Verified Commit bd90028c authored by Jan Alexander Steffens (heftig)'s avatar Jan Alexander Steffens (heftig)
Browse files

roles: Ensure leading zero for octal modes

I've had mode=755 create garbage already...
parent bf4b942f
......@@ -37,7 +37,7 @@
- daemon reload
- name: configure archweb
template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=660
template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=0660
- name: start and enable archweb services
service: name="{{ item }}" enabled=yes state=started
......
......@@ -16,13 +16,13 @@
ignore_errors: True # This can sometimes fail if a backup is in progress :/
- name: install scripts
template: src={{item}}.j2 dest=/usr/local/bin/{{item}} owner=root group=root mode=755
template: src={{item}}.j2 dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
with_items:
- borg-backup.sh
- borg
- name: install postgres backup script
template: src=backup-postgres.sh.j2 dest=/usr/local/bin/backup-postgres.sh owner=root group=root mode=755
template: src=backup-postgres.sh.j2 dest=/usr/local/bin/backup-postgres.sh owner=root group=root mode=0755
when: postgres_backup_dir != None
- name: check whether postgres user exists
......@@ -35,7 +35,7 @@
when: check_postgres_user|succeeded and postgres_backup_dir != None
- name: install systemd timers for backup
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- borg-backup.timer
- borg-backup.service
......
......@@ -7,10 +7,10 @@
user: home="{{ backup_dir }}" name=borg
- name: create borg user home
file: path="{{ backup_dir }}" state=directory owner=borg group=borg mode=700
file: path="{{ backup_dir }}" state=directory owner=borg group=borg mode=0700
- name: create the root backup directory at {{ backup_dir }}
file: path="{{ backup_dir }}/{{ item }}" state=directory owner=borg group=borg mode=700
file: path="{{ backup_dir }}/{{ item }}" state=directory owner=borg group=borg mode=0700
with_items: "{{ backup_clients }}"
- name: fetch ssh keys
......
......@@ -16,7 +16,7 @@
user: name=sourceballs shell=/sbin/nologin
- name: set up sudoers.d for special users
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=600
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
- stat: path="/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem"
register: certfile
......@@ -24,14 +24,14 @@
- nginx
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=644
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=0644
notify:
- restart nginx
tags:
- nginx
- name: put dbscripts.htpasswd in place
copy: src=dbscripts.htpasswd dest=/etc/nginx/auth/dbscripts.htpasswd owner=root group=http mode=640
copy: src=dbscripts.htpasswd dest=/etc/nginx/auth/dbscripts.htpasswd owner=root group=http mode=0640
tags:
- nginx
......@@ -82,7 +82,7 @@
exclusive: yes
- name: create staging directories in user homes
file: path=/home/{{item[0]}}/staging/{{item[1]}} state=directory owner={{item[0]}} group=users mode=755
file: path=/home/{{item[0]}}/staging/{{item[1]}} state=directory owner={{item[0]}} group=users mode=0755
with_nested:
- "{{arch_users}}"
- ['core', 'extra', 'testing', 'staging', 'community', 'community-staging', 'community-testing', 'multilib', 'multilib-staging', 'multilib-testing']
......@@ -154,7 +154,7 @@
file: path=/packages src=/srv/repos/svn-packages/dbscripts state=link
- name: put rsyncd.conf into tmpfiles
copy: src=rsyncd-tmpfiles.d dest=/etc/tmpfiles.d/rsyncd.conf owner=root group=root mode=644
copy: src=rsyncd-tmpfiles.d dest=/etc/tmpfiles.d/rsyncd.conf owner=root group=root mode=0644
register: rsyncdtmpfiles
- name: use tmpfiles.d/rsyncd.conf
......@@ -162,22 +162,22 @@
when: rsyncdtmpfiles.changed
- name: create rsyncd-conf-genscripts
file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=700
file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=0700
- name: install rsync.conf.proto
copy: src=rsyncd.conf.proto dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=644
copy: src=rsyncd.conf.proto dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=0644
- name: install rsyncd.secrets
copy: src=rsyncd.secrets dest=/etc/rsyncd.secrets owner=root group=root mode=600
copy: src=rsyncd.secrets dest=/etc/rsyncd.secrets owner=root group=root mode=0600
- name: configure gen_rsyncd.conf.pl
template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=700
