diff --git a/roles/archweb/tasks/main.yml b/roles/archweb/tasks/main.yml
index 0fb2a3a5c97e167bee446db371ef804af0834283..a0594d5f6f06dacbac7d503a7ce619474396249b 100644
--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -37,7 +37,7 @@
- daemon reload
- name: configure archweb
- template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=660
+ template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=0660
- name: start and enable archweb services
service: name="{{ item }}" enabled=yes state=started
diff --git a/roles/borg-client/tasks/main.yml b/roles/borg-client/tasks/main.yml
index ee0fe0b80bdf61f3029e50faa736fa375768be12..b46afef137759c1adbb8b2012b62db3c78166ba3 100644
--- a/roles/borg-client/tasks/main.yml
+++ b/roles/borg-client/tasks/main.yml
@@ -16,13 +16,13 @@
ignore_errors: True # This can sometimes fail if a backup is in progress :/
- name: install scripts
- template: src={{item}}.j2 dest=/usr/local/bin/{{item}} owner=root group=root mode=755
+ template: src={{item}}.j2 dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
with_items:
- borg-backup.sh
- borg
- name: install postgres backup script
- template: src=backup-postgres.sh.j2 dest=/usr/local/bin/backup-postgres.sh owner=root group=root mode=755
+ template: src=backup-postgres.sh.j2 dest=/usr/local/bin/backup-postgres.sh owner=root group=root mode=0755
when: postgres_backup_dir != None
- name: check whether postgres user exists
@@ -35,7 +35,7 @@
when: check_postgres_user|succeeded and postgres_backup_dir != None
- name: install systemd timers for backup
- copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
+ copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- borg-backup.timer
- borg-backup.service
diff --git a/roles/borg-server/tasks/main.yml b/roles/borg-server/tasks/main.yml
index ea24b12516a39fca03a65732d4e393f021b48fc1..d26308bb65a232d4c738a3472c6a43f69e7c9a68 100644
--- a/roles/borg-server/tasks/main.yml
+++ b/roles/borg-server/tasks/main.yml
@@ -7,10 +7,10 @@
user: home="{{ backup_dir }}" name=borg
- name: create borg user home
- file: path="{{ backup_dir }}" state=directory owner=borg group=borg mode=700
+ file: path="{{ backup_dir }}" state=directory owner=borg group=borg mode=0700
- name: create the root backup directory at {{ backup_dir }}
- file: path="{{ backup_dir }}/{{ item }}" state=directory owner=borg group=borg mode=700
+ file: path="{{ backup_dir }}/{{ item }}" state=directory owner=borg group=borg mode=0700
with_items: "{{ backup_clients }}"
- name: fetch ssh keys
diff --git a/roles/dbscripts/tasks/main.yml b/roles/dbscripts/tasks/main.yml
index e3cc17cafe965df9f92befb885f1aae8f3acbd32..49c2bc8581ff4afaf07ec0fc570730f271b4fa18 100644
--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -16,7 +16,7 @@
user: name=sourceballs shell=/sbin/nologin
- name: set up sudoers.d for special users
- copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=600
+ copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
- stat: path="/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem"
register: certfile
@@ -24,14 +24,14 @@
- nginx
- name: set up nginx
- template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=644
+ template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=0644
notify:
- restart nginx
tags:
- nginx
- name: put dbscripts.htpasswd in place
- copy: src=dbscripts.htpasswd dest=/etc/nginx/auth/dbscripts.htpasswd owner=root group=http mode=640
+ copy: src=dbscripts.htpasswd dest=/etc/nginx/auth/dbscripts.htpasswd owner=root group=http mode=0640
tags:
- nginx
@@ -82,7 +82,7 @@
exclusive: yes
- name: create staging directories in user homes
- file: path=/home/{{item[0]}}/staging/{{item[1]}} state=directory owner={{item[0]}} group=users mode=755
+ file: path=/home/{{item[0]}}/staging/{{item[1]}} state=directory owner={{item[0]}} group=users mode=0755
with_nested:
- "{{arch_users}}"
- ['core', 'extra', 'testing', 'staging', 'community', 'community-staging', 'community-testing', 'multilib', 'multilib-staging', 'multilib-testing']
@@ -154,7 +154,7 @@
file: path=/packages src=/srv/repos/svn-packages/dbscripts state=link
- name: put rsyncd.conf into tmpfiles
- copy: src=rsyncd-tmpfiles.d dest=/etc/tmpfiles.d/rsyncd.conf owner=root group=root mode=644
