From 3ac1bac037ee809506fe0ca7f9b23b035fe2d222 Mon Sep 17 00:00:00 2001
From: Leonidas Spyropoulos <artafinde@archlinux.org>
Date: Sat, 18 Feb 2023 09:35:40 +0000
Subject: [PATCH] ansible-lint: Forbidden implicit octal value 'xxxx'
Convert the permissions to strings to avoid octal interpretation.
Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
---
roles/archbuild/tasks/main.yml | 2 +-
roles/archive/tasks/main.yml | 4 ++--
roles/archive_web/tasks/main.yml | 4 ++--
roles/aurweb/tasks/main.yml | 2 +-
roles/borg_server/tasks/main.yml | 4 ++--
roles/fail2ban/tasks/main.yml | 16 ++++++++--------
roles/hetzner_storagebox/tasks/main.yml | 2 +-
roles/install_arch/tasks/main.yml | 4 ++--
roles/keycloak/tasks/main.yml | 2 +-
roles/maintenance/tasks/main.yml | 6 +++---
roles/matrix/tasks/main.yml | 4 ++--
roles/postgres/tasks/main.yml | 2 +-
roles/sudo/tasks/main.yml | 4 ++--
13 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/roles/archbuild/tasks/main.yml b/roles/archbuild/tasks/main.yml
index a083b68c4..f573d4506 100644
--- a/roles/archbuild/tasks/main.yml
+++ b/roles/archbuild/tasks/main.yml
@@ -79,7 +79,7 @@
path: '/var/lib/{{ "/".join(item) }}'
owner: root
group: root
- mode: 0777
+ mode: '0777'
with_nested:
- [archbuilddest]
- [srcdest]
diff --git a/roles/archive/tasks/main.yml b/roles/archive/tasks/main.yml
index 5e0664c58..0f9ac67a9 100644
--- a/roles/archive/tasks/main.yml
+++ b/roles/archive/tasks/main.yml
@@ -7,7 +7,7 @@
state: directory
owner: archive
group: archive
- mode: 0755
+ mode: '0755'
- name: Setup archive configuration
template:
@@ -15,7 +15,7 @@
dest: /etc/archive.conf
owner: root
group: root
- mode: 0644
+ mode: '0644'
- name: Setup archive timer
systemd: name=archive.timer enabled=yes state=started
diff --git a/roles/archive_web/tasks/main.yml b/roles/archive_web/tasks/main.yml
index d2447e194..5ac4916c7 100644
--- a/roles/archive_web/tasks/main.yml
+++ b/roles/archive_web/tasks/main.yml
@@ -10,7 +10,7 @@
dest: /etc/nginx/nginx.d/archive.conf
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify:
- Reload nginx
tags: ['nginx']
@@ -21,4 +21,4 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: '0755'
diff --git a/roles/aurweb/tasks/main.yml b/roles/aurweb/tasks/main.yml
index e12525c15..7a6ded55a 100644
--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@@ -263,7 +263,7 @@
state: touch
owner: "{{ aurweb_user }}"
group: http
- mode: 0644
+ mode: '0644'
when: git.changed
- name: Create git repo dir
diff --git a/roles/borg_server/tasks/main.yml b/roles/borg_server/tasks/main.yml
index 889bac2c2..7c9264a58 100644
--- a/roles/borg_server/tasks/main.yml
+++ b/roles/borg_server/tasks/main.yml
@@ -12,7 +12,7 @@
state: directory
owner: borg
group: borg
- mode: 0700
+ mode: '0700'
- name: Create the root backup directory at {{ backup_dir }}
file:
@@ -20,7 +20,7 @@
state: directory
owner: borg
group: borg
- mode: 0700
+ mode: '0700'
with_items: "{{ backup_clients }}"
- name: Fetch ssh keys from each borg client machine
diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml
index 19418fea5..dc0642029 100644
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@@ -11,7 +11,7 @@
state: "directory"
owner: "root"
group: "root"
- mode: 0755
+ mode: '0755'
- name: Install systemd unit override file
template:
@@ -19,7 +19,7 @@
dest: "/etc/systemd/system/fail2ban.service.d/override.conf"
owner: "root"
group: "root"
- mode: 0644
+ mode: '0644'
- name: Install local config files
template:
@@ -27,7 +27,7 @@
dest: "/etc/fail2ban/{{ item }}"
owner: "root"
group: "root"
- mode: 0644
+ mode: '0644'
with_items:
- "fail2ban.local"
- "jail.local"
@@ -40,7 +40,7 @@
dest: "/etc/fail2ban/action.d/firewallcmd-allports.local"
owner: "root"
group: "root"
- mode: 0644
+ mode: '0644'
notify:
- Restart fail2ban
@@ -51,7 +51,7 @@
dest: "/etc/fail2ban/jail.d/sshd.local"
owner: "root"
group: "root"
- mode: 0644
+ mode: '0644'
notify:
- Reload fail2ban jails
@@ -62,7 +62,7 @@
dest: "/etc/fail2ban/jail.d/postfix.local"
owner: "root"
