Always set file permissions
This commit is contained in:
Yohann D'ANELLO
parent
d60b75109a
commit
9b8dee098e
9 changed files with 24 additions and 4 deletions
|
|
@ -19,6 +19,7 @@
|
||||||
option: "{{ item.option }}"
|
option: "{{ item.option }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
state: present
|
state: present
|
||||||
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- option: confirm
|
- option: confirm
|
||||||
value: "true"
|
value: "true"
|
||||||
|
|
|
||||||
|
|
@ -77,6 +77,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: "skel/dot_{{ item }}"
|
src: "skel/dot_{{ item }}"
|
||||||
dest: "/etc/skel/.{{ item }}"
|
dest: "/etc/skel/.{{ item }}"
|
||||||
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- zshrc
|
- zshrc
|
||||||
- zshrc.local
|
- zshrc.local
|
||||||
|
|
|
||||||
|
|
@ -54,6 +54,7 @@
|
||||||
option: "{{ item.option }}"
|
option: "{{ item.option }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
state: present
|
state: present
|
||||||
|
mode: 0644
|
||||||
notify: Restart fail2ban service
|
notify: Restart fail2ban service
|
||||||
loop:
|
loop:
|
||||||
- section: sshd
|
- section: sshd
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,7 @@
|
||||||
file:
|
file:
|
||||||
path: /etc/letsencrypt/conf.d
|
path: /etc/letsencrypt/conf.d
|
||||||
state: directory
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
- name: Add Certbot configuration
|
- name: Add Certbot configuration
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -18,17 +18,19 @@
|
||||||
- name: Install frr
|
- name: Install frr
|
||||||
apt:
|
apt:
|
||||||
name: frr
|
name: frr
|
||||||
|
|
||||||
- name: setup frr daemons
|
- name: setup frr daemons
|
||||||
template:
|
template:
|
||||||
src: daemons.j2
|
src: daemons.j2
|
||||||
dest: /etc/frr/daemons
|
dest: /etc/frr/daemons
|
||||||
|
mode: 0644
|
||||||
notify: restart frr
|
notify: restart frr
|
||||||
|
|
||||||
- name: setup frr.conf
|
- name: setup frr.conf
|
||||||
template:
|
template:
|
||||||
src: frr.conf.j2
|
src: frr.conf.j2
|
||||||
dest: /etc/frr/frr.conf
|
dest: /etc/frr/frr.conf
|
||||||
|
mode: 0644
|
||||||
notify: restart frr
|
notify: restart frr
|
||||||
|
|
||||||
- name: enable+start frr
|
- name: enable+start frr
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,7 @@
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
mode: 0755
|
||||||
loop:
|
loop:
|
||||||
- /etc/ldap/slapd.d
|
- /etc/ldap/slapd.d
|
||||||
- /var/lib/ldap
|
- /var/lib/ldap
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@
|
||||||
template:
|
template:
|
||||||
src: "nginx/snippets/{{ item }}.j2"
|
src: "nginx/snippets/{{ item }}.j2"
|
||||||
dest: "/etc/nginx/snippets/{{ item }}"
|
dest: "/etc/nginx/snippets/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- options-ssl.conf
|
- options-ssl.conf
|
||||||
- options-proxypass.conf
|
- options-proxypass.conf
|
||||||
|
|
@ -19,11 +20,13 @@
|
||||||
template:
|
template:
|
||||||
src: letsencrypt/dhparam.j2
|
src: letsencrypt/dhparam.j2
|
||||||
dest: /etc/letsencrypt/dhparam
|
dest: /etc/letsencrypt/dhparam
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Copy reverse proxy sites
|
- name: Copy reverse proxy sites
|
||||||
template:
|
template:
|
||||||
src: "nginx/sites-available/{{ item }}.j2"
|
src: "nginx/sites-available/{{ item }}.j2"
|
||||||
dest: "/etc/nginx/sites-available/{{ item }}"
|
dest: "/etc/nginx/sites-available/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- reverseproxy
|
- reverseproxy
|
||||||
- reverseproxy_redirect_dname
|
- reverseproxy_redirect_dname
|
||||||
|
|
@ -35,6 +38,7 @@
|
||||||
src: "/etc/nginx/sites-available/{{ item }}"
|
src: "/etc/nginx/sites-available/{{ item }}"
|
||||||
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- reverseproxy
|
- reverseproxy
|
||||||
- reverseproxy_redirect_dname
|
- reverseproxy_redirect_dname
|
||||||
|
|
@ -45,6 +49,7 @@
|
||||||
template:
|
template:
|
||||||
src: www/html/50x.html.j2
|
src: www/html/50x.html.j2
|
||||||
dest: /var/www/html/50x.html
|
dest: /var/www/html/50x.html
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Indicate role in motd
|
- name: Indicate role in motd
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -13,12 +13,14 @@
|
||||||
template:
|
template:
|
||||||
src: prometheus/prometheus.yml.j2
|
src: prometheus/prometheus.yml.j2
|
||||||
dest: /etc/prometheus/prometheus.yml
|
dest: /etc/prometheus/prometheus.yml
|
||||||
|
mode: 0644
|
||||||
notify: Restart Prometheus
|
notify: Restart Prometheus
|
||||||
|
|
||||||
- name: Configure Prometheus alert rules
|
- name: Configure Prometheus alert rules
|
||||||
template:
|
template:
|
||||||
src: "prometheus/{{ item }}.j2"
|
src: "prometheus/{{ item }}.j2"
|
||||||
dest: "/etc/prometheus/{{ item }}"
|
dest: "/etc/prometheus/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
notify: Restart Prometheus
|
notify: Restart Prometheus
|
||||||
loop:
|
loop:
|
||||||
- alert.rules.yml
|
- alert.rules.yml
|
||||||
|
|
@ -45,12 +47,14 @@
|
||||||
copy:
|
copy:
|
||||||
content: "{{ prometheus_targets | to_nice_json }}"
|
content: "{{ prometheus_targets | to_nice_json }}"
|
||||||
dest: /etc/prometheus/targets.json
|
dest: /etc/prometheus/targets.json
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
# We don't need to restart Prometheus when updating nodes
|
# We don't need to restart Prometheus when updating nodes
|
||||||
- name: Configure Prometheus Ubiquity Unifi SNMP devices
|
- name: Configure Prometheus Ubiquity Unifi SNMP devices
|
||||||
copy:
|
copy:
|
||||||
content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
|
content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
|
||||||
dest: /etc/prometheus/targets_unifi_snmp.json
|
dest: /etc/prometheus/targets_unifi_snmp.json
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Activate prometheus service
|
- name: Activate prometheus service
|
||||||
systemd:
|
systemd:
|
||||||
|
|
|
||||||
|
|
@ -5,11 +5,11 @@
|
||||||
- "deb"
|
- "deb"
|
||||||
- "deb-src"
|
- "deb-src"
|
||||||
|
|
||||||
|
|
||||||
- name: Ensure /var/www exists
|
- name: Ensure /var/www exists
|
||||||
file:
|
file:
|
||||||
name: "/var/www"
|
name: "/var/www"
|
||||||
state: directory
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
- name: Clone re2o repo
|
- name: Clone re2o repo
|
||||||
git:
|
git:
|
||||||
|
|
@ -22,11 +22,11 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}.j2"
|
src: "{{ item }}.j2"
|
||||||
dest: "/var/www/re2o/re2o/{{ item }}"
|
dest: "/var/www/re2o/re2o/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- settings_local.py
|
- settings_local.py
|
||||||
- local_routers.py
|
- local_routers.py
|
||||||
|
|
||||||
|
|
||||||
# What follows is a hideous abomination.
|
# What follows is a hideous abomination.
|
||||||
# Blame freeradius-python3 on backports.
|
# Blame freeradius-python3 on backports.
|
||||||
|
|
||||||
|
|
@ -41,6 +41,7 @@
|
||||||
template:
|
template:
|
||||||
src: freeradius-python3.postinst.j2
|
src: freeradius-python3.postinst.j2
|
||||||
dest: /var/lib/dpkg/info/freeradius-python3.postinst
|
dest: /var/lib/dpkg/info/freeradius-python3.postinst
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: reinstall broken package (this might fail too, for different reasons)
|
- name: reinstall broken package (this might fail too, for different reasons)
|
||||||
apt:
|
apt:
|
||||||
|
|
@ -69,6 +70,7 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}.j2"
|
src: "{{ item }}.j2"
|
||||||
dest: "/etc/freeradius/3.0/{{ item }}"
|
dest: "/etc/freeradius/3.0/{{ item }}"
|
||||||
|
mode: 0640
|
||||||
loop:
|
loop:
|
||||||
- sites-enabled/default
|
- sites-enabled/default
|
||||||
- sites-enabled/inner-tunnel
|
- sites-enabled/inner-tunnel
|
||||||
|
|
@ -77,6 +79,7 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}.j2"
|
src: "{{ item }}.j2"
|
||||||
dest: "/etc/freeradius/3.0/{{ item }}"
|
dest: "/etc/freeradius/3.0/{{ item }}"
|
||||||
|
mode: 0640
|
||||||
loop:
|
loop:
|
||||||
- clients.conf
|
- clients.conf
|
||||||
- proxy.conf
|
- proxy.conf
|
||||||
|
|
@ -113,6 +116,7 @@
|
||||||
template:
|
template:
|
||||||
src: "freeradius-logrotate.j2"
|
src: "freeradius-logrotate.j2"
|
||||||
dest: "/etc/logrotate.d/freeradius"
|
dest: "/etc/logrotate.d/freeradius"
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
|
||||||
# Database setup
|
# Database setup
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue