dest: "/etc/apache2/sites-available/{{ virtual_host }}.conf"
owner: root
group: root
- mode: '0640'
+ mode: 'u=rw,g=r,o='
- name: Enable site
become: true
state: directory
owner: root
group: www-data
- mode: '0755'
+ mode: 'u=rwx,go=rx'
loop: ['/usr/local/apache2/cgi-bin', '/usr/local/apache2/htdocs',
'/var/log/apache2',
]
state: directory
owner: root
group: root
- mode: '0700'
+ mode: 'u=rwx,go='
- name: Configure dehydrated
become: true
dest: "/usr/local/apache2/.dehydrated/{{ virtual_host }}"
owner: root
group: root
- mode: '0600'
+ mode: 'u=rw,go='
loop: ['config', 'domains.txt']
- name: Configure dehydrated script
dest: "/usr/local/apache2/.dehydrated/{{ virtual_host }}"
owner: root
group: root
- mode: '0700'
+ mode: 'u=rwx,go='
dest: "/etc/bind/{{ domain }}"
owner: bind
group: bind
- mode: '0600'
+ mode: 'u=rw,go='
- name: Update domain config
become: true
dest: /etc/apache2/conf-available
owner: root
group: root
- mode: '0640'
+ mode: 'u=rw,g=r,o='
- name: Setup default host
become: true
dest: /usr/local/apache2
owner: root
group: www-data
- directory_mode: '0755'
- mode: '0644'
+ directory_mode: 'u=rwx,go=rx'
+ mode: 'u=rw,go=r'
- name: Enable config
become: true
dest: /etc/logrotate.d
owner: root
group: root
- mode: '0640'
+ mode: 'u=rw,g=r,o='
dest: /etc/cron.weekly
owner: root
group: root
- mode: '0700'
+ mode: 'u=rwx,go='
dest: /
owner: root
group: root
- directory_mode: '0750'
- mode: '0750'
+ directory_mode: 'u=rwx,g=rx,o='
+ mode: 'u=rwx,g=rx,o='
notify: Restart firewall
- name: Fix permissions for /etc/network/functions
become: true
file:
path: /etc/network/functions.phd
- mode: '0640'
+ mode: 'u=rw,g=r,o='
notify: Restart firewall
- name: Remove iptables leftovers
dest: /etc/apache2/sites-available
owner: root
group: root
- directory_mode: '0755'
- mode: '0644'
+ directory_mode: 'u=rwx,go=rx'
+ mode: 'u=rw,go=r'
dest: /etc/bind/named.conf.options
owner: bind
group: bind
- mode: '0600'
+ mode: 'u=rw,go='
- name: Reload BIND
become: true
dest: /etc/resolv.conf
owner: root
group: root
- mode: '0644'
+ mode: 'u=rw,go=r'
when: named_conf.stdout in ('', "0")
dest: /
owner: root
group: root
- directory_mode: '0755'
- mode: '0644'
+ directory_mode: 'u=rwx,go=rx'
+ mode: 'u=rw,go=r'
- name: Install SysV init
become: true
dest: /etc/inittab
owner: root
group: root
- mode: '0644'
+ mode: 'u=rw,go=r'
- name: Purge SystemD
import_tasks: remove-systemd.yaml
dest: /etc/apt/sources.list
owner: root
group: root
- mode: '0640'
+ mode: 'u=rw,g=r,o='
- name: Install minimal software packages
become: true
dest: "/etc/logcheck/ignore.d.{{ item }}"
owner: root
group: logcheck
- directory_mode: '0750'
- mode: 'u=rwX,g=rX,o='
+ directory_mode: 'u=rwx,g=rx,o='
+ mode: 'u=rw,g=r,o='
loop: ['server', 'workstation']
dest: /etc/sudoers.d/openvpn
owner: root
group: "{% if ansible_facts.os_family == 'Debian' %}sudo{% elif ansible_facts.os_family == 'RedHat' %}root{% endif %}"
- mode: 0640
+ mode: 'u=rw,g=r,o='
dest: /
owner: root
group: root
- directory_mode: '0750'
- mode: '0750'
+ directory_mode: 'u=rwx,g=rx,o='
+ mode: 'u=rwx,g=rx,o='
notify: Restart firewall
- name: Fix permissions for /etc/network/functions
become: true
file:
path: /etc/network/functions.phd
- mode: '0640'
+ mode: 'u=rw,g=r,o='
notify: Restart firewall
file:
path: "~root/{{ item }}"
state: directory
- mode: "0700"
+ mode: 'u=rwx,go='
loop: ['.cache', '.config', '.local/share']
- name: "Setup root mc - remove mc directories"
dest: ~root/.mc
owner: root
group: root
- mode: "0600"
+ mode: 'u=rw,go='
loop: ['hotlist', 'ini', 'panels.ini']
dest: ~root
owner: root
group: root
- directory_mode: "0700"
- mode: "0600"
+ directory_mode: 'u=rwx,go='
+ mode: 'u=rw,go='
loop: ['.bashrc', 'admin/home/root/.profile']
- name: "Setup ~root - copy directories from ~phd"
dest: ~root
owner: root
group: root
- directory_mode: "0700"
- mode: "0700"
+ directory_mode: 'u=rwx,go='
+ mode: 'u=rwx,go='
loop: ['.mc', '.ssh', 'bin', 'lib']
- name: "Setup ~root - copy vim from ~phd"
dest: ~root
owner: root
group: root
- directory_mode: "0700"
- mode: "0700"
+ directory_mode: 'u=rwx,go='
+ mode: 'u=rwx,go='
loop: ['.vim']
- name: "Setup ~root - copy files from ~phd without overwriting"
dest: ~root
owner: root
group: root
- directory_mode: "0700"
- mode: "0600"
+ directory_mode: 'u=rwx,go='
+ mode: 'u=rw,go='
loop: ['.bash_logout', '.inputrc', '.less', '.lesskey',
'.screenrc', '.shellrc', '.tmux.conf', '.vimrc',
]
state: touch
owner: root
group: root
- mode: "0600"
+ mode: 'u=rw,go='
when: not sh_history.stat.exists
- name: "Setup ~root - remove .bash_history"
state: directory
owner: root
group: root
- mode: "0700"
+ mode: 'u=rwx,go='
recurse: yes
dest: /etc/sudoers.d/phd
owner: root
group: "{% if ansible_facts.os_family == 'Debian' %}sudo{% elif ansible_facts.os_family == 'RedHat' %}root{% endif %}"
- mode: 0640
+ mode: 'u=rw,g=r,o='
dest: ~root
owner: root
group: root
- mode: "0600"
+ mode: 'u=rw,go='
loop: ['.bashrc', 'admin/home/root/.profile',
'.bash_logout', '.inputrc', '.less', '.lesskey',
'.screenrc', '.shellrc', '.tmux.conf', '.vimrc',
dest: ~root/.ssh/known_hosts
owner: root
group: root
- mode: "0600"
+ mode: 'u=rw,go='
- name: "Create ~root/admin/prog/"
file:
state: directory
owner: root
group: root
- mode: "0600"
+ mode: 'u=rw,go='
- name: "Update ~root/admin/prog/bash_prompt"
copy:
dest: ~root/admin/prog/bash_prompt
owner: root
group: root
- mode: "0600"
+ mode: 'u=rw,go='
- name: "Update root mc - overwrite files from ~phd/.mc"
become: true
dest: ~root/.mc
owner: root
group: root
- mode: "0600"
+ mode: 'u=rw,go='
loop: ['bashrc', 'mc.ext', 'mc.ext.ini']
- name: "Update root mc - overwrite files from ~phd/admin"
dest: ~root/.mc
owner: root
group: root
- mode: "0600"
+ mode: 'u=rw,go='
loop: ['hotlist', 'ini', 'panels.ini']
- name: "Update root mc - sync extfs from ~phd"
projects / ansible.git / commitdiff