group: "root"
- mode: 0644
+ mode: '0644'
notify:
- Reload fail2ban jails
@@ -73,7 +73,7 @@
dest: "/etc/fail2ban/jail.d/dovecot.local"
owner: "root"
group: "root"
- mode: 0644
+ mode: '0644'
notify:
- Reload fail2ban jails
@@ -84,7 +84,7 @@
dest: "/etc/fail2ban/jail.d/nginx-limit-req.local"
owner: "root"
group: "root"
- mode: 0644
+ mode: '0644'
notify:
- Reload fail2ban jails
diff --git a/roles/hetzner_storagebox/tasks/main.yml b/roles/hetzner_storagebox/tasks/main.yml
index c06aa7879..1c1eb507b 100644
--- a/roles/hetzner_storagebox/tasks/main.yml
+++ b/roles/hetzner_storagebox/tasks/main.yml
@@ -99,7 +99,7 @@
blockinfile:
path: /root/.ssh/config
create: true
- mode: 0600
+ mode: '0600'
block: |
Host {{ storagebox_hostname }}
User {{ backup_client_usernames[item] }}
diff --git a/roles/install_arch/tasks/main.yml b/roles/install_arch/tasks/main.yml
index 71e549f19..0512d00c2 100644
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -57,7 +57,7 @@
get_url:
url: "{{ item }}"
dest: /tmp/
- mode: 0644
+ mode: '0644'
loop:
- https://geo.mirror.pkgbuild.com/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.gz
- https://archlinux.org/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.gz.sig
@@ -151,7 +151,7 @@
path: /mnt/etc/default/grub
owner: root
group: root
- mode: 0644
+ mode: '0644'
regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
line: "GRUB_CMDLINE_LINUX_DEFAULT=\"rootflags=compress-force=zstd\""
when: filesystem == "btrfs"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index bfdd8dc3f..0265cfc2c 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -57,7 +57,7 @@
password: "{{ vault_keycloak_nginx_passwd }}"
owner: root
group: http
- mode: 0640
+ mode: '0640'
- name: Create ssl cert
include_role:
diff --git a/roles/maintenance/tasks/main.yml b/roles/maintenance/tasks/main.yml
index 0dd1bd4aa..b1e4e73d9 100644
--- a/roles/maintenance/tasks/main.yml
+++ b/roles/maintenance/tasks/main.yml
@@ -14,7 +14,7 @@
dest: "{{ service_nginx_conf }}"
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify: Reload nginx
when: service_nginx_template is not defined and maintenance is defined and maintenance | bool
@@ -24,7 +24,7 @@
dest: "{{ service_nginx_conf }}"
owner: root
group: root
- mode: 0644
+ mode: '0644'
notify: Reload nginx
when: service_nginx_template is defined and maintenance is defined and maintenance | bool
@@ -34,7 +34,7 @@
dest: "{{ maintenance_http_dir }}/{{ service_domain }}/503.html"
owner: root
group: root
- mode: 0644
+ mode: '0644'
when: maintenance is defined and maintenance | bool
- name: Force reload nginx
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index b9f19644e..e7d1d076e 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -238,7 +238,7 @@
dest: /etc/synapse/{{ matrix_server_name }}.signing.key
owner: root
group: synapse
- mode: 0640
+ mode: '0640'
- name: Install ircpass key # noqa template-instead-of-copy
copy:
@@ -246,7 +246,7 @@
dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key
owner: root
group: synapse
- mode: 0640
+ mode: '0640'
- name: Make nginx log dir
file: path=/var/log/nginx/{{ matrix_domain }} state=directory owner=root group=root mode=0755
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index c46fa8660..81dde9e8a 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -14,7 +14,7 @@
group: postgres
attributes: "+C"
path: /var/lib/postgres/data
- mode: 0700
+ mode: '0700'
when: filesystem == "btrfs"
- name: Initialize postgres
diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
index 6063f584b..62a921c9b 100644
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@@ -20,7 +20,7 @@
insertafter: '^# %wheel ALL=\(ALL\) ALL'
line: '%wheel ALL=(ALL) ALL'
validate: 'visudo -cf %s'
- mode: 0440
+ mode: '0440'
owner: root
group: root
@@ -32,6 +32,6 @@
insertafter: '^# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
line: 'Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin"'
validate: 'visudo -cf %s'
- mode: 0440
+ mode: '0440'
owner: root
group: root
--
GitLab