aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/space_server/tasks')
-rw-r--r--roles/space_server/tasks/ansible.yml3
-rw-r--r--roles/space_server/tasks/avahi.yml3
-rw-r--r--roles/space_server/tasks/bird.yml11
-rw-r--r--roles/space_server/tasks/blackhole.yml8
-rw-r--r--roles/space_server/tasks/dhcpd.yml3
-rw-r--r--roles/space_server/tasks/kernel.yml11
-rw-r--r--roles/space_server/tasks/main.yml3
-rw-r--r--roles/space_server/tasks/networkd.yml12
-rw-r--r--roles/space_server/tasks/nftables.yml6
-rw-r--r--roles/space_server/tasks/radius.yml9
-rw-r--r--roles/space_server/tasks/radvd.yml9
-rw-r--r--roles/space_server/tasks/sudo.yml2
-rw-r--r--roles/space_server/tasks/unbound.yml6
13 files changed, 86 insertions, 0 deletions
diff --git a/roles/space_server/tasks/ansible.yml b/roles/space_server/tasks/ansible.yml
index 5dc74e2..15831c7 100644
--- a/roles/space_server/tasks/ansible.yml
+++ b/roles/space_server/tasks/ansible.yml
@@ -3,6 +3,9 @@
copy:
src: ansible/hosts
dest: '/etc/ansible/hosts'
+ owner: root
+ group: root
+ mode: 0644
- name: Configure ansible
ini_file:
diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml
index 1ed1e7c..df69753 100644
--- a/roles/space_server/tasks/avahi.yml
+++ b/roles/space_server/tasks/avahi.yml
@@ -84,6 +84,9 @@
template:
src: avahi/hosts.j2
dest: '/etc/avahi/hosts'
+ owner: root
+ group: root
+ mode: 0644
notify:
- restart avahi-daemon
diff --git a/roles/space_server/tasks/bird.yml b/roles/space_server/tasks/bird.yml
index 8f4e20b..0c49f5f 100644
--- a/roles/space_server/tasks/bird.yml
+++ b/roles/space_server/tasks/bird.yml
@@ -15,11 +15,16 @@
file:
dest: '/etc/bird'
state: directory
+ owner: root
+ group: root
mode: 0755
- name: Create bird configuration
copy:
src: '{{ item }}'
dest: '/etc/bird/'
+ owner: root
+ group: root
+ mode: 0644
with_fileglob:
- 'bird/*'
notify:
@@ -41,10 +46,16 @@
file:
dest: '/etc/systemd/system/bird6.service.d'
state: directory
+ owner: root
+ group: root
+ mode: 0755
- name: Start bird6 after networks are configured
copy:
src: wait-online.conf
dest: '/etc/systemd/system/bird6.service.d/wait-online.conf'
+ owner: root
+ group: root
+ mode: 0644
- name: Enable bird and bird6
systemd:
diff --git a/roles/space_server/tasks/blackhole.yml b/roles/space_server/tasks/blackhole.yml
index 2fd1b5e..dc41649 100644
--- a/roles/space_server/tasks/blackhole.yml
+++ b/roles/space_server/tasks/blackhole.yml
@@ -3,10 +3,15 @@
file:
dest: /etc/systemd/scripts
state: directory
+ owner: root
+ group: root
+ mode: 0755
- name: Install blackhole script
copy:
src: blackhole/blackhole.sh
dest: '/etc/systemd/scripts/blackhole.sh'
+ owner: root
+ group: root
mode: 0755
notify:
- restart blackhole
@@ -15,6 +20,9 @@
copy:
src: blackhole/blackhole.service
dest: '/etc/systemd/system/blackhole.service'
+ owner: root
+ group: root
+ mode: 0644
- name: Enable blackhole service
systemd:
diff --git a/roles/space_server/tasks/dhcpd.yml b/roles/space_server/tasks/dhcpd.yml
index 53ad1a6..4102d69 100644
--- a/roles/space_server/tasks/dhcpd.yml
+++ b/roles/space_server/tasks/dhcpd.yml
@@ -12,6 +12,9 @@
template:
src: dhcpd/dhcpd.conf.j2
dest: '/etc/dhcp/dhcpd.conf'
+ owner: root
+ group: root
+ mode: 0644
notify:
- restart dhcpd
diff --git a/roles/space_server/tasks/kernel.yml b/roles/space_server/tasks/kernel.yml
index 02e115c..9566763 100644
--- a/roles/space_server/tasks/kernel.yml
+++ b/roles/space_server/tasks/kernel.yml
@@ -3,11 +3,15 @@
file:
path: '/etc/kernel'
state: directory
+ owner: root
+ group: root
mode: 0755
- name: Make sure /etc/kernel/install.d exists
file:
path: '/etc/kernel/install.d'
state: directory
+ owner: root
+ group: root
mode: 0755
- name: Mask grubby
@@ -20,17 +24,24 @@
copy:
src: kernel/90-loaderentry.install
dest: '/etc/kernel/install.d/90-loaderentry.install'
+ owner: root
+ group: root
mode: 0755
- name: Create syslinux menu
copy:
src: kernel/95-syslinux-menu.install
dest: '/etc/kernel/install.d/95-syslinux-menu.install'
+ owner: root
+ group: root
mode: 0755
- name: Set kernel command line
template:
src: cmdline.j2
dest: '/etc/kernel/cmdline'
