Always set file permissions
This commit is contained in:
Yohann D'ANELLO
parent
d60b75109a
commit
9b8dee098e
9 changed files with 24 additions and 4 deletions
|
|
@ -19,6 +19,7 @@
|
|||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
state: present
|
||||
mode: 0644
|
||||
loop:
|
||||
- option: confirm
|
||||
value: "true"
|
||||
|
|
|
|||
|
|
@ -77,6 +77,7 @@
|
|||
copy:
|
||||
src: "skel/dot_{{ item }}"
|
||||
dest: "/etc/skel/.{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- zshrc
|
||||
- zshrc.local
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@
|
|||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
state: present
|
||||
mode: 0644
|
||||
notify: Restart fail2ban service
|
||||
loop:
|
||||
- section: sshd
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@
|
|||
file:
|
||||
path: /etc/letsencrypt/conf.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Add Certbot configuration
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -18,17 +18,19 @@
|
|||
- name: Install frr
|
||||
apt:
|
||||
name: frr
|
||||
|
||||
|
||||
- name: setup frr daemons
|
||||
template:
|
||||
src: daemons.j2
|
||||
dest: /etc/frr/daemons
|
||||
mode: 0644
|
||||
notify: restart frr
|
||||
|
||||
- name: setup frr.conf
|
||||
template:
|
||||
src: frr.conf.j2
|
||||
dest: /etc/frr/frr.conf
|
||||
mode: 0644
|
||||
notify: restart frr
|
||||
|
||||
- name: enable+start frr
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@
|
|||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
loop:
|
||||
- /etc/ldap/slapd.d
|
||||
- /var/lib/ldap
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
template:
|
||||
src: "nginx/snippets/{{ item }}.j2"
|
||||
dest: "/etc/nginx/snippets/{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- options-ssl.conf
|
||||
- options-proxypass.conf
|
||||
|
|
@ -19,11 +20,13 @@
|
|||
template:
|
||||
src: letsencrypt/dhparam.j2
|
||||
dest: /etc/letsencrypt/dhparam
|
||||
mode: 0644
|
||||
|
||||
- name: Copy reverse proxy sites
|
||||
template:
|
||||
src: "nginx/sites-available/{{ item }}.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- reverseproxy
|
||||
- reverseproxy_redirect_dname
|
||||
|
|
@ -35,6 +38,7 @@
|
|||
src: "/etc/nginx/sites-available/{{ item }}"
|
||||
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
||||
state: link
|
||||
mode: 0644
|
||||
loop:
|
||||
- reverseproxy
|
||||
- reverseproxy_redirect_dname
|
||||
|
|
@ -45,6 +49,7 @@
|
|||
template:
|
||||
src: www/html/50x.html.j2
|
||||
dest: /var/www/html/50x.html
|
||||
mode: 0644
|
||||
|
||||
- name: Indicate role in motd
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -13,12 +13,14 @@
|
|||
template:
|
||||
src: prometheus/prometheus.yml.j2
|
||||
dest: /etc/prometheus/prometheus.yml
|
||||
mode: 0644
|
||||
notify: Restart Prometheus
|
||||
|
||||
- name: Configure Prometheus alert rules
|
||||
template:
|
||||
src: "prometheus/{{ item }}.j2"
|
||||
dest: "/etc/prometheus/{{ item }}"
|
||||
mode: 0644
|
||||
notify: Restart Prometheus
|
||||
loop:
|
||||
- alert.rules.yml
|
||||
|
|
@ -45,12 +47,14 @@
|
|||
copy:
|
||||
content: "{{ prometheus_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets.json
|
||||
mode: 0644
|
||||
|
||||
# We don't need to restart Prometheus when updating nodes
|
||||
- name: Configure Prometheus Ubiquity Unifi SNMP devices
|
||||
copy:
|
||||
content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets_unifi_snmp.json
|
||||
mode: 0644
|
||||
|
||||
- name: Activate prometheus service
|
||||
systemd:
|
||||
|
|
|
|||
|
|
@ -5,11 +5,11 @@
|
|||
- "deb"
|
||||
- "deb-src"
|
||||
|
||||
|
||||
- name: Ensure /var/www exists
|
||||
file:
|
||||
name: "/var/www"
|
||||
state: directory
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Clone re2o repo
|
||||
git:
|
||||
|
|
@ -22,11 +22,11 @@
|
|||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/var/www/re2o/re2o/{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- settings_local.py
|
||||
- local_routers.py
|
||||
|
||||
|
||||
# What follows is a hideous abomination.
|
||||
# Blame freeradius-python3 on backports.
|
||||
|
||||
|
|
@ -41,6 +41,7 @@
|
|||
template:
|
||||
src: freeradius-python3.postinst.j2
|
||||
dest: /var/lib/dpkg/info/freeradius-python3.postinst
|
||||
mode: 0644
|
||||
|
||||
- name: reinstall broken package (this might fail too, for different reasons)
|
||||
apt:
|
||||
|
|
@ -69,6 +70,7 @@
|
|||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/etc/freeradius/3.0/{{ item }}"
|
||||
mode: 0640
|
||||
loop:
|
||||
- sites-enabled/default
|
||||
- sites-enabled/inner-tunnel
|
||||
|
|
@ -77,6 +79,7 @@
|
|||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/etc/freeradius/3.0/{{ item }}"
|
||||
mode: 0640
|
||||
loop:
|
||||
- clients.conf
|
||||
- proxy.conf
|
||||
|
|
@ -113,6 +116,7 @@
|
|||
template:
|
||||
src: "freeradius-logrotate.j2"
|
||||
dest: "/etc/logrotate.d/freeradius"
|
||||
mode: 0644
|
||||
|
||||
|
||||
# Database setup
|
||||
|
|
|
|||
Loading…
Reference in a new issue