Add explicit group specification

This commit is contained in:
Sam A. 2024-01-30 19:15:51 +01:00
parent e3fcd87b7b
commit 62de1c25b3
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
9 changed files with 28 additions and 1 deletions

View file

@ -5,6 +5,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}/{{ app }}" path: "{{ apps_data_root }}/{{ app }}"
owner: root owner: root
group: root
mode: u=rwx,go= mode: u=rwx,go=
state: directory state: directory
@ -13,12 +14,14 @@
src: compose-files/{{ app }}.yml.j2 src: compose-files/{{ app }}.yml.j2
dest: "{{ apps_data_root }}/{{ app }}/docker-compose.yml" dest: "{{ apps_data_root }}/{{ app }}/docker-compose.yml"
owner: root owner: root
group: root
mode: u=rw,go= mode: u=rw,go=
- name: Create data directory for {{ app }} - name: Create data directory for {{ app }}
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}/{{ app }}/data" path: "{{ apps_data_root }}/{{ app }}/data"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory

View file

@ -5,7 +5,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}/ipfs/data/data" path: "{{ apps_data_root }}/ipfs/data/data"
owner: '1000' owner: '1000'
group: root group: '1000'
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -13,6 +13,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}/ipfs/data/staging" path: "{{ apps_data_root }}/ipfs/data/staging"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -21,4 +22,5 @@
src: ipfs/ipfs-config.sh src: ipfs/ipfs-config.sh
dest: "{{ apps_data_root }}/ipfs/data/ipfs-config.sh" dest: "{{ apps_data_root }}/ipfs/data/ipfs-config.sh"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx

View file

@ -5,6 +5,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}/nextcloud/data/apache2" path: "{{ apps_data_root }}/nextcloud/data/apache2"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -12,6 +13,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}/nextcloud/data/app" path: "{{ apps_data_root }}/nextcloud/data/app"
owner: '33' owner: '33'
group: '33'
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -20,4 +22,5 @@
src: nextcloud/remoteip.conf.j2 src: nextcloud/remoteip.conf.j2
dest: "{{ apps_data_root }}/nextcloud/data/apache2/remoteip.conf" dest: "{{ apps_data_root }}/nextcloud/data/apache2/remoteip.conf"
owner: root owner: root
group: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r

View file

@ -5,6 +5,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}/nginx/data/conf.d" path: "{{ apps_data_root }}/nginx/data/conf.d"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -13,6 +14,7 @@
src: nginx/conf.d/{{ config }}.conf.j2 src: nginx/conf.d/{{ config }}.conf.j2
dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ config }}.conf" dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ config }}.conf"
owner: root owner: root
group: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
loop: "{{ ['http', apps_proxied] | flatten }}" loop: "{{ ['http', apps_proxied] | flatten }}"
loop_control: loop_control:

View file

@ -20,6 +20,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}" path: "{{ apps_data_root }}"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -35,4 +36,5 @@
src: scripts/deploy.sh.j2 src: scripts/deploy.sh.j2
dest: /usr/bin/deploy.sh dest: /usr/bin/deploy.sh
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx

View file

@ -25,6 +25,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ docker_data_root }}" path: "{{ docker_data_root }}"
owner: root owner: root
group: root
mode: u=rwx,g=x,o= mode: u=rwx,g=x,o=
seuser: system_u seuser: system_u
serole: object_r serole: object_r
@ -37,6 +38,7 @@
src: daemon.json.j2 src: daemon.json.j2
dest: /etc/docker/daemon.json dest: /etc/docker/daemon.json
owner: root owner: root
group: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
notify: Reload Docker daemon notify: Reload Docker daemon

View file

@ -23,6 +23,7 @@
ansible.builtin.file: ansible.builtin.file:
path: /etc/systemd/system/{{ postgresql_service }}.service.d path: /etc/systemd/system/{{ postgresql_service }}.service.d
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -31,6 +32,7 @@
src: "{{ postgresql_service }}.service.j2" src: "{{ postgresql_service }}.service.j2"
dest: /etc/systemd/system/{{ postgresql_service }}.service.d/override.conf dest: /etc/systemd/system/{{ postgresql_service }}.service.d/override.conf
owner: root owner: root
group: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
notify: Reload systemd notify: Reload systemd

View file

@ -5,6 +5,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ proxy_data_root }}" path: "{{ proxy_data_root }}"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -12,6 +13,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ proxy_data_root }}/build" path: "{{ proxy_data_root }}/build"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -20,6 +22,7 @@
src: docker/docker-compose.yml.j2 src: docker/docker-compose.yml.j2
dest: "{{ proxy_data_root }}/docker-compose.yml" dest: "{{ proxy_data_root }}/docker-compose.yml"
owner: root owner: root
group: root
mode: u=rw,go= mode: u=rw,go=
- name: Copy Dockerfile for Caddy - name: Copy Dockerfile for Caddy
@ -27,6 +30,7 @@
src: docker/Dockerfile.j2 src: docker/Dockerfile.j2
dest: "{{ proxy_data_root }}/build/Dockerfile" dest: "{{ proxy_data_root }}/build/Dockerfile"
owner: root owner: root
group: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
notify: Build custom Docker image for Caddy notify: Build custom Docker image for Caddy
@ -34,6 +38,7 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ proxy_data_root }}/data" path: "{{ proxy_data_root }}/data"
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
@ -42,12 +47,14 @@
src: caddy/Caddyfile.j2 src: caddy/Caddyfile.j2
dest: "{{ proxy_data_root }}/data/Caddyfile" dest: "{{ proxy_data_root }}/data/Caddyfile"
owner: root owner: root
group: root
mode: u=rw,go= mode: u=rw,go=
- name: Create subdirectories for Caddy data - name: Create subdirectories for Caddy data
ansible.builtin.file: ansible.builtin.file:
path: "{{ proxy_data_root }}/data/caddy-{{ item }}" path: "{{ proxy_data_root }}/data/caddy-{{ item }}"
owner: root owner: root
group: root
mode: u=rwx,go= mode: u=rwx,go=
state: directory state: directory
loop: loop:
@ -59,4 +66,5 @@
src: scripts/deploy.sh.j2 src: scripts/deploy.sh.j2
dest: /usr/bin/deploy.sh dest: /usr/bin/deploy.sh
owner: root owner: root
group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx

View file

@ -6,6 +6,7 @@
src: hosts.j2 src: hosts.j2
dest: /etc/hosts dest: /etc/hosts
owner: root owner: root
group: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
- name: Copy MOTD file - name: Copy MOTD file
@ -13,6 +14,7 @@
src: motd.j2 src: motd.j2
dest: /etc/motd.d/10-ansible dest: /etc/motd.d/10-ansible
owner: root owner: root
group: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
- name: Add users - name: Add users
@ -45,6 +47,7 @@
src: sshd_config src: sshd_config
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
owner: root owner: root
group: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
validate: /usr/sbin/sshd -t -f %s validate: /usr/sbin/sshd -t -f %s
notify: Restart sshd notify: Restart sshd