+ copy: src=rsyncd-tmpfiles.d dest=/etc/tmpfiles.d/rsyncd.conf owner=root group=root mode=0644
register: rsyncdtmpfiles
- name: use tmpfiles.d/rsyncd.conf
@@ -162,22 +162,22 @@
when: rsyncdtmpfiles.changed
- name: create rsyncd-conf-genscripts
- file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=700
+ file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=0700
- name: install rsync.conf.proto
- copy: src=rsyncd.conf.proto dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=644
+ copy: src=rsyncd.conf.proto dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=0644
- name: install rsyncd.secrets
- copy: src=rsyncd.secrets dest=/etc/rsyncd.secrets owner=root group=root mode=600
+ copy: src=rsyncd.secrets dest=/etc/rsyncd.secrets owner=root group=root mode=0600
- name: configure gen_rsyncd.conf.pl
- template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=700
+ template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=0700
- name: generate mirror config
command: /etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl
- name: install svnlog
- copy: src=svnlog dest=/usr/local/bin/svnlog owner=root group=root mode=755
+ copy: src=svnlog dest=/usr/local/bin/svnlog owner=root group=root mode=0755
- name: add arch-svntogit user
user: name=svntogit shell=/sbin/nologin home=/srv/svntogit generate_ssh_key=yes ssh_key_bits=4096
@@ -193,7 +193,7 @@
become_user: svntogit
- name: template arch-svntogit
- copy: src=update-repos.sh dest=/srv/svntogit/update-repos.sh owner=root group=root mode=755
+ copy: src=update-repos.sh dest=/srv/svntogit/update-repos.sh owner=root group=root mode=0755
- name: create svntogit repos subdir
file: path="/srv/svntogit/repos" state=directory owner=svntogit group=svntogit mode=0775
@@ -236,7 +236,7 @@
file: path="/srv/svntogit" state=directory owner=svntogit group=svntogit mode=0775
- name: install repo helpers
- copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=755
+ copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
with_items:
- lsrepo
- checklib32
@@ -251,10 +251,10 @@
service: name=svnserve enabled=yes state=started
- name: set up update-abs
- template: src=update-abs.sh.j2 dest=/usr/local/bin/update-abs.sh owner=root group=root mode=755
+ template: src=update-abs.sh.j2 dest=/usr/local/bin/update-abs.sh owner=root group=root mode=0755
- name: install systemd timers
- copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
+ copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- update-abs.timer
- update-abs.service
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
index 530c775b0091222ee0045efd691e1b3b0f8bc806..bb49800107efc33ad4c1a2354a957a448d7a6b20 100644
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -4,7 +4,7 @@
pacman: name=dovecot,pigeonhole state=present
- name: install dovecot.conf
- template: src=dovecot.conf.j2 dest=/etc/dovecot/dovecot.conf owner=root group=root mode=644
+ template: src=dovecot.conf.j2 dest=/etc/dovecot/dovecot.conf owner=root group=root mode=0644
notify:
- reload dovecot
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 48e6d1aacf5f74cde73a0fed3daeec4949a155d2..b5c43816923a88e75af1260b58f1d372ddb9c0b2 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -4,42 +4,42 @@
pacman: name=nginx-mainline,certbot state=present
- name: configure nginx
- template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=644
+ template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=0644
notify:
- restart nginx
- name: snippets directory
- file: state=directory path=/etc/nginx/snippets owner=root group=root mode=755
+ file: state=directory path=/etc/nginx/snippets owner=root group=root mode=0755
- name: copy snippets
- template: src={{ item }} dest=/etc/nginx/snippets owner=root group=root mode=644
+ template: src={{ item }} dest=/etc/nginx/snippets owner=root group=root mode=0644
with_items:
- letsencrypt.conf
- sslsettings.conf
- name: create nginx.d directory
- file: state=directory path=/etc/nginx/nginx.d owner=root group=root mode=755
+ file: state=directory path=/etc/nginx/nginx.d owner=root group=root mode=0755
- name: create auth directory
- file: state=directory path=/etc/nginx/auth owner=root group=root mode=755
