diff --git a/roles/apps/tasks/app.yml b/roles/apps/tasks/app.yml index 22feb4a..9e4d9f2 100644 --- a/roles/apps/tasks/app.yml +++ b/roles/apps/tasks/app.yml @@ -5,6 +5,7 @@ ansible.builtin.file: path: "{{ apps_data_root }}/{{ app }}" owner: root + group: root mode: u=rwx,go= state: directory @@ -13,12 +14,14 @@ src: compose-files/{{ app }}.yml.j2 dest: "{{ apps_data_root }}/{{ app }}/docker-compose.yml" owner: root + group: root mode: u=rw,go= - name: Create data directory for {{ app }} ansible.builtin.file: path: "{{ apps_data_root }}/{{ app }}/data" owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory diff --git a/roles/apps/tasks/extra_tasks/ipfs.yml b/roles/apps/tasks/extra_tasks/ipfs.yml index 3738148..cf75483 100644 --- a/roles/apps/tasks/extra_tasks/ipfs.yml +++ b/roles/apps/tasks/extra_tasks/ipfs.yml @@ -5,7 +5,7 @@ ansible.builtin.file: path: "{{ apps_data_root }}/ipfs/data/data" owner: '1000' - group: root + group: '1000' mode: u=rwx,g=rx,o=rx state: directory @@ -13,6 +13,7 @@ ansible.builtin.file: path: "{{ apps_data_root }}/ipfs/data/staging" owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory @@ -21,4 +22,5 @@ src: ipfs/ipfs-config.sh dest: "{{ apps_data_root }}/ipfs/data/ipfs-config.sh" owner: root + group: root mode: u=rwx,g=rx,o=rx diff --git a/roles/apps/tasks/extra_tasks/nextcloud.yml b/roles/apps/tasks/extra_tasks/nextcloud.yml index 1c8dbf0..5dd2124 100644 --- a/roles/apps/tasks/extra_tasks/nextcloud.yml +++ b/roles/apps/tasks/extra_tasks/nextcloud.yml @@ -5,6 +5,7 @@ ansible.builtin.file: path: "{{ apps_data_root }}/nextcloud/data/apache2" owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory @@ -12,6 +13,7 @@ ansible.builtin.file: path: "{{ apps_data_root }}/nextcloud/data/app" owner: '33' + group: '33' mode: u=rwx,g=rx,o=rx state: directory @@ -20,4 +22,5 @@ src: nextcloud/remoteip.conf.j2 dest: "{{ apps_data_root }}/nextcloud/data/apache2/remoteip.conf" owner: root + group: root mode: u=rw,g=r,o=r diff --git a/roles/apps/tasks/extra_tasks/nginx.yml b/roles/apps/tasks/extra_tasks/nginx.yml index ed94d29..2aca2ee 100644 --- a/roles/apps/tasks/extra_tasks/nginx.yml +++ b/roles/apps/tasks/extra_tasks/nginx.yml @@ -5,6 +5,7 @@ ansible.builtin.file: path: "{{ apps_data_root }}/nginx/data/conf.d" owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory @@ -13,6 +14,7 @@ src: nginx/conf.d/{{ config }}.conf.j2 dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ config }}.conf" owner: root + group: root mode: u=rw,g=r,o=r loop: "{{ ['http', apps_proxied] | flatten }}" loop_control: diff --git a/roles/apps/tasks/main.yml b/roles/apps/tasks/main.yml index 1909fdf..5dcc86c 100644 --- a/roles/apps/tasks/main.yml +++ b/roles/apps/tasks/main.yml @@ -20,6 +20,7 @@ ansible.builtin.file: path: "{{ apps_data_root }}" owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory @@ -35,4 +36,5 @@ src: scripts/deploy.sh.j2 dest: /usr/bin/deploy.sh owner: root + group: root mode: u=rwx,g=rx,o=rx diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index afb15ac..83472eb 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -25,6 +25,7 @@ ansible.builtin.file: path: "{{ docker_data_root }}" owner: root + group: root mode: u=rwx,g=x,o= seuser: system_u serole: object_r @@ -37,6 +38,7 @@ src: daemon.json.j2 dest: /etc/docker/daemon.json owner: root + group: root mode: u=rw,g=r,o=r notify: Reload Docker daemon diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index b7af758..f57dc52 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -23,6 +23,7 @@ ansible.builtin.file: path: /etc/systemd/system/{{ postgresql_service }}.service.d owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory @@ -31,6 +32,7 @@ src: "{{ postgresql_service }}.service.j2" dest: /etc/systemd/system/{{ postgresql_service }}.service.d/override.conf owner: root + group: root mode: u=rw,g=r,o=r notify: Reload systemd diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index 2c2502b..37bde36 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -5,6 +5,7 @@ ansible.builtin.file: path: "{{ proxy_data_root }}" owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory @@ -12,6 +13,7 @@ ansible.builtin.file: path: "{{ proxy_data_root }}/build" owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory @@ -20,6 +22,7 @@ src: docker/docker-compose.yml.j2 dest: "{{ proxy_data_root }}/docker-compose.yml" owner: root + group: root mode: u=rw,go= - name: Copy Dockerfile for Caddy @@ -27,6 +30,7 @@ src: docker/Dockerfile.j2 dest: "{{ proxy_data_root }}/build/Dockerfile" owner: root + group: root mode: u=rw,g=r,o=r notify: Build custom Docker image for Caddy @@ -34,6 +38,7 @@ ansible.builtin.file: path: "{{ proxy_data_root }}/data" owner: root + group: root mode: u=rwx,g=rx,o=rx state: directory @@ -42,12 +47,14 @@ src: caddy/Caddyfile.j2 dest: "{{ proxy_data_root }}/data/Caddyfile" owner: root + group: root mode: u=rw,go= - name: Create subdirectories for Caddy data ansible.builtin.file: path: "{{ proxy_data_root }}/data/caddy-{{ item }}" owner: root + group: root mode: u=rwx,go= state: directory loop: @@ -59,4 +66,5 @@ src: scripts/deploy.sh.j2 dest: /usr/bin/deploy.sh owner: root + group: root mode: u=rwx,g=rx,o=rx diff --git a/roles/virt-common/tasks/main.yml b/roles/virt-common/tasks/main.yml index cdbeb8d..75a0d24 100644 --- a/roles/virt-common/tasks/main.yml +++ b/roles/virt-common/tasks/main.yml @@ -6,6 +6,7 @@ src: hosts.j2 dest: /etc/hosts owner: root + group: root mode: u=rw,g=r,o=r - name: Copy MOTD file @@ -13,6 +14,7 @@ src: motd.j2 dest: /etc/motd.d/10-ansible owner: root + group: root mode: u=rw,g=r,o=r - name: Add users @@ -45,6 +47,7 @@ src: sshd_config dest: /etc/ssh/sshd_config owner: root + group: root mode: u=rw,g=r,o=r validate: /usr/sbin/sshd -t -f %s notify: Restart sshd