item }}" state=directory file: path="{{ item }}" state=directory owner=root group=root mode=0755
with_items: with_items:
- /srv/repos/svn-community - /srv/repos/svn-community
- /srv/repos/svn-packages - /srv/repos/svn-packages
...@@ -167,19 +167,19 @@ ...@@ -167,19 +167,19 @@
- svn-packages - svn-packages
- name: make /srv/svn - name: make /srv/svn
file: path=/srv/svn state=directory file: path=/srv/svn state=directory owner=root group=root mode=0755
- name: symlink /srv/svn/community to /srv/repos/svn-community/svn - name: symlink /srv/svn/community to /srv/repos/svn-community/svn
file: path=/srv/svn/community src=/srv/repos/svn-community/svn state=link file: path=/srv/svn/community src=/srv/repos/svn-community/svn state=link owner=root group=root mode=0755
- name: symlink /srv/svn/packages to /srv/repos/svn-packages/svn - name: symlink /srv/svn/packages to /srv/repos/svn-packages/svn
file: path=/srv/svn/packages src=/srv/repos/svn-packages/svn state=link file: path=/srv/svn/packages src=/srv/repos/svn-packages/svn state=link owner=root group=root mode=0755
- name: symlink /community to /srv/repos/svn-community/dbscripts - name: symlink /community to /srv/repos/svn-community/dbscripts
file: path=/community src=/srv/repos/svn-community/dbscripts state=link file: path=/community src=/srv/repos/svn-community/dbscripts state=link owner=root group=root mode=0755
- name: symlink /packages to /srv/repos/svn-packages/dbscripts - name: symlink /packages to /srv/repos/svn-packages/dbscripts
file: path=/packages src=/srv/repos/svn-packages/dbscripts state=link file: path=/packages src=/srv/repos/svn-packages/dbscripts state=link owner=root group=root mode=0755
- name: put rsyncd.conf into tmpfiles - name: put rsyncd.conf into tmpfiles
copy: src=rsyncd-tmpfiles.d dest=/etc/tmpfiles.d/rsyncd.conf owner=root group=root mode=0644 copy: src=rsyncd-tmpfiles.d dest=/etc/tmpfiles.d/rsyncd.conf owner=root group=root mode=0644
...@@ -301,7 +301,7 @@ ...@@ -301,7 +301,7 @@
- firewall - firewall
- name: configure svnserve - name: configure svnserve
copy: dest=/etc/conf.d/svnserve content="SVNSERVE_ARGS=-R -r /srv/svn\n" copy: dest=/etc/conf.d/svnserve owner=root group=root mode=0644 content="SVNSERVE_ARGS=-R -r /srv/svn\n"
- name: start and enable svnserve - name: start and enable svnserve
service: name=svnserve enabled=yes state=started service: name=svnserve enabled=yes state=started
......
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
git: repo="{{ docker_image_git_remote }}" version="{{ docker_image_git_tag }}" dest="{{ docker_image_git_dir }}" force=yes git: repo="{{ docker_image_git_remote }}" version="{{ docker_image_git_tag }}" dest="{{ docker_image_git_dir }}" force=yes
- name: install sudoers file - name: install sudoers file
template: src=sudoers.d.j2 dest=/etc/sudoers.d/docker-image template: src=sudoers.d.j2 dest=/etc/sudoers.d/docker-image owner=root group=root mode=0440
- name: install docker_image service - name: install docker_image service
template: src='docker-image.service.j2' dest='/etc/systemd/system/docker-image.service' owner=root group=root mode=0644 template: src='docker-image.service.j2' dest='/etc/systemd/system/docker-image.service' owner=root group=root mode=0644
......
...@@ -11,15 +11,11 @@ ...@@ -11,15 +11,11 @@
version: "{{ fluxbb_version }}" version: "{{ fluxbb_version }}"
- name: fix home permissions - name: fix home permissions
file: > file: state=directory owner=fluxbb group=fluxbb mode=0750 recurse=yes path="{{ fluxbb_dir }}"
state=directory owner=fluxbb group=fluxbb recurse=yes
path="{{ fluxbb_dir }}"
changed_when: False changed_when: False
- name: create uploads directory - name: create uploads directory
file: > file: state=directory owner=fluxbb group=fluxbb mode=0755 path="{{ fluxbb_dir }}/uploads"
state=directory owner=fluxbb group=fluxbb
path="{{ fluxbb_dir }}/uploads"
- name: create mariadb database - name: create mariadb database
mysql_db: name=fluxbb state=present mysql_db: name=fluxbb state=present
......
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
register: user_created register: user_created
- name: fix home permissions - name: fix home permissions
file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}" file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}" mode=0750
- name: set up nginx - name: set up nginx
template: src=nginx.d.conf.j2 dest="{{ flyspray_nginx_conf }}" owner=root group=root mode=644 template: src=nginx.d.conf.j2 dest="{{ flyspray_nginx_conf }}" owner=root group=root mode=644
...@@ -43,7 +43,7 @@ ...@@ -43,7 +43,7 @@
register: release register: release
- name: fix home permissions - name: fix home permissions
file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}" file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}" mode=0755
- name: take away setup dir write permissions - name: take away setup dir write permissions
file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=000 file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=000
......
...@@ -33,6 +33,9 @@ ...@@ -33,6 +33,9 @@
- name: increase concurrency - name: increase concurrency
lineinfile: lineinfile:
path: /etc/gitlab-runner/config.toml