Add explicit group specification
This commit is contained in:
parent
e3fcd87b7b
commit
62de1c25b3
|
@ -5,6 +5,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ apps_data_root }}/{{ app }}"
|
path: "{{ apps_data_root }}/{{ app }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,go=
|
mode: u=rwx,go=
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -13,12 +14,14 @@
|
||||||
src: compose-files/{{ app }}.yml.j2
|
src: compose-files/{{ app }}.yml.j2
|
||||||
dest: "{{ apps_data_root }}/{{ app }}/docker-compose.yml"
|
dest: "{{ apps_data_root }}/{{ app }}/docker-compose.yml"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,go=
|
mode: u=rw,go=
|
||||||
|
|
||||||
- name: Create data directory for {{ app }}
|
- name: Create data directory for {{ app }}
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ apps_data_root }}/{{ app }}/data"
|
path: "{{ apps_data_root }}/{{ app }}/data"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ apps_data_root }}/ipfs/data/data"
|
path: "{{ apps_data_root }}/ipfs/data/data"
|
||||||
owner: '1000'
|
owner: '1000'
|
||||||
group: root
|
group: '1000'
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -13,6 +13,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ apps_data_root }}/ipfs/data/staging"
|
path: "{{ apps_data_root }}/ipfs/data/staging"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -21,4 +22,5 @@
|
||||||
src: ipfs/ipfs-config.sh
|
src: ipfs/ipfs-config.sh
|
||||||
dest: "{{ apps_data_root }}/ipfs/data/ipfs-config.sh"
|
dest: "{{ apps_data_root }}/ipfs/data/ipfs-config.sh"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ apps_data_root }}/nextcloud/data/apache2"
|
path: "{{ apps_data_root }}/nextcloud/data/apache2"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -12,6 +13,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ apps_data_root }}/nextcloud/data/app"
|
path: "{{ apps_data_root }}/nextcloud/data/app"
|
||||||
owner: '33'
|
owner: '33'
|
||||||
|
group: '33'
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -20,4 +22,5 @@
|
||||||
src: nextcloud/remoteip.conf.j2
|
src: nextcloud/remoteip.conf.j2
|
||||||
dest: "{{ apps_data_root }}/nextcloud/data/apache2/remoteip.conf"
|
dest: "{{ apps_data_root }}/nextcloud/data/apache2/remoteip.conf"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ apps_data_root }}/nginx/data/conf.d"
|
path: "{{ apps_data_root }}/nginx/data/conf.d"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -13,6 +14,7 @@
|
||||||
src: nginx/conf.d/{{ config }}.conf.j2
|
src: nginx/conf.d/{{ config }}.conf.j2
|
||||||
dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ config }}.conf"
|
dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ config }}.conf"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
loop: "{{ ['http', apps_proxied] | flatten }}"
|
loop: "{{ ['http', apps_proxied] | flatten }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ apps_data_root }}"
|
path: "{{ apps_data_root }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -35,4 +36,5 @@
|
||||||
src: scripts/deploy.sh.j2
|
src: scripts/deploy.sh.j2
|
||||||
dest: /usr/bin/deploy.sh
|
dest: /usr/bin/deploy.sh
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
|
@ -25,6 +25,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ docker_data_root }}"
|
path: "{{ docker_data_root }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=x,o=
|
mode: u=rwx,g=x,o=
|
||||||
seuser: system_u
|
seuser: system_u
|
||||||
serole: object_r
|
serole: object_r
|
||||||
|
@ -37,6 +38,7 @@
|
||||||
src: daemon.json.j2
|
src: daemon.json.j2
|
||||||
dest: /etc/docker/daemon.json
|
dest: /etc/docker/daemon.json
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
notify: Reload Docker daemon
|
notify: Reload Docker daemon
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/systemd/system/{{ postgresql_service }}.service.d
|
path: /etc/systemd/system/{{ postgresql_service }}.service.d
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -31,6 +32,7 @@
|
||||||
src: "{{ postgresql_service }}.service.j2"
|
src: "{{ postgresql_service }}.service.j2"
|
||||||
dest: /etc/systemd/system/{{ postgresql_service }}.service.d/override.conf
|
dest: /etc/systemd/system/{{ postgresql_service }}.service.d/override.conf
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
notify: Reload systemd
|
notify: Reload systemd
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ proxy_data_root }}"
|
path: "{{ proxy_data_root }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -12,6 +13,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ proxy_data_root }}/build"
|
path: "{{ proxy_data_root }}/build"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -20,6 +22,7 @@
|
||||||
src: docker/docker-compose.yml.j2
|
src: docker/docker-compose.yml.j2
|
||||||
dest: "{{ proxy_data_root }}/docker-compose.yml"
|
dest: "{{ proxy_data_root }}/docker-compose.yml"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,go=
|
mode: u=rw,go=
|
||||||
|
|
||||||
- name: Copy Dockerfile for Caddy
|
- name: Copy Dockerfile for Caddy
|
||||||
|
@ -27,6 +30,7 @@
|
||||||
src: docker/Dockerfile.j2
|
src: docker/Dockerfile.j2
|
||||||
dest: "{{ proxy_data_root }}/build/Dockerfile"
|
dest: "{{ proxy_data_root }}/build/Dockerfile"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
notify: Build custom Docker image for Caddy
|
notify: Build custom Docker image for Caddy
|
||||||
|
|
||||||
|
@ -34,6 +38,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ proxy_data_root }}/data"
|
path: "{{ proxy_data_root }}/data"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
@ -42,12 +47,14 @@
|
||||||
src: caddy/Caddyfile.j2
|
src: caddy/Caddyfile.j2
|
||||||
dest: "{{ proxy_data_root }}/data/Caddyfile"
|
dest: "{{ proxy_data_root }}/data/Caddyfile"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,go=
|
mode: u=rw,go=
|
||||||
|
|
||||||
- name: Create subdirectories for Caddy data
|
- name: Create subdirectories for Caddy data
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ proxy_data_root }}/data/caddy-{{ item }}"
|
path: "{{ proxy_data_root }}/data/caddy-{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,go=
|
mode: u=rwx,go=
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
|
@ -59,4 +66,5 @@
|
||||||
src: scripts/deploy.sh.j2
|
src: scripts/deploy.sh.j2
|
||||||
dest: /usr/bin/deploy.sh
|
dest: /usr/bin/deploy.sh
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
src: hosts.j2
|
src: hosts.j2
|
||||||
dest: /etc/hosts
|
dest: /etc/hosts
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
|
|
||||||
- name: Copy MOTD file
|
- name: Copy MOTD file
|
||||||
|
@ -13,6 +14,7 @@
|
||||||
src: motd.j2
|
src: motd.j2
|
||||||
dest: /etc/motd.d/10-ansible
|
dest: /etc/motd.d/10-ansible
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
|
|
||||||
- name: Add users
|
- name: Add users
|
||||||
|
@ -45,6 +47,7 @@
|
||||||
src: sshd_config
|
src: sshd_config
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
owner: root
|
owner: root
|
||||||
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
validate: /usr/sbin/sshd -t -f %s
|
validate: /usr/sbin/sshd -t -f %s
|
||||||
notify: Restart sshd
|
notify: Restart sshd
|
||||||
|
|
Loading…
Reference in a new issue