template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=0700
- name: generate mirror config
command: /etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl
- name: install svnlog
copy: src=svnlog dest=/usr/local/bin/svnlog owner=root group=root mode=755
copy: src=svnlog dest=/usr/local/bin/svnlog owner=root group=root mode=0755
- name: add arch-svntogit user
user: name=svntogit shell=/sbin/nologin home=/srv/svntogit generate_ssh_key=yes ssh_key_bits=4096
......@@ -193,7 +193,7 @@
become_user: svntogit
- name: template arch-svntogit
copy: src=update-repos.sh dest=/srv/svntogit/update-repos.sh owner=root group=root mode=755
copy: src=update-repos.sh dest=/srv/svntogit/update-repos.sh owner=root group=root mode=0755
- name: create svntogit repos subdir
file: path="/srv/svntogit/repos" state=directory owner=svntogit group=svntogit mode=0775
......@@ -236,7 +236,7 @@
file: path="/srv/svntogit" state=directory owner=svntogit group=svntogit mode=0775
- name: install repo helpers
copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=755
copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
with_items:
- lsrepo
- checklib32
......@@ -251,10 +251,10 @@
service: name=svnserve enabled=yes state=started
- name: set up update-abs
template: src=update-abs.sh.j2 dest=/usr/local/bin/update-abs.sh owner=root group=root mode=755
template: src=update-abs.sh.j2 dest=/usr/local/bin/update-abs.sh owner=root group=root mode=0755
- name: install systemd timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- update-abs.timer
- update-abs.service
......
......@@ -4,7 +4,7 @@
pacman: name=dovecot,pigeonhole state=present
- name: install dovecot.conf
template: src=dovecot.conf.j2 dest=/etc/dovecot/dovecot.conf owner=root group=root mode=644
template: src=dovecot.conf.j2 dest=/etc/dovecot/dovecot.conf owner=root group=root mode=0644
notify:
- reload dovecot
......
......@@ -4,42 +4,42 @@
pacman: name=nginx-mainline,certbot state=present
- name: configure nginx
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=644
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=0644
notify:
- restart nginx
- name: snippets directory
file: state=directory path=/etc/nginx/snippets owner=root group=root mode=755
file: state=directory path=/etc/nginx/snippets owner=root group=root mode=0755
- name: copy snippets
template: src={{ item }} dest=/etc/nginx/snippets owner=root group=root mode=644
template: src={{ item }} dest=/etc/nginx/snippets owner=root group=root mode=0644
with_items:
- letsencrypt.conf
- sslsettings.conf
- name: create nginx.d directory
file: state=directory path=/etc/nginx/nginx.d owner=root group=root mode=755
file: state=directory path=/etc/nginx/nginx.d owner=root group=root mode=0755
- name: create auth directory
file: state=directory path=/etc/nginx/auth owner=root group=root mode=755
file: state=directory path=/etc/nginx/auth owner=root group=root mode=0755
- name: create default nginx log directory
file: state=directory path=/var/log/nginx/default owner=http group=log mode=750
file: state=directory path=/var/log/nginx/default owner=http group=log mode=0750
- name: create unique DH group
command: openssl dhparam -out /etc/ssl/dhparams.pem 2048 creates=/etc/ssl/dhparams.pem
- name: create directory to store validation stuff in
file: owner=root group=http mode=750 path={{ letsencrypt_validation_dir }} state=directory
file: owner=root group=http mode=0750 path={{ letsencrypt_validation_dir }} state=directory
- name: install letsencrypt hook
copy: src=hook.sh dest=/etc/letsencrypt/hook.sh owner=root group=root mode=755
copy: src=hook.sh dest=/etc/letsencrypt/hook.sh owner=root group=root mode=0755
- name: create letsencrypt hook dir
file: state=directory path=/etc/letsencrypt/hook.d owner=root group=root mode=755
file: state=directory path=/etc/letsencrypt/hook.d owner=root group=root mode=0755
- name: install letsencrypt renewal service
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- certbot-renewal.service
- certbot-renewal.timer
......@@ -47,7 +47,7 @@
- daemon reload
- name: install inventory_hostname vhost
template: src=nginx-hostname-vhost.conf.j2 dest=/etc/nginx/nginx.d/nginx-hostname-vhost.conf owner=root group=root mode=644
template: src=nginx-hostname-vhost.conf.j2 dest=/etc/nginx/nginx.d/nginx-hostname-vhost.conf owner=root group=root mode=0644
notify:
- restart nginx
......