+ owner: root
+ group: root
+ mode: 0644
- name: Install kernel
dnf:
diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml
index bd65b52..ff7acb3 100644
--- a/roles/space_server/tasks/main.yml
+++ b/roles/space_server/tasks/main.yml
@@ -3,6 +3,9 @@
template:
src: fstab.j2
dest: /etc/fstab
+ owner: root
+ group: root
+ mode: 0644
tags:
- fstab
diff --git a/roles/space_server/tasks/networkd.yml b/roles/space_server/tasks/networkd.yml
index b46b728..9e8ca3c 100644
--- a/roles/space_server/tasks/networkd.yml
+++ b/roles/space_server/tasks/networkd.yml
@@ -3,6 +3,9 @@
file:
dest: '/etc/systemd/network'
state: directory
+ owner: root
+ group: root
+ mode: 0755
- name: Get current network config
shell: 'ls -1 /etc/systemd/network/'
check_mode: no
@@ -11,6 +14,9 @@
copy:
src: '{{ item }}'
dest: '/etc/systemd/network/'
+ owner: root
+ group: root
+ mode: 0644
with_fileglob:
- 'networkd/network/*'
register: network_files
@@ -29,10 +35,16 @@
file:
dest: '/etc/systemd/system/systemd-networkd-wait-online.service.d'
state: directory
+ owner: root
+ group: root
+ mode: 0755
- name: Don't wait for lan and mgt interfaces to come online
copy:
src: networkd/no-lan-mgt.conf
dest: '/etc/systemd/system/systemd-networkd-wait-online.service.d/no-lan-mgt.conf'
+ owner: root
+ group: root
+ mode: 0644
- name: Enable systemd-networkd
systemd:
diff --git a/roles/space_server/tasks/nftables.yml b/roles/space_server/tasks/nftables.yml
index ac5e441..07ea8d6 100644
--- a/roles/space_server/tasks/nftables.yml
+++ b/roles/space_server/tasks/nftables.yml
@@ -3,6 +3,9 @@
copy:
src: nftables/nftables.service
dest: '/etc/systemd/system/nftables.service'
+ owner: root
+ group: root
+ mode: 0644
- name: Install nftables package
dnf:
@@ -23,6 +26,9 @@
copy:
src: nftables/nftables.conf
dest: '/etc/nftables.conf'
+ owner: root
+ group: root
+ mode: 0644
notify:
- reload nftables
diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml
index 11ab1b0..fb66f9b 100644
--- a/roles/space_server/tasks/radius.yml
+++ b/roles/space_server/tasks/radius.yml
@@ -77,6 +77,9 @@
copy:
src: 'radius/{{ item }}'
dest: '/etc/systemd/system/{{ item }}'
+ owner: root
+ group: root
+ mode: 0644
with_items:
- getusers.service
- getusers.timer
@@ -100,10 +103,16 @@
file:
dest: '/etc/systemd/system/radiusd.service.d'
state: directory
+ owner: root
+ group: root
+ mode: 0755
- name: Start radiusd after networks are configured
copy:
src: wait-online.conf
dest: '/etc/systemd/system/radiusd.service.d/wait-online.conf'
+ owner: root
+ group: root
+ mode: 0644
- name: Enable radiusd service
systemd:
diff --git a/roles/space_server/tasks/radvd.yml b/roles/space_server/tasks/radvd.yml
index ec1be83..c546d1f 100644
--- a/roles/space_server/tasks/radvd.yml
+++ b/roles/space_server/tasks/radvd.yml
@@ -12,6 +12,9 @@
copy:
src: radvd/radvd.conf
dest: '/etc/radvd.conf'
+ owner: root
+ group: root
+ mode: 0644
notify:
- restart radvd
@@ -19,10 +22,16 @@
file:
dest: '/etc/systemd/system/radvd.service.d'
state: directory
+ owner: root
+ group: root
+ mode: 0755
- name: Start radvd after networks are configured
copy:
src: wait-online.conf
dest: '/etc/systemd/system/radvd.service.d/wait-online.conf'
+ owner: root
+ group: root
+ mode: 0644
- name: Enable radvd service
systemd:
diff --git a/roles/space_server/tasks/sudo.yml b/roles/space_server/tasks/sudo.yml
index b8497c3..8b65f4f 100644
--- a/roles/space_server/tasks/sudo.yml
+++ b/roles/space_server/tasks/sudo.yml
@@ -10,6 +10,8 @@
copy:
src: sudo/sudoers
dest: '/etc/sudoers'
+ owner: root
+ group: root
mode: 0440
validate: visudo -cf %s
diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml
index b11c338..ebac2cb 100644
--- a/roles/space_server/tasks/unbound.yml
+++ b/roles/space_server/tasks/unbound.yml
@@ -12,6 +12,9 @@
template:
src: unbound/unbound.conf.j2
dest: '/etc/unbound/unbound.conf'
+ owner: root
+ group: root
+ mode: 0644
notify:
- restart unbound
@@ -32,5 +35,8 @@
copy:
dest: /etc/resolv.conf
content: "nameserver 127.0.0.1\nnameserver ::1\n"
+ owner: root
+ group: root
+ mode: 0644
# vim: set ts=2 sw=2 et ft=yaml: