From 588db894a1cf1e4bc9c179d21f1ea768f91002ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= <xavi@verdnatura.es>
Date: Thu, 10 Oct 2024 16:12:29 +0200
Subject: [PATCH] Refs #8025 Rol debian-base. All task - Refactor from octal
 permissions to plain text

---
 roles/debian-base/tasks/bacula.yml    | 2 +-
 roles/debian-base/tasks/fail2ban.yml  | 2 +-
 roles/debian-base/tasks/motd.yml      | 2 +-
 roles/debian-base/tasks/profile.yml   | 2 +-
 roles/debian-base/tasks/relayhost.yml | 2 +-
 roles/debian-base/tasks/resolv.yml    | 2 +-
 roles/debian-base/tasks/ssh.yml       | 5 ++---
 roles/debian-base/tasks/timesync.yml  | 4 ++--
 roles/debian-base/tasks/vim.yml       | 2 +-
 roles/debian-base/tasks/vn-repo.yml   | 2 +-
 10 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml
index ef04a37..2cfcb6d 100644
--- a/roles/debian-base/tasks/bacula.yml
+++ b/roles/debian-base/tasks/bacula.yml
@@ -12,7 +12,7 @@
     dest: /etc/bacula/bacula-fd.conf
     owner: root
     group: bacula
-    mode: '0640'
+    mode: u=rw,g=r,o=
     backup: true
 - name: Restart Bacula FD service
   service:
diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian-base/tasks/fail2ban.yml
index 838e89e..a3ed3f1 100644
--- a/roles/debian-base/tasks/fail2ban.yml
+++ b/roles/debian-base/tasks/fail2ban.yml
@@ -8,5 +8,5 @@
     dest: /etc/fail2ban/jail.local
     owner: root
     group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
   notify: restart-fail2ban
diff --git a/roles/debian-base/tasks/motd.yml b/roles/debian-base/tasks/motd.yml
index a51f73b..486e705 100644
--- a/roles/debian-base/tasks/motd.yml
+++ b/roles/debian-base/tasks/motd.yml
@@ -2,6 +2,6 @@
   copy:
     src: motd
     dest: /etc/update-motd.d/90-vn
-    mode: '755'
+    mode: u=rwx,g=rx,o=rx
     owner: root
     group: root
diff --git a/roles/debian-base/tasks/profile.yml b/roles/debian-base/tasks/profile.yml
index 7b02471..e8df993 100644
--- a/roles/debian-base/tasks/profile.yml
+++ b/roles/debian-base/tasks/profile.yml
@@ -2,6 +2,6 @@
   copy:
     src: profile.sh
     dest: /etc/profile.d/vn.sh
-    mode: '644'
+    mode: u=rw,g=r,o=r
     owner: root
     group: root
diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml
index 13c46f5..dc04fe1 100644
--- a/roles/debian-base/tasks/relayhost.yml
+++ b/roles/debian-base/tasks/relayhost.yml
@@ -17,7 +17,7 @@
       dc_hide_mailname='true'
     state: present
     create: yes
-    mode: '0644'
+    mode: u=rw,g=r,o=r
   notify: update exim configuration
   register: exim_config
 - name: Force execution of handlers immediately
diff --git a/roles/debian-base/tasks/resolv.yml b/roles/debian-base/tasks/resolv.yml
index 60455c0..1ee5af7 100644
--- a/roles/debian-base/tasks/resolv.yml
+++ b/roles/debian-base/tasks/resolv.yml
@@ -17,6 +17,6 @@
     dest: /etc/resolv.conf
     owner: root
     group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
     backup: true
   when: not resolv_conf.stat.exists or not dns_configured
diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml
index 2179974..0eb418d 100644
--- a/roles/debian-base/tasks/ssh.yml
+++ b/roles/debian-base/tasks/ssh.yml
@@ -6,16 +6,15 @@
   register: new_pair
 - name: Configure sshd_config settings
   copy:
-    dest: /etc/ssh/sshd_config.d/custom.conf
+    dest: /etc/ssh/sshd_config.d/vn-custom.conf
     content: |
       # Do not edit this file! Ansible will overwrite it.
       
       ListenAddress 0.0.0.0
       SyslogFacility AUTH
-      permitRootLogin yes
     owner: root
     group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
 - name: Delete old host SSH keys
   file:
     path: "{{ item }}"
diff --git a/roles/debian-base/tasks/timesync.yml b/roles/debian-base/tasks/timesync.yml
index 103234f..57974cf 100644
--- a/roles/debian-base/tasks/timesync.yml
+++ b/roles/debian-base/tasks/timesync.yml
@@ -4,7 +4,7 @@
     state: directory
     owner: root
     group: root
-    mode: '0755'
+    mode: u=rwx,g=rx,o=rx
 - name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf
   copy:
     dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
@@ -14,7 +14,7 @@
       FallbackNTP={{ time_server_spain }}
     owner: root
     group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
   notify: restart systemd-timesyncd
 - name: Ensure systemd-timesyncd service is enabled and started
   service:
diff --git a/roles/debian-base/tasks/vim.yml b/roles/debian-base/tasks/vim.yml
index d89ef6f..2d40113 100644
--- a/roles/debian-base/tasks/vim.yml
+++ b/roles/debian-base/tasks/vim.yml
@@ -6,6 +6,6 @@
   copy:
     src: vimrc.local
     dest: /etc/vim/
-    mode: '644'
+    mode: u=rw,g=r,o=r
     owner: root
     group: root
\ No newline at end of file
diff --git a/roles/debian-base/tasks/vn-repo.yml b/roles/debian-base/tasks/vn-repo.yml
index c0fdfff..b8dc6b0 100644
--- a/roles/debian-base/tasks/vn-repo.yml
+++ b/roles/debian-base/tasks/vn-repo.yml
@@ -2,7 +2,7 @@
   get_url:
     url: "{{ vn_host.url }}/{{ vn_host.package }}"
     dest: "/tmp/{{ vn_host.package }}"
-    mode: '0644'
+    mode: u=rw,g=r,o=r
 - name: Install package
   apt:
     deb: "/tmp/{{ vn_host.package }}"