diff options
| -rw-r--r-- | roles/bittorrent/tasks/services.yml | 1 | ||||
| -rw-r--r-- | roles/bittorrent/tasks/update.yml | 1 | ||||
| -rw-r--r-- | roles/clients/tasks/config.yml | 5 | ||||
| -rw-r--r-- | roles/clients/tasks/host.yml | 2 | ||||
| -rw-r--r-- | roles/clients/tasks/stunnel.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/binutils.yml | 1 | ||||
| -rw-r--r-- | roles/common/tasks/dnf.yml | 6 | ||||
| -rw-r--r-- | roles/common/tasks/repos.yml | 4 | ||||
| -rw-r--r-- | roles/common/tasks/systemd.yml | 4 | ||||
| -rw-r--r-- | roles/common/tasks/yum.yml | 6 | ||||
| -rw-r--r-- | roles/dbreplication/tasks/stunnel.yml | 2 | ||||
| -rw-r--r-- | roles/dbserver/tasks/stunnel.yml | 2 | ||||
| -rw-r--r-- | roles/diagnostics/tasks/hidsdb.yml | 1 | ||||
| -rw-r--r-- | roles/imserver/tasks/stunnel.yml | 2 | ||||
| -rw-r--r-- | roles/nfsserver/tasks/stunnel.yml | 2 | ||||
| -rw-r--r-- | roles/phpworker/tasks/stunnel.yml | 2 | ||||
| -rw-r--r-- | roles/reverseproxy/tasks/stunnel.yml | 2 | ||||
| -rw-r--r-- | roles/torrelay/tasks/config.yml | 3 |
18 files changed, 47 insertions, 1 deletions
diff --git a/roles/bittorrent/tasks/services.yml b/roles/bittorrent/tasks/services.yml index 3ddb9ca..bfcbbfc 100644 --- a/roles/bittorrent/tasks/services.yml +++ b/roles/bittorrent/tasks/services.yml @@ -12,6 +12,7 @@ - name: Création du répertoire pour unité systemd file: path: "/etc/systemd/system/transmission-daemon.service.d" + mode: 0755 state: directory - name: Réglage du service systemd diff --git a/roles/bittorrent/tasks/update.yml b/roles/bittorrent/tasks/update.yml index db793b6..baccdd4 100644 --- a/roles/bittorrent/tasks/update.yml +++ b/roles/bittorrent/tasks/update.yml @@ -19,6 +19,7 @@ template: src: transmission-stats.txt.j2 dest: /root/transmission-stats.txt + mode: 0600 - name: Récupération du fichier de statistiques fetch: diff --git a/roles/clients/tasks/config.yml b/roles/clients/tasks/config.yml index f13adc6..e8fc7c0 100644 --- a/roles/clients/tasks/config.yml +++ b/roles/clients/tasks/config.yml @@ -64,6 +64,7 @@ path: /etc/ettercap/etter.conf create: yes state: present + mode: 0644 line: 'redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"' - name: Ettercap redirection iptables off @@ -71,6 +72,7 @@ path: /etc/ettercap/etter.conf create: yes state: present + mode: 0644 line: 'redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"' - name: Ettercap redirection iptables6 on @@ -78,6 +80,7 @@ path: /etc/ettercap/etter.conf create: yes state: present + mode: 0644 line: 'redir6_command_on = "ip6tables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"' - name: Ettercap redirection iptables6 off @@ -85,6 +88,7 @@ path: /etc/ettercap/etter.conf create: yes state: present + mode: 0644 line: 'redir6_command_off = "ip6tables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"' - name: Configuration audio de libvirtd @@ -92,6 +96,7 @@ path: /etc/libvirt/qemu.conf create: yes state: present + mode: 0644 line: "vnc_allow_host_audio = 1" - name: Installation service arpwatcher diff --git a/roles/clients/tasks/host.yml b/roles/clients/tasks/host.yml index dbb9dad..b62d77f 100644 --- a/roles/clients/tasks/host.yml +++ b/roles/clients/tasks/host.yml @@ -3,6 +3,7 @@ path: /etc/hosts create: yes state: present + mode: 0644 line: '127.0.0.1 casperdev.home.casperlefantom.net cirrusdev.home.casperlefantom.net jaydev.home.casperlefantom.net' - name: Configuration du fichier hôtes IPv6 pour le dev @@ -10,4 +11,5 @@ path: /etc/hosts create: yes state: present + mode: 0644 line: '::1 casperdev.home.casperlefantom.net cirrusdev.home.casperlefantom.net jaydev.home.casperlefantom.net' diff --git a/roles/clients/tasks/stunnel.yml b/roles/clients/tasks/stunnel.yml index 6a918c6..3770ab5 100644 --- a/roles/clients/tasks/stunnel.yml +++ b/roles/clients/tasks/stunnel.yml @@ -38,11 +38,13 @@ file: path: /var/stunnel/chroot/etc state: directory + mode: 0755 - name: Création des fichiers du chroot file: path: "/var/stunnel/chroot/etc/{{ item }}" state: touch + mode: 0644 loop: - hosts.allow - hosts.deny diff --git a/roles/common/tasks/binutils.yml b/roles/common/tasks/binutils.yml index 5bbe60b..18b9998 100644 --- a/roles/common/tasks/binutils.yml +++ b/roles/common/tasks/binutils.yml @@ -1,6 +1,7 @@ - name: Création des répertoires file: path: "{{ item }}" + mode: 0755 state: directory loop: - /root/bin/ diff --git a/roles/common/tasks/dnf.yml b/roles/common/tasks/dnf.yml index 41afe00..c6b323a 100644 --- a/roles/common/tasks/dnf.yml +++ b/roles/common/tasks/dnf.yml @@ -1,6 +1,7 @@ - name: Affichage historique ini_file: path: /etc/dnf/dnf.conf + mode: 0644 section: main option: history_list_view value: cmds @@ -9,6 +10,7 @@ - name: Clean requirements on remove ini_file: path: /etc/dnf/dnf.conf + mode: 0644 section: main option: clean_requirements_on_remove value: "true" @@ -17,6 +19,7 @@ - name: Désactivation delta rpm ini_file: path: /etc/dnf/dnf.conf + mode: 0644 section: main option: deltarpm value: "false" @@ -25,6 +28,7 @@ - name: Nombre mini de noyaux installés ini_file: path: /etc/dnf/dnf.conf + mode: 0644 section: main option: installonly_limit value: "{{ minkernel }}" @@ -34,6 +38,7 @@ - name: Nombre maxi de noyaux installés ini_file: path: /etc/dnf/dnf.conf + mode: 0644 section: main option: installonly_limit value: "{{ maxkernel }}" @@ -43,6 +48,7 @@ - name: Création du répertoire pour unité systemd file: path: /etc/systemd/system/dnf-makecache.timer.d + mode: 0755 state: directory - name: Réglage de dnf-makecache.timer diff --git a/roles/common/tasks/repos.yml b/roles/common/tasks/repos.yml index 7e7b3c5..6b8f284 100644 --- a/roles/common/tasks/repos.yml +++ b/roles/common/tasks/repos.yml @@ -25,6 +25,7 @@ - name: Désactivation du dépôt Updates ini_file: path: /etc/yum.repos.d/fedora-updates.repo + mode: 0644 section: updates option: enabled value: "0" @@ -37,6 +38,7 @@ - name: Activation du dépôt Updates ini_file: path: /etc/yum.repos.d/fedora-updates.repo + mode: 0644 section: updates option: enabled value: "1" @@ -75,6 +77,7 @@ - name: Désactivation du dépôt Fedora ini_file: path: /etc/yum.repos.d/fedora.repo + mode: 0644 section: fedora option: enabled value: "0" @@ -87,6 +90,7 @@ - name: Activation du dépôt Fedora ini_file: path: /etc/yum.repos.d/fedora.repo + mode: 0644 section: fedora option: enabled value: "1" diff --git a/roles/common/tasks/systemd.yml b/roles/common/tasks/systemd.yml index 88ac111..b324304 100644 --- a/roles/common/tasks/systemd.yml +++ b/roles/common/tasks/systemd.yml @@ -1,6 +1,7 @@ - name: Configuration systemd écran rabattu ini_file: path: /etc/systemd/logind.conf + mode: 0644 section: Login option: HandleLidSwitch value: ignore @@ -9,6 +10,7 @@ - name: Configuration systemd écran éteint ini_file: path: /etc/systemd/logind.conf + mode: 0644 section: Login option: HandleLidSwitchExternalPower value: ignore @@ -26,6 +28,7 @@ - name: Configuration systemd hibernation ini_file: path: /etc/systemd/logind.conf + mode: 0644 section: Login option: HandleHibernateKey value: ignore @@ -34,6 +37,7 @@ - name: Configuration systemd HibernateKeyIgnoreInhibited ini_file: path: /etc/systemd/logind.conf + mode: 0644 section: Login option: HibernateKeyIgnoreInhibited value: yes diff --git a/roles/common/tasks/yum.yml b/roles/common/tasks/yum.yml index 7949002..ad5b200 100644 --- a/roles/common/tasks/yum.yml +++ b/roles/common/tasks/yum.yml @@ -1,6 +1,7 @@ - name: Affichage historique ini_file: path: /etc/yum.conf + mode: 0644 section: main option: history_list_view value: cmds @@ -9,6 +10,7 @@ - name: Clean requirements on remove ini_file: path: /etc/yum.conf + mode: 0644 section: main option: clean_requirements_on_remove value: "1" @@ -17,6 +19,7 @@ - name: Désactivation delta rpm ini_file: path: /etc/yum.conf + mode: 0644 section: main option: deltarpm value: "0" @@ -25,6 +28,7 @@ - name: Nombre mini de noyaux