......@@ -4,14 +4,14 @@
pacman: name=opendkim state=present
- name: install opendkim.conf
template: src=opendkim.conf.j2 dest=/etc/opendkim/opendkim.conf owner=root group=root mode=644
template: src=opendkim.conf.j2 dest=/etc/opendkim/opendkim.conf owner=root group=root mode=0644
notify:
- restart opendkim
- file: path="/var/spool/opendkim/" state=directory owner=opendkim group=postfix mode=750
- file: path="/var/spool/opendkim/" state=directory owner=opendkim group=postfix mode=0750
- name: install domains config
template: src=domains.j2 dest=/etc/opendkim/domains owner=root group=root mode=644
template: src=domains.j2 dest=/etc/opendkim/domains owner=root group=root mode=0644
notify:
- restart opendkim
......
......@@ -4,33 +4,33 @@
pacman: name=git,python2,libxslt state=present
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=644
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=0644
notify:
- restart nginx
- name: make nginx log dir
file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=http group=log mode=755
file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=http group=log mode=0755
- name: clone planet git repo
git: dest={{ planet_dir }} repo=https://git.archlinux.org/vhosts/planet.archlinux.org.git
- name: make cache and output dirs
file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=755
file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=0755
with_items:
- cache
- output
- name: fix permissions for themes
file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=755
file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=0755
with_items:
- archlinux
- common
- name: install systemd timer
copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=644
copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=0644
- name: install systemd unit file
template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=644
template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=0644
- name: reload systemd
command: systemctl daemon-reload
......
......@@ -4,7 +4,7 @@
pacman: name=postfix state=present
- name: install template configs
template: src={{item}}.j2 dest=/etc/postfix/{{item}} owner=root group=root mode=644
template: src={{item}}.j2 dest=/etc/postfix/{{item}} owner=root group=root mode=0644
notify:
- reload postfix
with_items:
......@@ -14,7 +14,7 @@
- aliases
- name: install additional files
copy: src={{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=644
copy: src={{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=0644
with_items:
- access_client
- access_sender
......
......@@ -4,7 +4,7 @@
pacman: name=postfwd state=present
- name: install postfwd.cf
template: src=postfwd.cf.j2 dest=/etc/postfwd/postfwd.cf owner=root group=root mode=600
template: src=postfwd.cf.j2 dest=/etc/postfwd/postfwd.cf owner=root group=root mode=0600
notify:
- reload postfwd
......
......@@ -15,7 +15,7 @@
- restart postgres
- name: configure postgres
template: src={{ item }}.j2 dest=/var/lib/postgres/data/{{ item }} owner=postgres group=postgres mode=600
template: src={{ item }}.j2 dest=/var/lib/postgres/data/{{ item }} owner=postgres group=postgres mode=0600
with_items:
- postgresql.conf
- pg_hba.conf
......
---
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/sources.conf owner=root group=root mode=644
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/sources.conf owner=root group=root mode=0644
notify:
- restart nginx
- name: make nginx log dir
file: path=/var/log/nginx/{{ sources_domain }} state=directory owner=http group=log mode=755
file: path=/var/log/nginx/{{ sources_domain }} state=directory owner=http group=log mode=0755
- name: make sources dir
file: path={{ sources_dir }} state=directory owner=root group=root mode=755
file: path={{ sources_dir }} state=directory owner=root group=root mode=0755
- name: make symlink to repo sources
file: path={{ sources_dir }}/sources src=/srv/ftp/sources state=link owner=root group=root mode=755
file: path={{ sources_dir }}/sources src=/srv/ftp/sources state=link owner=root group=root mode=0755
- name: make symlink to other sources
file: path={{ sources_dir }}/other src=/srv/ftp/other state=link owner=root group=root mode=755
file: path={{ sources_dir }}/other src=/srv/ftp/other state=link owner=root group=root mode=0755
......@@ -5,10 +5,10 @@
pacman: name=spampd,make,gcc state=present
- name: install sa-update.sh
copy: src=sa-update.sh dest=/usr/local/bin/sa-update.sh owner=root group=root mode=755
copy: src=sa-update.sh dest=/usr/local/bin/sa-update.sh owner=root group=root mode=0755
- name: install support files
copy: src={{ item }} dest=/etc/mail/spamassassin/{{ item }} owner=root group=root mode=644
copy: src={{ item }} dest=/etc/mail/spamassassin/{{ item }} owner=root group=root mode=0644
with_items:
- update-gpgkeys
- update-channels
......@@ -16,7 +16,7 @@
- zmi.gpg.key
- name: install systemd timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- sa-update.timer
- sa-update.service
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment