banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Fixed missing mode setting for others

Browse Source 
To disallow access from others than user and group
wip
Felix Stupp 5 years ago
parent 5afcd6b738
commit bcfd4cb010
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7
9 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File

2
roles/bootstrap/tasks/privilege.yml
Unescape Escape View File

@ -39,5 +39,5 @@
dest: "{{ bootstrap_expected_user_data.home }}/.ssh/authorized_keys"
owner: "{{ bootstrap_expected_user }}"
group: "{{ bootstrap_expected_user }}"
mode: u=rw,g=r
mode: u=rw,g=r,o=
become: yes

2
roles/common/tasks/main.yml
Unescape Escape View File

@ -38,7 +38,7 @@
state: directory
owner: root
group: root
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
- name: Create backups directories
file:

2
roles/git_auto_update/defaults/main.yml
Unescape Escape View File

@ -4,7 +4,7 @@
# dest: /example/repository
owner: root
group: "{{ owner }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
repo_name: "{{ dest | basename }}"
tag_prefix: "release-"
gpg_fingerprint: 73D09948B2392D688A45DC8393E1BD26F6B02FB7

4
roles/nginx/php-pool/tasks/main.yml
Unescape Escape View File

@ -6,7 +6,7 @@
state: directory
owner: "{{ system_user }}"
group: "{{ nginx_system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
- name: Check if src is a directory
file:
@ -14,7 +14,7 @@
state: directory
owner: "{{ system_user }}"
group: "{{ system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
- name: Configure pool in php-fpm
template:

10
roles/server/gitea/tasks/main.yml
Unescape Escape View File

@ -22,7 +22,7 @@
state: directory
owner: "{{ gitea_system_user }}"
group: "{{ nginx_system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
- name: Configure installation directory
file:
@ -30,7 +30,7 @@
state: directory
owner: "{{ gitea_system_user }}"
group: "{{ gitea_system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
- name: Configure custom directory
file:
@ -38,7 +38,7 @@
state: directory
owner: "{{ gitea_system_user }}"
group: "{{ gitea_system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
- name: Configure repositories directory
file:
@ -46,13 +46,13 @@
state: directory
owner: "{{ gitea_system_user }}"
group: "{{ gitea_system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
- name: Configure gitea
template:
src: "app.ini"
dest: "{{ gitea_configuration_path }}"
mode: 0640
mode: "u=rw,g=r,o="
owner: root
group: "{{ gitea_system_user }}"
notify: restart gitea

4
roles/server/nextcloud/tasks/install.yml
Unescape Escape View File

@ -6,7 +6,7 @@
url: "{{ nextcloud_release_remote }}"
checksum: "sha256:{{ nextcloud_release_remote_checksum }}"
dest: "{{ nextcloud_release_file }}"
mode: "u=rw,g=r"
mode: "u=rw,g=r,o="
validate_certs: yes
- name: Download signature for Nextcloud release
@ -14,7 +14,7 @@
get_url:
url: "{{ nextcloud_release_remote_signature }}"
dest: "{{ nextcloud_release_signature }}"
mode: "u=rw,g=r"
mode: "u=rw,g=r,o="
force: yes
validate_certs: yes

2
roles/server/nextcloud/tasks/main.yml
Unescape Escape View File

@ -49,7 +49,7 @@
path: "{{ nextcloud_data_directory }}"
owner: "{{ system_user }}"
group: "{{ system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
- name: Install Nextcloud
become_user: "{{ system_user }}"

2
roles/server/spotme/tasks/main.yml
Unescape Escape View File

@ -36,7 +36,7 @@
state: directory
owner: "{{ spotme_system_user }}"
group: "{{ spotme_system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="
# TODO Role for Git Username / Password Configuration

2
roles/server/static/meta/main.yml
Unescape Escape View File

@ -7,4 +7,4 @@ dependencies:
dest: "{{ root_directory }}"
owner: root
group: "{{ nginx_system_user }}"
mode: "u=rwx,g=rx"
mode: "u=rwx,g=rx,o="

Write Preview
Loading…
Cancel
Save