+ file: state=directory path=/etc/nginx/auth owner=root group=root mode=0755
- name: create default nginx log directory
- file: state=directory path=/var/log/nginx/default owner=http group=log mode=750
+ file: state=directory path=/var/log/nginx/default owner=http group=log mode=0750
- name: create unique DH group
command: openssl dhparam -out /etc/ssl/dhparams.pem 2048 creates=/etc/ssl/dhparams.pem
- name: create directory to store validation stuff in
- file: owner=root group=http mode=750 path={{ letsencrypt_validation_dir }} state=directory
+ file: owner=root group=http mode=0750 path={{ letsencrypt_validation_dir }} state=directory
- name: install letsencrypt hook
- copy: src=hook.sh dest=/etc/letsencrypt/hook.sh owner=root group=root mode=755
+ copy: src=hook.sh dest=/etc/letsencrypt/hook.sh owner=root group=root mode=0755
- name: create letsencrypt hook dir
- file: state=directory path=/etc/letsencrypt/hook.d owner=root group=root mode=755
+ file: state=directory path=/etc/letsencrypt/hook.d owner=root group=root mode=0755
- name: install letsencrypt renewal service
- copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
+ copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- certbot-renewal.service
- certbot-renewal.timer
@@ -47,7 +47,7 @@
- daemon reload
- name: install inventory_hostname vhost
- template: src=nginx-hostname-vhost.conf.j2 dest=/etc/nginx/nginx.d/nginx-hostname-vhost.conf owner=root group=root mode=644
+ template: src=nginx-hostname-vhost.conf.j2 dest=/etc/nginx/nginx.d/nginx-hostname-vhost.conf owner=root group=root mode=0644
notify:
- restart nginx
diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml
index e52ca290ec5b058fcdbacf4c46d03ff6a6417cae..95debe61c74e87b60f1504f2c80119c03850fcce 100644
--- a/roles/opendkim/tasks/main.yml
+++ b/roles/opendkim/tasks/main.yml
@@ -4,14 +4,14 @@
pacman: name=opendkim state=present
- name: install opendkim.conf
- template: src=opendkim.conf.j2 dest=/etc/opendkim/opendkim.conf owner=root group=root mode=644
+ template: src=opendkim.conf.j2 dest=/etc/opendkim/opendkim.conf owner=root group=root mode=0644
notify:
- restart opendkim
-- file: path="/var/spool/opendkim/" state=directory owner=opendkim group=postfix mode=750
+- file: path="/var/spool/opendkim/" state=directory owner=opendkim group=postfix mode=0750
- name: install domains config
- template: src=domains.j2 dest=/etc/opendkim/domains owner=root group=root mode=644
+ template: src=domains.j2 dest=/etc/opendkim/domains owner=root group=root mode=0644
notify:
- restart opendkim
diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml
index d4db25116c90b0322d0b396fb66d173abafff527..05129e29c434e6620e01e20a4688a37045579c3f 100644
--- a/roles/planet/tasks/main.yml
+++ b/roles/planet/tasks/main.yml
@@ -4,33 +4,33 @@
pacman: name=git,python2,libxslt state=present
- name: set up nginx
- template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=644
+ template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/planet.conf owner=root group=root mode=0644
notify:
- restart nginx
- name: make nginx log dir
- file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=http group=log mode=755
+ file: path=/var/log/nginx/{{ planet_domain }} state=directory owner=http group=log mode=0755
- name: clone planet git repo
git: dest={{ planet_dir }} repo=https://git.archlinux.org/vhosts/planet.archlinux.org.git
- name: make cache and output dirs
- file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=755
+ file: path={{ planet_dir }}/archplanet/{{ item }} state=directory owner=http group=http mode=0755
with_items:
- cache
- output
- name: fix permissions for themes
- file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=755
+ file: path={{ planet_dir }}/themes/{{ item }} state=directory owner=http group=http mode=0755
with_items:
- archlinux
- common
- name: install systemd timer
- copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=644
+ copy: src=planet.timer dest=/etc/systemd/system/planet.timer owner=root group=root mode=0644
- name: install systemd unit file
- template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=644
+ template: src=planet.service.j2 dest=/etc/systemd/system/planet.service owner=root group=root mode=0644
