Refs #8025 Rol debian-base. All task - Refactor from octal permissions to plain text

2024-10-10 16:12:29 +02:00 · 2024-10-10 16:12:29 +02:00 · 588db894a1
parent 3e7771ba4c
commit 588db894a1
10 changed files with 12 additions and 13 deletions
--- a/roles/debian-base/tasks/bacula.yml
+++ b/roles/debian-base/tasks/bacula.yml
@ -12,7 +12,7 @@
    dest: /etc/bacula/bacula-fd.conf
    owner: root
    group: bacula
-    mode: '0640'
+    mode: u=rw,g=r,o=
    backup: true
 - name: Restart Bacula FD service
  service:
--- a/roles/debian-base/tasks/fail2ban.yml
+++ b/roles/debian-base/tasks/fail2ban.yml
@ -8,5 +8,5 @@
    dest: /etc/fail2ban/jail.local
    owner: root
    group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
  notify: restart-fail2ban
--- a/roles/debian-base/tasks/motd.yml
+++ b/roles/debian-base/tasks/motd.yml
@ -2,6 +2,6 @@
  copy:
    src: motd
    dest: /etc/update-motd.d/90-vn
-    mode: '755'
+    mode: u=rwx,g=rx,o=rx
    owner: root
    group: root
--- a/roles/debian-base/tasks/profile.yml
+++ b/roles/debian-base/tasks/profile.yml
@ -2,6 +2,6 @@
  copy:
    src: profile.sh
    dest: /etc/profile.d/vn.sh
-    mode: '644'
+    mode: u=rw,g=r,o=r
    owner: root
    group: root
--- a/roles/debian-base/tasks/relayhost.yml
+++ b/roles/debian-base/tasks/relayhost.yml
@ -17,7 +17,7 @@
      dc_hide_mailname='true'
    state: present
    create: yes
-    mode: '0644'
+    mode: u=rw,g=r,o=r
  notify: update exim configuration
  register: exim_config
 - name: Force execution of handlers immediately
--- a/roles/debian-base/tasks/resolv.yml
+++ b/roles/debian-base/tasks/resolv.yml
@ -17,6 +17,6 @@
    dest: /etc/resolv.conf
    owner: root
    group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
    backup: true
  when: not resolv_conf.stat.exists or not dns_configured
--- a/roles/debian-base/tasks/ssh.yml
+++ b/roles/debian-base/tasks/ssh.yml
@ -6,16 +6,15 @@
  register: new_pair
 - name: Configure sshd_config settings
  copy:
-    dest: /etc/ssh/sshd_config.d/custom.conf
+    dest: /etc/ssh/sshd_config.d/vn-custom.conf
    content: |
      # Do not edit this file! Ansible will overwrite it.
      
      ListenAddress 0.0.0.0
      SyslogFacility AUTH
-      permitRootLogin yes
    owner: root
    group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
 - name: Delete old host SSH keys
  file:
    path: "{{ item }}"
--- a/roles/debian-base/tasks/timesync.yml
+++ b/roles/debian-base/tasks/timesync.yml
@ -4,7 +4,7 @@
    state: directory
    owner: root
    group: root
-    mode: '0755'
+    mode: u=rwx,g=rx,o=rx
 - name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf
  copy:
    dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
@ -14,7 +14,7 @@
      FallbackNTP={{ time_server_spain }}
    owner: root
    group: root
-    mode: '0644'
+    mode: u=rw,g=r,o=r
  notify: restart systemd-timesyncd
 - name: Ensure systemd-timesyncd service is enabled and started
  service:
--- a/roles/debian-base/tasks/vim.yml
+++ b/roles/debian-base/tasks/vim.yml
@ -6,6 +6,6 @@
  copy:
    src: vimrc.local
    dest: /etc/vim/
-    mode: '644'
+    mode: u=rw,g=r,o=r
    owner: root
    group: root
--- a/roles/debian-base/tasks/vn-repo.yml
+++ b/roles/debian-base/tasks/vn-repo.yml
@ -2,7 +2,7 @@
  get_url:
    url: "{{ vn_host.url }}/{{ vn_host.package }}"
    dest: "/tmp/{{ vn_host.package }}"
-    mode: '0644'
+    mode: u=rw,g=r,o=r
 - name: Install package
  apt:
    deb: "/tmp/{{ vn_host.package }}"