Refs #8025 Rol debian-base. All task - Refactor from octal permissions to plain text

roles/debian-base/tasks/bacula.yml

@@ -12,7 +12,7 @@
     dest: /etc/bacula/bacula-fd.conf
     owner: root
     group: bacula
-    mode: '0640'
+    mode: u=rw,g=r,o=
     backup: true
 - name: Restart Bacula FD service
   service:

roles/debian-base/tasks/fail2ban.yml

@@ -8,5 +8,5 @@
     dest: /etc/fail2ban/jail.local
     owner: root
     group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
   notify: restart-fail2ban

roles/debian-base/tasks/motd.yml

@@ -2,6 +2,6 @@
   copy:
     src: motd
     dest: /etc/update-motd.d/90-vn
-    mode: '755'
+    mode: u=rwx,g=rx,o=rx
     owner: root
     group: root

roles/debian-base/tasks/profile.yml

@@ -2,6 +2,6 @@
   copy:
     src: profile.sh
     dest: /etc/profile.d/vn.sh
-    mode: '644'
+    mode: u=rw,g=r,o=r
     owner: root
     group: root

roles/debian-base/tasks/relayhost.yml

@@ -17,7 +17,7 @@
       dc_hide_mailname='true'
     state: present
     create: yes
-    mode: '0644'
+    mode: u=rw,g=r,o=r
   notify: update exim configuration
   register: exim_config
 - name: Force execution of handlers immediately

roles/debian-base/tasks/resolv.yml

@@ -17,6 +17,6 @@
     dest: /etc/resolv.conf
     owner: root
     group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
     backup: true
   when: not resolv_conf.stat.exists or not dns_configured

roles/debian-base/tasks/ssh.yml

@@ -6,16 +6,15 @@
   register: new_pair
 - name: Configure sshd_config settings
   copy:
-    dest: /etc/ssh/sshd_config.d/custom.conf
+    dest: /etc/ssh/sshd_config.d/vn-custom.conf
     content: |
       # Do not edit this file! Ansible will overwrite it.
       
       ListenAddress 0.0.0.0
       SyslogFacility AUTH
-      permitRootLogin yes
     owner: root
     group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
 - name: Delete old host SSH keys
   file:
     path: "{{ item }}"

roles/debian-base/tasks/timesync.yml

@@ -4,7 +4,7 @@
     state: directory
     owner: root
     group: root
-    mode: '0755'
+    mode: u=rwx,g=rx,o=rx
 - name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf
   copy:
     dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
@@ -14,7 +14,7 @@
       FallbackNTP={{ time_server_spain }}
     owner: root
     group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
   notify: restart systemd-timesyncd
 - name: Ensure systemd-timesyncd service is enabled and started
   service:

roles/debian-base/tasks/vim.yml

@@ -6,6 +6,6 @@
   copy:
     src: vimrc.local
     dest: /etc/vim/
-    mode: '644'
+    mode: u=rw,g=r,o=r
     owner: root
     group: root

roles/debian-base/tasks/vn-repo.yml

@@ -2,7 +2,7 @@
   get_url:
     url: "{{ vn_host.url }}/{{ vn_host.package }}"
     dest: "/tmp/{{ vn_host.package }}"
-    mode: '0644'
+    mode: u=rw,g=r,o=r
 - name: Install package
   apt:
     deb: "/tmp/{{ vn_host.package }}"