- name: reload systemd
command: systemctl daemon-reload
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 4e789003226d7470fcc6e8b4d46d162b3400a478..aafc1043f57636888d125490428c60afc524338f 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -4,7 +4,7 @@
pacman: name=postfix state=present
- name: install template configs
- template: src={{item}}.j2 dest=/etc/postfix/{{item}} owner=root group=root mode=644
+ template: src={{item}}.j2 dest=/etc/postfix/{{item}} owner=root group=root mode=0644
notify:
- reload postfix
with_items:
@@ -14,7 +14,7 @@
- aliases
- name: install additional files
- copy: src={{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=644
+ copy: src={{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=0644
with_items:
- access_client
- access_sender
diff --git a/roles/postfwd/tasks/main.yml b/roles/postfwd/tasks/main.yml
index fe1eb58b462e4683ece1f63a4b217267965e2030..2e0d07339eb6e136f30fa225d07cd5ce53fd2ddb 100644
--- a/roles/postfwd/tasks/main.yml
+++ b/roles/postfwd/tasks/main.yml
@@ -4,7 +4,7 @@
pacman: name=postfwd state=present
- name: install postfwd.cf
- template: src=postfwd.cf.j2 dest=/etc/postfwd/postfwd.cf owner=root group=root mode=600
+ template: src=postfwd.cf.j2 dest=/etc/postfwd/postfwd.cf owner=root group=root mode=0600
notify:
- reload postfwd
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index e10e3cf47c5de985e62a26432fc25574f5c731d2..de09b8bf489d4f4acc07054b3e734030bb938611 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -15,7 +15,7 @@
- restart postgres
- name: configure postgres
- template: src={{ item }}.j2 dest=/var/lib/postgres/data/{{ item }} owner=postgres group=postgres mode=600
+ template: src={{ item }}.j2 dest=/var/lib/postgres/data/{{ item }} owner=postgres group=postgres mode=0600
with_items:
- postgresql.conf
- pg_hba.conf
diff --git a/roles/sources/tasks/main.yml b/roles/sources/tasks/main.yml
index b26661a534fa522fbcb4e5456bb8ea663686a1c3..57c660e17abc0ce771b0465a6415164d606dddc6 100644
--- a/roles/sources/tasks/main.yml
+++ b/roles/sources/tasks/main.yml
@@ -1,18 +1,18 @@
---
- name: set up nginx
- template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/sources.conf owner=root group=root mode=644
+ template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/sources.conf owner=root group=root mode=0644
notify:
- restart nginx
- name: make nginx log dir
- file: path=/var/log/nginx/{{ sources_domain }} state=directory owner=http group=log mode=755
+ file: path=/var/log/nginx/{{ sources_domain }} state=directory owner=http group=log mode=0755
- name: make sources dir
- file: path={{ sources_dir }} state=directory owner=root group=root mode=755
+ file: path={{ sources_dir }} state=directory owner=root group=root mode=0755
- name: make symlink to repo sources
- file: path={{ sources_dir }}/sources src=/srv/ftp/sources state=link owner=root group=root mode=755
+ file: path={{ sources_dir }}/sources src=/srv/ftp/sources state=link owner=root group=root mode=0755
- name: make symlink to other sources
- file: path={{ sources_dir }}/other src=/srv/ftp/other state=link owner=root group=root mode=755
+ file: path={{ sources_dir }}/other src=/srv/ftp/other state=link owner=root group=root mode=0755
diff --git a/roles/spampd/tasks/main.yml b/roles/spampd/tasks/main.yml
index ba9c1891eceb3608973a9400415e441b74c20c8a..00bd14d692c7ce4c3e02362097c164408b40884e 100644
--- a/roles/spampd/tasks/main.yml
+++ b/roles/spampd/tasks/main.yml
@@ -5,10 +5,10 @@
pacman: name=spampd,make,gcc state=present
- name: install sa-update.sh
- copy: src=sa-update.sh dest=/usr/local/bin/sa-update.sh owner=root group=root mode=755
+ copy: src=sa-update.sh dest=/usr/local/bin/sa-update.sh owner=root group=root mode=0755
- name: install support files
- copy: src={{ item }} dest=/etc/mail/spamassassin/{{ item }} owner=root group=root mode=644
+ copy: src={{ item }} dest=/etc/mail/spamassassin/{{ item }} owner=root group=root mode=0644
with_items:
- update-gpgkeys
- update-channels
@@ -16,7 +16,7 @@
- zmi.gpg.key
- name: install systemd timers
- copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
+ copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- sa-update.timer
- sa-update.service