installés ini_file: path: /etc/yum.conf + mode: 0644 section: main option: installonly_limit value: "{{ minkernel }}" @@ -34,9 +38,9 @@ - name: Nombre maxi de noyaux installés ini_file: path: /etc/yum.conf + mode: 0644 section: main option: installonly_limit value: "{{ maxkernel }}" - mode: 0644 when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" and ansible_pkg_mgr == "yum" diff --git a/roles/dbreplication/tasks/stunnel.yml b/roles/dbreplication/tasks/stunnel.yml index b24580d..81eed03 100644 --- a/roles/dbreplication/tasks/stunnel.yml +++ b/roles/dbreplication/tasks/stunnel.yml @@ -28,11 +28,13 @@ file: path: /var/stunnel/chroot/etc state: directory + mode: 0755 - name: Création des fichiers du chroot file: path: "/var/stunnel/chroot/etc/{{ item }}" state: touch + mode: 0644 loop: - hosts.allow - hosts.deny diff --git a/roles/dbserver/tasks/stunnel.yml b/roles/dbserver/tasks/stunnel.yml index f7cb29e..4338664 100644 --- a/roles/dbserver/tasks/stunnel.yml +++ b/roles/dbserver/tasks/stunnel.yml @@ -36,11 +36,13 @@ file: path: /var/stunnel/chroot/etc state: directory + mode: 0755 - name: Création des fichiers du chroot file: path: "/var/stunnel/chroot/etc/{{ item }}" state: touch + mode: 0644 loop: - hosts.allow - hosts.deny diff --git a/roles/diagnostics/tasks/hidsdb.yml b/roles/diagnostics/tasks/hidsdb.yml index 5a1c108..a42e72c 100644 --- a/roles/diagnostics/tasks/hidsdb.yml +++ b/roles/diagnostics/tasks/hidsdb.yml @@ -11,6 +11,7 @@ template: src: aidedb-global.txt.j2 dest: /root/aidedb-global.txt + mode: 0600 tags: hidsdb - name: fetch database hash informations diff --git a/roles/imserver/tasks/stunnel.yml b/roles/imserver/tasks/stunnel.yml index f82959d..e68b310 100644 --- a/roles/imserver/tasks/stunnel.yml +++ b/roles/imserver/tasks/stunnel.yml @@ -32,11 +32,13 @@ file: path: /var/stunnel/chroot/etc state: directory + mode: 0755 - name: Création des fichiers du chroot file: path: "/var/stunnel/chroot/etc/{{ item }}" state: touch + mode: 0644 loop: - hosts.allow - hosts.deny diff --git a/roles/nfsserver/tasks/stunnel.yml b/roles/nfsserver/tasks/stunnel.yml index 4f1b56c..3fc3143 100644 --- a/roles/nfsserver/tasks/stunnel.yml +++ b/roles/nfsserver/tasks/stunnel.yml @@ -26,11 +26,13 @@ file: path: /var/stunnel/chroot/etc state: directory + mode: 0755 - name: Création des fichiers du chroot file: path: "/var/stunnel/chroot/etc/{{ item }}" state: touch + mode: 0644 loop: - hosts.allow - hosts.deny diff --git a/roles/phpworker/tasks/stunnel.yml b/roles/phpworker/tasks/stunnel.yml index c00cd20..e1437fa 100644 --- a/roles/phpworker/tasks/stunnel.yml +++ b/roles/phpworker/tasks/stunnel.yml @@ -32,11 +32,13 @@ file: path: /var/stunnel/chroot/etc state: directory + mode: 0755 - name: Création des fichiers du chroot file: path: "/var/stunnel/chroot/etc/{{ item }}" state: touch + mode: 0644 loop: - hosts.allow - hosts.deny diff --git a/roles/reverseproxy/tasks/stunnel.yml b/roles/reverseproxy/tasks/stunnel.yml index 1d221ed..0a00d5a 100644 --- a/roles/reverseproxy/tasks/stunnel.yml +++ b/roles/reverseproxy/tasks/stunnel.yml @@ -44,11 +44,13 @@ file: path: /var/stunnel/chroot/etc state: directory + mode: 0755 - name: Création des fichiers du chroot file: path: "/var/stunnel/chroot/etc/{{ item }}" state: touch + mode: 0644 loop: - hosts.allow - hosts.deny diff --git a/roles/torrelay/tasks/config.yml b/roles/torrelay/tasks/config.yml index f9cd978..c41ca64 100644 --- a/roles/torrelay/tasks/config.yml +++ b/roles/torrelay/tasks/config.yml @@ -2,6 +2,7 @@ file: path: /etc/systemd/system/tor.service.d state: directory + mode: 0755 - name: Réglage du timeout du service systemd copy: @@ -16,6 +17,7 @@ file: path: /etc/systemd/system/tor@.service.d state: directory + mode: 0755 when: process is defined - name: Réglage du timeout des instances systemd @@ -37,6 +39,7 @@ file: path: /usr/local/share/tor state: directory + mode: 0755 - name: Installation de la page html copy: |