From 7cabc17c71c3ba35357f59884c47a127659e11bc 2024-09-03 14:53:33 From: Branko Majic Date: 2024-09-03 14:53:33 Subject: [PATCH] MAR-218: Quote all octal values in YAML files: - Fixes linting errors, and ensures there is no ambiguity in case of YAML specification changes. --- diff --git a/roles/backup/handlers/main.yml b/roles/backup/handlers/main.yml index c0bee1ff4dcfdc621f85de7c2d238d143a9fc00c..e80266417eef64beb96acdb1bfb3e87a05f4053e 100644 --- a/roles/backup/handlers/main.yml +++ b/roles/backup/handlers/main.yml @@ -6,5 +6,5 @@ src: "/etc/duply/main/patterns" owner: root group: root - mode: 0600 + mode: "0600" backup: true diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index 99f246de94523686618fd8ca6589a63364d47ac0..d4f756b5a9b53fee2b25f9d5577311219ff79b82 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -6,7 +6,7 @@ dest: "/etc/duply/main/patterns/{{ backup_patterns_filename }}" owner: root group: root - mode: 0600 + mode: "0600" notify: - Assemble Duply include patterns diff --git a/roles/backup_client/handlers/main.yml b/roles/backup_client/handlers/main.yml index 0b13694ad16178a674ac4f1c911308a109854571..bb42e51c762fc7dc69777db0c94b94f3e3778fbf 100644 --- a/roles/backup_client/handlers/main.yml +++ b/roles/backup_client/handlers/main.yml @@ -15,7 +15,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Import private keys # noqa no-changed-when # [no-changed-when] Commands should not change things if nothing needs doing diff --git a/roles/backup_client/molecule/default/converge.yml b/roles/backup_client/molecule/default/converge.yml index fe337508153b1db6ad31197e8bf927ed1393853b..01a6de15bf3f0a336c0f650bfb66c844806f00e9 100644 --- a/roles/backup_client/molecule/default/converge.yml +++ b/roles/backup_client/molecule/default/converge.yml @@ -18,4 +18,4 @@ dest: /etc/duply/main/pre.d/10-test-pre-backup.sh owner: root group: root - mode: 0700 + mode: "0700" diff --git a/roles/backup_client/molecule/default/prepare.yml b/roles/backup_client/molecule/default/prepare.yml index b9c64c0164bc2770650c363c7a852a97b48f6b1d..8bd2d5b25faf4c7e24752fd7809ceff043252cb5 100644 --- a/roles/backup_client/molecule/default/prepare.yml +++ b/roles/backup_client/molecule/default/prepare.yml @@ -26,7 +26,7 @@ dest: "{{ item.value }}" owner: root group: root - mode: 0600 + mode: "0600" with_dict: tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key @@ -56,7 +56,7 @@ dest: "/etc/ssh/sshd_config.d/chroot_backup_users.conf" owner: root group: root - mode: 0600 + mode: "0600" notify: - Restart ssh @@ -96,7 +96,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" with_items: "{{ backup_users }}" - name: Set-up duplicity backup directories @@ -105,7 +105,7 @@ state: directory owner: root group: backup-users - mode: 0770 + mode: "0770" with_items: "{{ backup_users }}" handlers: diff --git a/roles/backup_client/tasks/main.yml b/roles/backup_client/tasks/main.yml index 0f2b21ba8756f233a8cf0b807758a46dd4e8208d..c09f302722240da8b39868b7f2fe68bce8bd935d 100644 --- a/roles/backup_client/tasks/main.yml +++ b/roles/backup_client/tasks/main.yml @@ -13,7 +13,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" with_items: - "/etc/duply" - "/etc/duply/main" @@ -29,7 +29,7 @@ dest: "/etc/duply/main/private_keys.asc" owner: root group: root - mode: 0600 + mode: "0600" notify: - Remove current keyring - Create keyring directory @@ -42,7 +42,7 @@ dest: "/etc/duply/main/public_keys.asc" owner: root group: root - mode: 0600 + mode: "0600" notify: - Remove current keyring - Create keyring directory @@ -74,7 +74,7 @@ dest: "/etc/duply/main/ssh/identity" owner: root group: root - mode: 0600 + mode: "0600" no_log: true - name: Deploy custom known_hosts for backup purposes @@ -83,7 +83,7 @@ dest: "/etc/duply/main/ssh/known_hosts" owner: root group: root - mode: 0600 + mode: "0600" - name: Deploy Duply configuration file template: @@ -91,7 +91,7 @@ dest: "/etc/duply/main/conf" owner: root group: root - mode: 0600 + mode: "0600" - name: Deploy base exclude pattern (exclude all by default) copy: @@ -99,7 +99,7 @@ dest: "/etc/duply/main/exclude" owner: root group: root - mode: 0600 + mode: "0600" - name: Set-up directory for storing pre-backup scripts file: @@ -107,7 +107,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Set-up script for running all pre-backup scripts copy: @@ -115,7 +115,7 @@ dest: "/etc/duply/main/pre" owner: root group: root - mode: 0700 + mode: "0700" - name: Deploy crontab entry for running backups cron: @@ -134,7 +134,7 @@ force: false group: root owner: root - mode: 0600 + mode: "0600" - name: Explicitly run all handlers include_tasks: ../handlers/main.yml diff --git a/roles/backup_server/tasks/main.yml b/roles/backup_server/tasks/main.yml index 8f816272123687071d0caaa10a796b3fe9d14dbc..a77ff31150051e0956d88b102289b85ab4d88c42 100644 --- a/roles/backup_server/tasks/main.yml +++ b/roles/backup_server/tasks/main.yml @@ -13,7 +13,7 @@ state: directory owner: root group: root - mode: 0751 + mode: "0751" - name: Create backup client groups group: @@ -40,7 +40,7 @@ state: directory owner: root group: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" - mode: 0750 + mode: "0750" with_items: "{{ backup_clients }}" - name: Create duplicity directories for backup client users @@ -49,7 +49,7 @@ state: directory owner: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" group: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" - mode: 0770 + mode: "0770" with_items: "{{ backup_clients }}" - name: Create SSH directory for backup client users @@ -58,7 +58,7 @@ state: directory owner: root group: root - mode: 0751 + mode: "0751" with_items: "{{ backup_clients }}" - name: Populate authorized keys for backup client users @@ -75,7 +75,7 @@ state: file owner: root group: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}" - mode: 0640 + mode: "0640" with_items: "{{ backup_clients }}" - name: Deny the backup group login via regular SSH @@ -92,7 +92,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Deploy configuration file for the backup OpenSSH server instance service copy: @@ -100,7 +100,7 @@ dest: "/etc/default/ssh-backup" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart backup SSH server @@ -110,7 +110,7 @@ dest: "/etc/ssh-backup/sshd_config" owner: root group: root - mode: 0600 + mode: "0600" notify: - Restart backup SSH server @@ -120,7 +120,7 @@ dest: "/etc/ssh-backup/ssh_host_{{ item.key }}_key" owner: root group: root - mode: 0600 + mode: "0600" with_dict: "{{ backup_host_ssh_private_keys }}" notify: - Restart backup SSH server @@ -132,7 +132,7 @@ dest: "/etc/systemd/system/ssh-backup.service" owner: root group: root - mode: 0644 + mode: "0644" notify: - Reload systemd - Restart backup SSH server @@ -149,7 +149,7 @@ dest: "/etc/ferm/conf.d/40-backup.conf" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index 3a8e93f772f2b6e524a8c20c3310f923f5e67be3..1a412c52d1b7a5518767caa846dfbc85a92a68df 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -26,7 +26,7 @@ copy: src: "ansible_sudo" dest: "/etc/sudoers.d/ansible" - mode: 0640 + mode: "0640" owner: root group: root diff --git a/roles/common/molecule/default/converge.yml b/roles/common/molecule/default/converge.yml index e0bfdad39269d60ee6914dd7464e28e08846aaa3..c5feb2ad46188500960bb93dc23157a0502b7d11 100644 --- a/roles/common/molecule/default/converge.yml +++ b/roles/common/molecule/default/converge.yml @@ -17,7 +17,7 @@ state: directory owner: root group: pipreqcheck - mode: 0750 + mode: "0750" with_items: - "/tmp/pip_check_requirements_upgrades" - "/tmp/pip_check_requirements_upgrades/with_updates" @@ -29,8 +29,8 @@ dest: "/tmp/{{ item }}" owner: root group: pipreqcheck - mode: 0640 - directory_mode: 0750 + mode: "0640" + directory_mode: "0750" with_items: - "pip_check_requirements_upgrades/with_updates/requirements.in" - "pip_check_requirements_upgrades/with_updates/requirements.txt" @@ -48,7 +48,7 @@ dest: /etc/ferm/conf.d/99-http.conf owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm diff --git a/roles/common/molecule/default/prepare.yml b/roles/common/molecule/default/prepare.yml index 4563b65b26a9b63dbc131e22148e8a709809a912..58d895c7482b2afb250d8b8f398a2e85a4e579a6 100644 --- a/roles/common/molecule/default/prepare.yml +++ b/roles/common/molecule/default/prepare.yml @@ -70,7 +70,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: 192.168.56.21: parameters-mandatory-bookworm @@ -90,7 +90,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: 192.168.56.3: client1 @@ -140,7 +140,7 @@ state: directory owner: root group: root - mode: 0750 + mode: "0750" - name: Create deprecated directory for Python 3 virtual environment (pip requirements upgrade checks) file: @@ -148,7 +148,7 @@ state: directory owner: root group: root - mode: 0750 + mode: "0750" - name: Create deprecated cronjob file for Python 3 (pip requirements upgrade checks) file: @@ -156,7 +156,7 @@ state: touch owner: root group: root - mode: 0644 + mode: "0644" - name: Install the deprecated/obsolete NTP-related packages apt: diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 8a7516cc3966e2153c3b0468bc185bf2f69c271d..a00536bfd5690bab774f1e4e8058e0d18a3a478c 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -29,7 +29,7 @@ dest: "/etc/apt/apt.conf.d/00proxy" owner: root group: root - mode: 0644 + mode: "0644" when: apt_proxy is defined - name: Disable use of proxy for retrieving system packages via apt @@ -44,7 +44,7 @@ dest: "/usr/share/pam-configs/umask" owner: root group: root - mode: 0644 + mode: "0644" register: pam_umask notify: - Update PAM configuration @@ -81,7 +81,7 @@ dest: "/etc/profile.d/bash_prompt.sh" owner: root group: root - mode: 0644 + mode: "0644" - name: Deploy profile configuration that allows for user-specific profile.d files copy: @@ -89,7 +89,7 @@ dest: "/etc/profile.d/z99-user_profile_d.sh" owner: root group: root - mode: 0644 + mode: "0644" - name: Replace default and skeleton bashrc copy: @@ -97,7 +97,7 @@ dest: "{{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" with_dict: bashrc: "/etc/bash.bashrc" skel_bashrc: "/etc/skel/.bashrc" @@ -113,7 +113,7 @@ dest: "/root/.bashrc" owner: root group: root - mode: 0640 + mode: "0640" # Checksums: bookworm when: | root_bashrc_stat.stat.checksum == "1a422a148ad225aa5ba33f8dafd2b7cfcdbd701f" @@ -139,7 +139,7 @@ dest: "/etc/emacs/site-start.d/01disable-electric-indent-mode.el" owner: root group: root - mode: 0644 + mode: "0644" when: "['emacs24', 'emacs24-nox', 'emacs25', 'emacs25-nox', 'emacs', 'emacs-nox'] | intersect(common_packages) | length > 0" - name: Set-up operating system groups @@ -201,7 +201,7 @@ dest: "/usr/local/share/ca-certificates/{{ item.key }}.crt" owner: root group: root - mode: 0644 + mode: "0644" with_dict: "{{ ca_certificates }}" register: deploy_ca_certificates_result @@ -229,7 +229,7 @@ dest: /usr/sbin/ferm owner: root group: root - mode: 0755 + mode: "0755" notify: - Restart ferm @@ -244,7 +244,7 @@ dest: "/etc/default/ferm" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart ferm @@ -254,7 +254,7 @@ state: directory owner: root group: root - mode: 0750 + mode: "0750" - name: Deploy main ferm configuration file copy: @@ -262,7 +262,7 @@ dest: "/etc/ferm/ferm.conf" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm @@ -278,7 +278,7 @@ dest: "/etc/ferm/conf.d/00-base.conf" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm @@ -294,7 +294,7 @@ dest: "/usr/local/sbin/drop_legacy_iptables_rules.sh" owner: root group: root - mode: 0755 + mode: "0755" - name: Drop legacy iptables rules command: "/usr/local/sbin/drop_legacy_iptables_rules.sh remove" @@ -309,7 +309,7 @@ dest: "/usr/local/bin/check_certificate.sh" owner: root group: root - mode: 0755 + mode: "0755" - name: Set-up directory for holding configuration for certificate validation script file: @@ -317,7 +317,7 @@ state: "directory" owner: root group: root - mode: 0755 + mode: "0755" - name: Deploy crontab entry for checking certificates cron: @@ -410,7 +410,7 @@ state: directory owner: pipreqcheck group: pipreqcheck - mode: 0750 + mode: "0750" with_items: - "/var/lib/pipreqcheck" - "/var/lib/pipreqcheck/virtualenv" @@ -434,7 +434,7 @@ state: "directory" owner: root group: pipreqcheck - mode: 0750 + mode: "0750" with_items: - "/etc/pip_check_requirements_upgrades" @@ -444,7 +444,7 @@ state: "directory" owner: root group: pipreqcheck - mode: 0750 + mode: "0750" with_items: - "/etc/pip_check_requirements_upgrades/pipreqcheck" @@ -454,7 +454,7 @@ dest: "{{ item.path }}" owner: root group: pipreqcheck - mode: 0640 + mode: "0640" with_items: - path: "/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.in" requirements: "{{ pip_check_requirements_in }}" @@ -465,7 +465,7 @@ dest: "{{ item.file }}" owner: root group: pipreqcheck - mode: 0640 + mode: "0640" with_items: - file: "/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt" requirements: "{{ pip_check_requirements }}" @@ -495,7 +495,7 @@ dest: "/usr/local/bin/pip_check_requirements_upgrades.sh" owner: root group: root - mode: 0755 + mode: "0755" - name: Deploy crontab entry for checking pip requirements copy: @@ -503,7 +503,7 @@ dest: "/etc/cron.d/check_pip_requirements" owner: root group: root - mode: 0644 + mode: "0644" - name: Install NTP packages apt: @@ -528,7 +528,7 @@ dest: "/etc/ntpsec/ntp.conf" owner: root group: root - mode: 0644 + mode: "0644" when: ntp_pools | length > 0 notify: - Restart NTP server diff --git a/roles/database/tasks/backup.yml b/roles/database/tasks/backup.yml index 22971665b9b2e524edc873148ec80a7daef427fb..72656fc8481d9f9d0b3a05ca31da4204d094a1ff 100644 --- a/roles/database/tasks/backup.yml +++ b/roles/database/tasks/backup.yml @@ -6,7 +6,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" with_items: - "/srv/backup" - "/srv/backup/mariadb" @@ -17,4 +17,4 @@ dest: "/etc/duply/main/pre.d/dump_{{ db_name }}.sh" owner: root group: root - mode: 0700 + mode: "0700" diff --git a/roles/database_server/tasks/main.yml b/roles/database_server/tasks/main.yml index c43a467af2d8a4b7d4c47b5e31a3e366235bc278..d8d2d090760c255608a2012d4d35ec682ce17d98 100644 --- a/roles/database_server/tasks/main.yml +++ b/roles/database_server/tasks/main.yml @@ -20,7 +20,7 @@ dest: "/etc/mysql/mariadb.conf.d/90-utf8.cnf" owner: root group: root - mode: 0644 + mode: "0644" register: mariadb_utf8_configuration - name: Restart MariaDB in order to use UTF-8 as default character set # noqa no-handler diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml index 412f63b3f783264120d67caca83059aaaeee8cd5..c73295d26dc2d36ddaef2e8f0a32a47fce381985 100644 --- a/roles/ldap_client/tasks/main.yml +++ b/roles/ldap_client/tasks/main.yml @@ -11,7 +11,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Deploy LDAP client configuration file template: @@ -19,7 +19,7 @@ dest: /etc/ldap/ldap.conf owner: root group: root - mode: 0644 + mode: "0644" - name: Explicitly run all handlers include_tasks: ../handlers/main.yml diff --git a/roles/ldap_server/molecule/default/prepare.yml b/roles/ldap_server/molecule/default/prepare.yml index f39aa74bc1ae8d161c37032696a92716e05b7f75..a55be1d1c533968da81c2bc5f5c2c8460b825d5d 100644 --- a/roles/ldap_server/molecule/default/prepare.yml +++ b/roles/ldap_server/molecule/default/prepare.yml @@ -55,7 +55,7 @@ dest: /etc/ssl/certs/testca.cert.pem