From fdbcde2e9a7027979d0d786f41df2e104644b517 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Sun, 23 Sep 2018 20:51:09 +0200 Subject: Add owner, group and mode to all created files --- roles/fedora/tasks/hostname.yml | 3 +++ roles/fedora/tasks/locale.yml | 3 +++ roles/root_env/tasks/main.yml | 7 +++++++ roles/space_server/tasks/ansible.yml | 3 +++ roles/space_server/tasks/avahi.yml | 3 +++ roles/space_server/tasks/bird.yml | 11 +++++++++++ roles/space_server/tasks/blackhole.yml | 8 ++++++++ roles/space_server/tasks/dhcpd.yml | 3 +++ roles/space_server/tasks/kernel.yml | 11 +++++++++++ roles/space_server/tasks/main.yml | 3 +++ roles/space_server/tasks/networkd.yml | 12 ++++++++++++ roles/space_server/tasks/nftables.yml | 6 ++++++ roles/space_server/tasks/radius.yml | 9 +++++++++ roles/space_server/tasks/radvd.yml | 9 +++++++++ roles/space_server/tasks/sudo.yml | 2 ++ roles/space_server/tasks/unbound.yml | 6 ++++++ 16 files changed, 99 insertions(+) diff --git a/roles/fedora/tasks/hostname.yml b/roles/fedora/tasks/hostname.yml index 2e755ca..f9bf0c1 100644 --- a/roles/fedora/tasks/hostname.yml +++ b/roles/fedora/tasks/hostname.yml @@ -7,6 +7,9 @@ copy: dest: /etc/hostname content: "{{ hostname }}\n" + owner: root + group: root + mode: 0644 when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/fedora/tasks/locale.yml b/roles/fedora/tasks/locale.yml index 61311e0..d578a40 100644 --- a/roles/fedora/tasks/locale.yml +++ b/roles/fedora/tasks/locale.yml @@ -3,5 +3,8 @@ template: src: locale.conf.j2 dest: /etc/locale.conf + owner: root + group: root + mode: 0644 # vim: set ts=2 sw=2 et: diff --git a/roles/root_env/tasks/main.yml b/roles/root_env/tasks/main.yml index 2a0e04f..a4cee39 100644 --- a/roles/root_env/tasks/main.yml +++ b/roles/root_env/tasks/main.yml @@ -3,9 +3,16 @@ copy: src: files/bash_profile.sh dest: /root/.bash_profile + owner: root + group: root + mode: 0644 + - name: root .bashrc template: src: files/bashrc.sh.j2 dest: /root/.bashrc + owner: root + group: root + mode: 0644 # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/ansible.yml b/roles/space_server/tasks/ansible.yml index 5dc74e2..15831c7 100644 --- a/roles/space_server/tasks/ansible.yml +++ b/roles/space_server/tasks/ansible.yml @@ -3,6 +3,9 @@ copy: src: ansible/hosts dest: '/etc/ansible/hosts' + owner: root + group: root + mode: 0644 - name: Configure ansible ini_file: diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml index 1ed1e7c..df69753 100644 --- a/roles/space_server/tasks/avahi.yml +++ b/roles/space_server/tasks/avahi.yml @@ -84,6 +84,9 @@ template: src: avahi/hosts.j2 dest: '/etc/avahi/hosts' + owner: root + group: root + mode: 0644 notify: - restart avahi-daemon diff --git a/roles/space_server/tasks/bird.yml b/roles/space_server/tasks/bird.yml index 8f4e20b..0c49f5f 100644 --- a/roles/space_server/tasks/bird.yml +++ b/roles/space_server/tasks/bird.yml @@ -15,11 +15,16 @@ file: dest: '/etc/bird' state: directory + owner: root + group: root mode: 0755 - name: Create bird configuration copy: src: '{{ item }}' dest: '/etc/bird/' + owner: root + group: root + mode: 0644 with_fileglob: - 'bird/*' notify: @@ -41,10 +46,16 @@ file: dest: '/etc/systemd/system/bird6.service.d' state: directory + owner: root + group: root + mode: 0755 - name: Start bird6 after networks are configured copy: src: wait-online.conf dest: '/etc/systemd/system/bird6.service.d/wait-online.conf' + owner: root + group: root + mode: 0644 - name: Enable bird and bird6 systemd: diff --git a/roles/space_server/tasks/blackhole.yml b/roles/space_server/tasks/blackhole.yml index 2fd1b5e..dc41649 100644 --- a/roles/space_server/tasks/blackhole.yml +++ b/roles/space_server/tasks/blackhole.yml @@ -3,10 +3,15 @@ file: dest: /etc/systemd/scripts state: directory + owner: root + group: root + mode: 0755 - name: Install blackhole script copy: src: blackhole/blackhole.sh dest: '/etc/systemd/scripts/blackhole.sh' + owner: root + group: root mode: 0755 notify: - restart blackhole @@ -15,6 +20,9 @@ copy: src: blackhole/blackhole.service dest: '/etc/systemd/system/blackhole.service' + owner: root + group: root + mode: 0644 - name: Enable blackhole service systemd: diff --git a/roles/space_server/tasks/dhcpd.yml b/roles/space_server/tasks/dhcpd.yml index 53ad1a6..4102d69 100644 --- a/roles/space_server/tasks/dhcpd.yml +++ b/roles/space_server/tasks/dhcpd.yml @@ -12,6 +12,9 @@ template: src: dhcpd/dhcpd.conf.j2 dest: '/etc/dhcp/dhcpd.conf' + owner: root + group: root + mode: 0644 notify: - restart dhcpd diff --git a/roles/space_server/tasks/kernel.yml b/roles/space_server/tasks/kernel.yml index 02e115c..9566763 100644 --- a/roles/space_server/tasks/kernel.yml +++ b/roles/space_server/tasks/kernel.yml @@ -3,11 +3,15 @@ file: path: '/etc/kernel' state: directory + owner: root + group: root mode: 0755 - name: Make sure /etc/kernel/install.d exists file: path: '/etc/kernel/install.d' state: directory + owner: root + group: root mode: 0755 - name: Mask grubby @@ -20,17 +24,24 @@ copy: src: kernel/90-loaderentry.install dest: '/etc/kernel/install.d/90-loaderentry.install' + owner: root + group: root mode: 0755 - name: Create syslinux menu copy: src: kernel/95-syslinux-menu.install dest: '/etc/kernel/install.d/95-syslinux-menu.install' + owner: root + group: root mode: 0755 - name: Set kernel command line template: src: cmdline.j2 dest: '/etc/kernel/cmdline' + owner: root + group: root + mode: 0644 - name: Install kernel dnf: diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml index bd65b52..ff7acb3 100644 --- a/roles/space_server/tasks/main.yml +++ b/roles/space_server/tasks/main.yml @@ -3,6 +3,9 @@ template: src: fstab.j2 dest: /etc/fstab + owner: root + group: root + mode: 0644 tags: - fstab diff --git a/roles/space_server/tasks/networkd.yml b/roles/space_server/tasks/networkd.yml index b46b728..9e8ca3c 100644 --- a/roles/space_server/tasks/networkd.yml +++ b/roles/space_server/tasks/networkd.yml @@ -3,6 +3,9 @@ file: dest: '/etc/systemd/network' state: directory + owner: root + group: root + mode: 0755 - name: Get current network config shell: 'ls -1 /etc/systemd/network/' check_mode: no @@ -11,6 +14,9 @@ copy: src: '{{ item }}' dest: '/etc/systemd/network/' + owner: root + group: root + mode: 0644 with_fileglob: - 'networkd/network/*' register: network_files @@ -29,10 +35,16 @@ file: dest: '/etc/systemd/system/systemd-networkd-wait-online.service.d' state: directory + owner: root + group: root + mode: 0755 - name: Don't wait for lan and mgt interfaces to come online copy: src: networkd/no-lan-mgt.conf dest: '/etc/systemd/system/systemd-networkd-wait-online.service.d/no-lan-mgt.conf' + owner: root + group: root + mode: 0644 - name: Enable systemd-networkd systemd: diff --git a/roles/space_server/tasks/nftables.yml b/roles/space_server/tasks/nftables.yml index ac5e441..07ea8d6 100644 --- a/roles/space_server/tasks/nftables.yml +++ b/roles/space_server/tasks/nftables.yml @@ -3,6 +3,9 @@ copy: src: nftables/nftables.service dest: '/etc/systemd/system/nftables.service' + owner: root + group: root + mode: 0644 - name: Install nftables package dnf: @@ -23,6 +26,9 @@ copy: src: nftables/nftables.conf dest: '/etc/nftables.conf' + owner: root + group: root + mode: 0644 notify: - reload nftables diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml index 11ab1b0..fb66f9b 100644 --- a/roles/space_server/tasks/radius.yml +++ b/roles/space_server/tasks/radius.yml @@ -77,6 +77,9 @@ copy: src: 'radius/{{ item }}' dest: '/etc/systemd/system/{{ item }}' + owner: root + group: root + mode: 0644 with_items: - getusers.service - getusers.timer @@ -100,10 +103,16 @@ file: dest: '/etc/systemd/system/radiusd.service.d' state: directory + owner: root + group: root + mode: 0755 - name: Start radiusd after networks are configured copy: src: wait-online.conf dest: '/etc/systemd/system/radiusd.service.d/wait-online.conf' + owner: root + group: root + mode: 0644 - name: Enable radiusd service systemd: diff --git a/roles/space_server/tasks/radvd.yml b/roles/space_server/tasks/radvd.yml index ec1be83..c546d1f 100644 --- a/roles/space_server/tasks/radvd.yml +++ b/roles/space_server/tasks/radvd.yml @@ -12,6 +12,9 @@ copy: src: radvd/radvd.conf dest: '/etc/radvd.conf' + owner: root + group: root + mode: 0644 notify: - restart radvd @@ -19,10 +22,16 @@ file: dest: '/etc/systemd/system/radvd.service.d' state: directory + owner: root + group: root + mode: 0755 - name: Start radvd after networks are configured copy: src: wait-online.conf dest: '/etc/systemd/system/radvd.service.d/wait-online.conf' + owner: root + group: root + mode: 0644 - name: Enable radvd service systemd: diff --git a/roles/space_server/tasks/sudo.yml b/roles/space_server/tasks/sudo.yml index b8497c3..8b65f4f 100644 --- a/roles/space_server/tasks/sudo.yml +++ b/roles/space_server/tasks/sudo.yml @@ -10,6 +10,8 @@ copy: src: sudo/sudoers dest: '/etc/sudoers' + owner: root + group: root mode: 0440 validate: visudo -cf %s diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml index b11c338..ebac2cb 100644 --- a/roles/space_server/tasks/unbound.yml +++ b/roles/space_server/tasks/unbound.yml @@ -12,6 +12,9 @@ template: src: unbound/unbound.conf.j2 dest: '/etc/unbound/unbound.conf' + owner: root + group: root + mode: 0644 notify: - restart unbound @@ -32,5 +35,8 @@ copy: dest: /etc/resolv.conf content: "nameserver 127.0.0.1\nnameserver ::1\n" + owner: root + group: root + mode: 0644 # vim: set ts=2 sw=2 et ft=yaml: -- cgit v1.2.1