owner: root group: root - mode: 0644 + mode: "0644" - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320) file: @@ -87,7 +87,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: 192.168.56.21: parameters-mandatory-bookworm @@ -105,7 +105,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: 127.0.2.1: parameters-optional @@ -122,7 +122,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: 127.0.2.1: parameters-mandatory diff --git a/roles/ldap_server/tasks/backup.yml b/roles/ldap_server/tasks/backup.yml index 794ada3e06d31db3e59b38e3ea85da94429e4b23..14aff20fee7c1baada76ab88b316ff630aa114c3 100644 --- a/roles/ldap_server/tasks/backup.yml +++ b/roles/ldap_server/tasks/backup.yml @@ -6,7 +6,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" with_items: - "/srv/backup" @@ -16,4 +16,4 @@ dest: "/etc/duply/main/pre.d/ldapdump.sh" owner: root group: root - mode: 0700 + mode: "0700" diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml index 0bdb3a227199bc1665c837553d790274f2929422..37d4d516a65970125bcfdd0f569b20a122754e03 100644 --- a/roles/ldap_server/tasks/main.yml +++ b/roles/ldap_server/tasks/main.yml @@ -82,7 +82,7 @@ openssl_dhparam: owner: root group: openldap - mode: 0640 + mode: "0640" path: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.dh.pem" size: 2048 notify: @@ -92,7 +92,7 @@ template: src: "ldap_tls_key.j2" dest: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.key" - mode: 0640 + mode: "0640" owner: root group: openldap notify: @@ -102,7 +102,7 @@ template: src: "ldap_tls_cert.j2" dest: "/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem" - mode: 0644 + mode: "0644" owner: root group: root notify: @@ -114,7 +114,7 @@ dest: "/etc/check_certificate/{{ ansible_fqdn }}_ldap.conf" owner: root group: root - mode: 0644 + mode: "0644" # We need to have this hack around TLS configuration because OpenLDAP # expects both private key and certificate to be set at the same @@ -292,7 +292,7 @@ dest: "/etc/ferm/conf.d/10-ldap.conf" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm @@ -305,7 +305,7 @@ dest: "/root/.ldap_admin_password" owner: root group: root - mode: 0400 + mode: "0400" changed_when: false - name: Test if LDAP admin password needs to be changed diff --git a/roles/mail_forwarder/molecule/default/prepare.yml b/roles/mail_forwarder/molecule/default/prepare.yml index c5ccacceaaaec1b90204c81f24b8ffc2a0453add..2e7623a9266bc0949b623eef17fb2d2b02e7f879 100644 --- a/roles/mail_forwarder/molecule/default/prepare.yml +++ b/roles/mail_forwarder/molecule/default/prepare.yml @@ -54,7 +54,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: 192.168.56.11: "mail-server domain1" @@ -89,7 +89,7 @@ dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root - mode: 0644 + mode: "0644" notify: - Update CA certificate cache @@ -111,7 +111,7 @@ dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root - mode: 0644 + mode: "0644" notify: - Update CA certificate cache @@ -121,7 +121,7 @@ dest: "/etc/ssl/{{ item }}" owner: root group: root - mode: 0600 + mode: "0600" with_items: - mail-server_smtp.cert.pem - mail-server_smtp.key.pem @@ -143,7 +143,7 @@ dest: /etc/postfix/main.cf owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Postfix diff --git a/roles/mail_forwarder/tasks/main.yml b/roles/mail_forwarder/tasks/main.yml index ac4f96a3979379f3434207d6697635e209287ebb..247d66de50f442c34cb50c018feeeb7aa0c0569e 100644 --- a/roles/mail_forwarder/tasks/main.yml +++ b/roles/mail_forwarder/tasks/main.yml @@ -22,13 +22,13 @@ dest: "/etc/ssl/certs/smtp_relay_truststore.pem" owner: root group: root - mode: 0644 + mode: "0644" - name: Generate the SMTP server Diffie-Hellman parameter openssl_dhparam: owner: root group: root - mode: 0640 + mode: "0640" path: "/etc/ssl/private/{{ ansible_fqdn }}_smtp.dh.pem" size: 2048 notify: @@ -40,7 +40,7 @@ dest: "/etc/mailname" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Postfix @@ -50,7 +50,7 @@ dest: "/etc/postfix/main.cf" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Postfix @@ -108,7 +108,7 @@ dest: "/etc/ferm/conf.d/20-mail.conf" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm diff --git a/roles/mail_server/molecule/default/prepare.yml b/roles/mail_server/molecule/default/prepare.yml index a1c5ead800cb195659dac0677f037d61a1ae47a0..d17af227f5c44ae7dd3c4e8d6f5d6b45b0191156 100644 --- a/roles/mail_server/molecule/default/prepare.yml +++ b/roles/mail_server/molecule/default/prepare.yml @@ -83,7 +83,7 @@ state: directory owner: vagrant group: vagrant - mode: 0755 + mode: "0755" - name: Create virtual environment for running ClamAV database sync tool become: true @@ -98,7 +98,7 @@ dest: /var/lib/cvdupdate/requirements.txt owner: vagrant group: vagrant - mode: 0644 + mode: "0644" - name: Install requirements in the pipreqcheck virtual environment become: true @@ -110,7 +110,7 @@ - name: Allow traversal of Vagrant directory by the http server user file: path: /vagrant/ - mode: 0711 + mode: "0711" - name: Create directory for storing ClamAV database files file: @@ -118,7 +118,7 @@ state: directory owner: vagrant group: vagrant - mode: 0755 + mode: "0755" - name: Configure default location for storing ClamAV database files # noqa no-changed-when # [no-changed-when] Commands should not change things if nothing needs doing @@ -144,7 +144,7 @@ copy: dest: "/etc/ssl/private/nginx_https.key" content: "{{ clamav_database_http_server_tls_key }}" - mode: 0640 + mode: "0640" owner: root group: root notify: @@ -154,7 +154,7 @@ copy: dest: "/etc/ssl/certs/nginx_https.pem" content: "{{ clamav_database_http_server_tls_certificate }}" - mode: 0644 + mode: "0644" owner: root group: root notify: @@ -166,7 +166,7 @@ dest: /etc/nginx/sites-available/default owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart nginx @@ -197,7 +197,7 @@ CipherString = DEFAULT@SECLEVEL=0 owner: root group: root - mode: 0644 + mode: "0644" state: present - name: Set-up the hosts file @@ -207,7 +207,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: # Force mail servers to use local ClamAV database mirror. @@ -285,7 +285,7 @@ dest: "/home/vagrant/{{ item }}" owner: vagrant group: vagrant - mode: 0600 + mode: "0600" with_items: - imapcli-parameters-mandatory-john_doe.conf - imapcli-parameters-mandatory-jane_doe.conf @@ -298,7 +298,7 @@ dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root - mode: 0644 + mode: "0644" notify: - Update CA certificate cache @@ -322,7 +322,7 @@ dest: "/etc/postfix/main.cf" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Postfix diff --git a/roles/mail_server/tasks/main.yml b/roles/mail_server/tasks/main.yml index ab91828469b1a2a68b8fe4104dbd1d39d74e07f2..4024e27bc0efe4ff088893d6b5731906293ddc28 100644 --- a/roles/mail_server/tasks/main.yml +++ b/roles/mail_server/tasks/main.yml @@ -43,7 +43,7 @@ copy: dest: "/etc/ssl/private/{{ ansible_fqdn }}_smtp.key" content: "{{ smtp_tls_key }}" - mode: 0640 + mode: "0640" owner: root group: root notify: @@ -53,7 +53,7 @@ copy: dest: "/etc/ssl/certs/{{ ansible_fqdn }}_smtp.pem" content: "{{ smtp_tls_certificate }}" - mode: 0644 + mode: "0644" owner: root group: root notify: @@ -63,7 +63,7 @@ openssl_dhparam: owner: root group: root - mode: 0640 + mode: "0640" path: "/etc/ssl/private/{{ ansible_fqdn }}_smtp.dh.pem" size: 2048 notify: @@ -73,7 +73,7 @@ copy: dest: "/etc/ssl/private/{{ ansible_fqdn }}_imap.key" content: "{{ imap_tls_key }}" - mode: 0640 + mode: "0640" owner: root group: root notify: @@ -83,7 +83,7 @@ copy: dest: "/etc/ssl/certs/{{ ansible_fqdn }}_imap.pem" content: "{{ imap_tls_certificate }}" - mode: 0644 + mode: "0644" owner: root group: root notify: @@ -93,7 +93,7 @@ openssl_dhparam: owner: root group: root - mode: 0640 + mode: "0640" path: "/etc/ssl/private/{{ ansible_fqdn }}_imap.dh.pem" size: 2048 notify: @@ -105,7 +105,7 @@ dest: "/etc/check_certificate/{{ ansible_fqdn }}_{{ item }}.conf" owner: root group: root - mode: 0644 + mode: "0644" with_items: - smtp - imap @@ -124,7 +124,7 @@ copy: dest: "/etc/clamav/clamav-milter.conf" src: "clamav-milter.conf" - mode: 0644 + mode: "0644" owner: root group: root notify: @@ -133,7 +133,7 @@ - name: Set-up privileges for directories within Postfix chroot file: dest: "{{ item }}" - mode: 0755 + mode: "0755" state: directory owner: root group: root @@ -147,7 +147,7 @@ state: directory owner: clamav group: clamav - mode: 0755 + mode: "0755" with_items: - /var/spool/postfix/var/run/clamav @@ -157,7 +157,7 @@ dest: "/etc/ssl/certs/mail_ldap_tls_truststore.pem" owner: root group: root - mode: 0644 + mode: "0644" - name: Deploy the LDAP TLS truststore in Postfix chroot copy: @@ -165,7 +165,7 @@ dest: "/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Postfix @@ -175,7 +175,7 @@ dest: "/etc/mailname" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Postfix @@ -185,7 +185,7 @@ dest: "/etc/postfix/{{ item }}.cf" owner: root group: postfix - mode: 0640 + mode: "0640" with_items: - ldap-virtual-alias-maps - ldap-virtual-mailbox-domains @@ -199,7 +199,7 @@ dest: "/etc/postfix/main.cf" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Postfix @@ -241,7 +241,7 @@ dest: "/etc/dovecot/conf.d/99-local.conf" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Dovecot @@ -251,7 +251,7 @@ dest: "/etc/dovecot/dovecot-ldap.conf.ext" owner: root group: root - mode: 0600 + mode: "0600" notify: - Restart Dovecot @@ -261,7 +261,7 @@ dest: "/etc/postfix/master.cf" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Postfix @@ -320,7 +320,7 @@ dest: "/etc/ferm/conf.d/20-mail.conf" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm diff --git a/roles/php_website/molecule/default/converge.yml b/roles/php_website/molecule/default/converge.yml index 237294d609fb4b30448d8d0dec30bbca8c3706c9..281a31735ae19720b7467fa2524f292fe2878c33 100644 --- a/roles/php_website/molecule/default/converge.yml +++ b/roles/php_website/molecule/default/converge.yml @@ -62,7 +62,7 @@ state: directory owner: admin-parameters-mandatory group: web-parameters-mandatory - mode: 0750 + mode: "0750" - name: Deploy a couple of PHP pages for testing purposes copy: @@ -70,7 +70,7 @@ dest: "/var/www/parameters-mandatory/htdocs/{{ item }}" owner: admin-parameters-mandatory group: web-parameters-mandatory - mode: 0640 + mode: "0640" with_items: - index.php - index.php3 @@ -82,7 +82,7 @@ state: directory owner: admin-parameters-optional_local group: web-parameters-optional_local - mode: 0750 + mode: "0750" - name: Deploy a couple of PHP pages for testing purposes copy: @@ -90,7 +90,7 @@ dest: "/var/www/parameters-optional.local/htdocs/{{ item }}" owner: admin-parameters-optional_local group: web-parameters-optional_local - mode: 0640 + mode: "0640" with_items: - myindex.php - myindex.myphp diff --git a/roles/php_website/tasks/main.yml b/roles/php_website/tasks/main.yml index 4f459d2658fa4c18d482e774f21139bab3b523d4..13751868d871a4bd4d35d18b13d8a950754d76c4 100644 --- a/roles/php_website/tasks/main.yml +++ b/roles/php_website/tasks/main.yml @@ -22,7 +22,7 @@ state: directory owner: "{{ admin }}" group: "{{ user }}" - mode: 0750 + mode: "0750" - name: Create PHP website user user: @@ -55,7 +55,7 @@ dest: "{{ home }}/.forward" owner: root group: "{{ user }}" - mode: 0640 + mode: "0640" - name: Install extra packages for website apt: @@ -69,7 +69,7 @@ validate: "{{ php_fpm_binary }} -t -y %s" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart PHP-FPM @@ -79,7 +79,7 @@ content: "{{ https_tls_key }}" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart nginx @@ -89,7 +89,7 @@ content: "{{ https_tls_certificate }}" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart nginx @@ -99,7 +99,7 @@ dest: "/etc/check_certificate/{{ fqdn }}_https.conf" owner: root group: root - mode: 0644 + mode: "0644" - name: Deploy nginx configuration file for website template: @@ -107,7 +107,7 @@ dest: "/etc/nginx/sites-available/{{ fqdn }}" owner: root group: root - mode: 0640 + mode: "0640" validate: "/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s" notify: - Restart nginx diff --git a/roles/preseed/tasks/main.yml b/roles/preseed/tasks/main.yml index f35f0b9861650689ddaaa4d44d850429c58f8b36..a46d16b73e4949bb767031ecbe6e4821162146a3 100644 --- a/roles/preseed/tasks/main.yml +++ b/roles/preseed/tasks/main.yml @@ -3,14 +3,14 @@ - name: Create directory for storing preseed configurations file: path: "{{ preseed_directory }}" - mode: 0750 + mode: "0750" state: directory - name: Create preseed configuration file template: src: "preseed.cfg.j2" dest: "{{ preseed_directory }}/{{ item }}.cfg" - mode: 0640 + mode: "0640" when: item != "localhost" with_items: "{{ groups['all'] }}" diff --git a/roles/web_server/molecule/default/prepare.yml b/roles/web_server/molecule/default/prepare.yml index 21e3c3a55967f9d91f35b6ee3033ace8cb0d69d3..4e4b727b882399cd82335e66f3f884a9d0bc03e8 100644 --- a/roles/web_server/molecule/default/prepare.yml +++ b/roles/web_server/molecule/default/prepare.yml @@ -76,7 +76,7 @@ CipherString = DEFAULT@SECLEVEL=0 owner: root group: root - mode: 0644 + mode: "0644" state: present - name: Prepare, test fixtures @@ -91,7 +91,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: 192.168.56.11: "client" @@ -124,7 +124,7 @@ dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root - mode: 0644 + mode: "0644" notify: - Update CA certificate cache diff --git a/roles/web_server/tasks/main.yml b/roles/web_server/tasks/main.yml index 46f3ff46d3ec9e277b38a68e91a4eb70aada8ec9..5231de98a857f8f8c810a65b7cde8a08adfd63cc 100644 --- a/roles/web_server/tasks/main.yml +++ b/roles/web_server/tasks/main.yml @@ -17,7 +17,7 @@ copy: dest: "/etc/ssl/private/{{ ansible_fqdn }}_https.key" content: "{{ default_https_tls_key }}" - mode: 0640 + mode: "0640" owner: root group: root notify: @@ -27,7 +27,7 @@ copy: dest: "/etc/ssl/certs/{{ ansible_fqdn }}_https.pem" content: "{{ default_https_tls_certificate }}" - mode: 0644 + mode: "0644" owner: root group: root notify: @@ -37,7 +37,7 @@ openssl_dhparam: owner: root group: root - mode: 0640 + mode: "0640" path: "/etc/ssl/private/{{ ansible_fqdn }}_https.dh.pem" size: 2048 notify: @@ -49,7 +49,7 @@ dest: "/etc/check_certificate/{{ ansible_fqdn }}_https.conf" owner: root group: root - mode: 0644 + mode: "0644" - name: Remove TLS protocol configuration from the main configuration file lineinfile: @@ -66,7 +66,7 @@ src: "tls.conf.j2" owner: "root" group: "root" - mode: 0644 + mode: "0644" notify: - Restart nginx @@ -76,7 +76,7 @@ dest: "/usr/local/bin/nginx_verify_site.sh" owner: root group: root - mode: 0755 + mode: "0755" - name: Deploy default vhost configuration template: @@ -84,7 +84,7 @@ dest: "/etc/nginx/sites-available/default" owner: root group: root - mode: 0640 + mode: "0640" validate: "/usr/local/bin/nginx_verify_site.sh -n default %s" notify: - Restart nginx @@ -103,7 +103,7 @@ dest: "/etc/ferm/conf.d/30-web.conf" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm @@ -121,7 +121,7 @@ state: directory owner: root group: www-data - mode: 0750 + mode: "0750" - name: Deploy the default index.html template: @@ -129,7 +129,7 @@ dest: /var/www/default/index.html owner: root group: www-data - mode: 0640 + mode: "0640" - name: Enable nginx service service: @@ -156,7 +156,7 @@ state: directory owner: root group: www-data - mode: 0750 + mode: "0750" with_items: - wsgi - php @@ -167,7 +167,7 @@ dest: "/etc/tmpfiles.d/{{ item.tmpfiles_d }}" owner: root group: root - mode: 0644 + mode: "0644" with_items: - socket_dir: wsgi tmpfiles_d: "wsgi.conf" @@ -180,7 +180,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Configure PHP-FPM service to run with umask 0007 copy: @@ -188,7 +188,7 @@ dest: "/etc/systemd/system/{{ php_fpm_service_name }}.service.d/umask.conf" owner: root group: root - mode: 0644 + mode: "0644" notify: - Reload systemd - Restart PHP-FPM @@ -210,7 +210,7 @@ dest: "{{ item }}/30-timezone.ini" owner: root group: root - mode: 0644 + mode: "0644" with_items: - "{{ php_base_config_dir }}/cli/conf.d/" - "{{ php_base_config_dir }}/fpm/conf.d/" diff --git a/roles/wsgi_website/molecule/default/converge.yml b/roles/wsgi_website/molecule/default/converge.yml index dde593bf8abab9b6cecfe1b999ed0ff1eb5618e6..1ecfd890eee621f7c78902930f70da3f9f0b21f4 100644 --- a/roles/wsgi_website/molecule/default/converge.yml +++ b/roles/wsgi_website/molecule/default/converge.yml @@ -102,7 +102,7 @@ state: directory owner: admin-parameters-mandatory group: web-parameters-mandatory - mode: 02750 + mode: "02750" with_items: - htdocs/static - htdocs/media @@ -113,7 +113,7 @@ dest: "/var/www/parameters-mandatory/code/testapp.py" owner: admin-parameters-mandatory group: web-parameters-mandatory - mode: 0640 + mode: "0640" notify: - Restart parameters-mandatory - name: Deploy a static file @@ -122,14 +122,14 @@ dest: "/var/www/parameters-mandatory/htdocs/static/static_file.txt" owner: admin-parameters-mandatory group: web-parameters-mandatory - mode: 0640 + mode: "0640" - name: Deploy a media file copy: src: "tests/data/media_file.txt" dest: "/var/www/parameters-mandatory/htdocs/media/media_file.txt" owner: admin-parameters-mandatory group: web-parameters-mandatory - mode: 0640 + mode: "0640" # parameters-optional application - name: Set-up directories where application files are hosted at @@ -138,7 +138,7 @@ state: directory owner: admin-parameters-optional_local group: web-parameters-optional_local - mode: 02750 + mode: "02750" with_items: - htdocs/static - htdocs/media @@ -149,7 +149,7 @@ dest: "/var/www/parameters-optional.local/code/testapp.py" owner: admin-parameters-optional_local group: web-parameters-optional_local - mode: 0640 + mode: "0640" notify: - Restart parameters-optional.local - name: Deploy a static file @@ -158,14 +158,14 @@ dest: "/var/www/parameters-optional.local/htdocs/static/static_file.txt" owner: admin-parameters-optional_local group: web-parameters-optional_local - mode: 0640 + mode: "0640" - name: Deploy a media file copy: src: "tests/data/media_file.txt" dest: "/var/www/parameters-optional.local/htdocs/media/media_file.txt" owner: admin-parameters-optional_local group: web-parameters-optional_local - mode: 0640 + mode: "0640" # parameters-paste-req application - name: Set-up directories where application files are hosted at @@ -174,7 +174,7 @@ state: directory owner: admin-parameters-paste-req group: web-parameters-paste-req - mode: 02750 + mode: "02750" with_items: - htdocs/static - htdocs/media @@ -185,7 +185,7 @@ dest: "/var/www/parameters-paste-req/code/{{ item }}" owner: admin-parameters-paste-req group: web-parameters-paste-req - mode: 0640 + mode: "0640" with_items: - config.ini - testapp.py @@ -198,14 +198,14 @@ dest: "/var/www/parameters-paste-req/htdocs/static/static_file.txt" owner: admin-parameters-paste-req group: web-parameters-paste-req - mode: 0640 + mode: "0640" - name: Deploy a media file copy: src: "tests/data/media_file.txt" dest: "/var/www/parameters-paste-req/htdocs/media/media_file.txt" owner: admin-parameters-paste-req group: web-parameters-paste-req - mode: 0640 + mode: "0640" handlers: - name: Restart parameters-mandatory diff --git a/roles/wsgi_website/tasks/main.yml b/roles/wsgi_website/tasks/main.yml index 0489dd01f93d375aea3dfddd1b848535fb7fd90f..d2d9a8f521a4767f6112386b2a7e8094a7c33ccd 100644 --- a/roles/wsgi_website/tasks/main.yml +++ b/roles/wsgi_website/tasks/main.yml @@ -22,7 +22,7 @@ state: directory owner: "{{ admin }}" group: "{{ user }}" - mode: 0750 + mode: "0750" - name: Deploy profile configuration file for auto-activating the virtual environment copy: @@ -30,7 +30,7 @@ dest: "{{ home }}/.profile.d/virtualenv.sh" owner: root group: "{{ user }}" - mode: 0640 + mode: "0640" - name: Deploy profile configuration file for setting environment variables template: @@ -38,7 +38,7 @@ dest: "{{ home }}/.profile.d/environment.sh" owner: root group: "{{ user }}" - mode: 0640 + mode: "0640" - name: Create WSGI website user user: @@ -71,7 +71,7 @@ dest: "{{ home }}/.forward" owner: root group: "{{ user }}" - mode: 0640 + mode: "0640" - name: Install extra packages for website apt: @@ -128,7 +128,7 @@ state: directory owner: "{{ admin }}" group: "{{ user }}" - mode: 02750 + mode: "02750" - name: Create Python virtual environment command: '/usr/bin/virtualenv --python "{{ python_interpreter }}" --prompt "{{ virtualenv_prompt }}" "{{ home }}/virtualenv"' @@ -143,7 +143,7 @@ dest: "{{ home }}/virtualenv/.project" owner: "{{ admin }}" group: "{{ user }}" - mode: 0640 + mode: "0640" - name: Deploy virtualenv wrapper template: @@ -151,7 +151,7 @@ dest: "{{ home }}/virtualenv/bin/exec" owner: "{{ admin }}" group: "{{ user }}" - mode: 0750 + mode: "0750" - name: Set-up directory for storing requirements file for upgrade checks file: @@ -159,7 +159,7 @@ state: directory owner: root group: pipreqcheck - mode: 0750 + mode: "0750" - name: Deploy WSGI requirements files for upgrade checks template: @@ -167,7 +167,7 @@ dest: "{{ pip_check_requirements_upgrades_directory }}/{{ fqdn }}/{{ item }}" owner: root group: pipreqcheck - mode: 0640 + mode: "0640" with_items: - wsgi_requirements.in - wsgi_requirements.txt @@ -178,7 +178,7 @@ dest: "{{ home }}/.wsgi_requirements.txt" owner: "{{ admin }}" group: "{{ user }}" - mode: 0640 + mode: "0640" - name: Install Gunicorn via requirements file become: true @@ -209,7 +209,7 @@ dest: "/etc/systemd/system/{{ fqdn }}.socket" owner: root group: root - mode: 0644 + mode: "0644" register: deploy_systemd_socket_configuration notify: - Reload systemd @@ -221,7 +221,7 @@ dest: "/etc/systemd/system/{{ fqdn }}.service" owner: root group: root - mode: 0644 + mode: "0644" register: deploy_systemd_service_configuration notify: - Reload systemd @@ -239,7 +239,7 @@ state: directory owner: "{{ admin }}" group: "{{ user }}" - mode: 02750 + mode: "02750" - name: Deploy nginx TLS private key for website copy: @@ -247,7 +247,7 @@ content: "{{ https_tls_key }}" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart nginx @@ -257,7 +257,7 @@ content: "{{ https_tls_certificate }}" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart nginx @@ -267,7 +267,7 @@ dest: "/etc/check_certificate/{{ fqdn }}_https.conf" owner: root group: root - mode: 0644 + mode: "0644" - name: Deploy nginx configuration file for website template: @@ -275,7 +275,7 @@ dest: "/etc/nginx/sites-available/{{ fqdn }}" owner: root group: root - mode: 0640 + mode: "0640" validate: "/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s" notify: - Restart nginx diff --git a/roles/xmpp_server/molecule/default/prepare.yml b/roles/xmpp_server/molecule/default/prepare.yml index 3565f16c730c0e26cf1ff9e6ab1ec3af786b59e8..2812c9662ec7594f387b3ebe317f216fe175c96a 100644 --- a/roles/xmpp_server/molecule/default/prepare.yml +++ b/roles/xmpp_server/molecule/default/prepare.yml @@ -94,7 +94,7 @@ CipherString = DEFAULT@SECLEVEL=0 owner: root group: root - mode: 0644 + mode: "0644" state: present - name: Set-up the hosts file @@ -104,7 +104,7 @@ line: "{{ item.key }} {{ item.value }}" owner: root group: root - mode: 0644 + mode: "0644" state: present with_dict: 192.168.56.11: "ldap-server backup-server" @@ -128,7 +128,7 @@ dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root - mode: 0644 + mode: "0644" notify: - Update CA certificate cache @@ -159,7 +159,7 @@ dest: "~user/{{ item.jid }}.cfg" owner: user group: user - mode: 0600 + mode: "0600" with_items: - jid: john.doe@domain1 password: johnpassword @@ -280,4 +280,4 @@ dest: "/usr/local/bin/list_prosody_modules.lua" owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/xmpp_server/tasks/main.yml b/roles/xmpp_server/tasks/main.yml index b80153e1d539b591c2eb9a67897921216f552c5c..6f344d9686dd1c5a062a5e845cd6eb85d11796ab 100644 --- a/roles/xmpp_server/tasks/main.yml +++ b/roles/xmpp_server/tasks/main.yml @@ -9,7 +9,7 @@ dest: /etc/apt/sources.list.d/backports.list owner: root group: root - mode: 0644 + mode: "0644" register: backports_repository_configuration - name: Update apt cache if backports repository configuration changed (for immediate use) # noqa no-handler @@ -50,7 +50,7 @@ content: "{{ xmpp_tls_key }}" owner: root group: prosody - mode: 0640 + mode: "0640" notify: - Restart Prosody @@ -60,7 +60,7 @@ content: "{{ xmpp_tls_certificate }}" owner: root group: root - mode: 0644 + mode: "0644" notify: - Restart Prosody @@ -68,7 +68,7 @@ openssl_dhparam: owner: root group: prosody - mode: 0640 + mode: "0640" path: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem" size: 2048 notify: @@ -80,7 +80,7 @@ dest: "/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf" owner: root group: root - mode: 0644 + mode: "0644" - name: Deploy script for validating Prosody certificate copy: @@ -88,7 +88,7 @@ dest: "/usr/local/bin/check_prosody_certificate.sh" owner: root group: root - mode: 0755 + mode: "0755" - name: Set-up crontab task that runs the Prosody certificate checker script once a day copy: @@ -96,7 +96,7 @@ dest: "/etc/cron.d/check_prosody_certificate" owner: root group: root - mode: 0644 + mode: "0644" - name: Deploy LDAP client configuration (for validating LDAP server certificate) copy: @@ -104,7 +104,7 @@ dest: "/var/lib/prosody/.ldaprc" owner: root group: prosody - mode: 0640 + mode: "0640" notify: - Restart Prosody @@ -114,7 +114,7 @@ dest: "/etc/prosody/prosody.cfg.lua" owner: root group: prosody - mode: 0640 + mode: "0640" notify: - Restart Prosody @@ -130,7 +130,7 @@ dest: "/etc/ferm/conf.d/30-xmpp.conf" owner: root group: root - mode: 0640 + mode: "0640" notify: - Restart ferm