ansible-lint: Forbidden implicit octal value 'xxxx'

Convert the permissions to strings to avoid octal interpretation. Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
2024-05-08 23:46:02 +02:00 · 2023-02-18 09:35:40 +00:00 · 2023-02-18 09:35:40 +00:00 · 3ac1bac037
parent f5524d4b78
commit 3ac1bac037
13 changed files with 28 additions and 28 deletions
--- a/roles/archbuild/tasks/main.yml
+++ b/roles/archbuild/tasks/main.yml
@ -79,7 +79,7 @@
    path: '/var/lib/{{ "/".join(item) }}'
    owner: root
    group: root
-    mode: 0777
+    mode: '0777'
  with_nested:
    - [archbuilddest]
    - [srcdest]
--- a/roles/archive/tasks/main.yml
+++ b/roles/archive/tasks/main.yml
@ -7,7 +7,7 @@
    state: directory
    owner: archive
    group: archive
-    mode: 0755
+    mode: '0755'

 - name: Setup archive configuration
  template:
@ -15,7 +15,7 @@
    dest: /etc/archive.conf
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'

 - name: Setup archive timer
  systemd: name=archive.timer enabled=yes state=started
--- a/roles/archive_web/tasks/main.yml
+++ b/roles/archive_web/tasks/main.yml
@ -10,7 +10,7 @@
    dest: /etc/nginx/nginx.d/archive.conf
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  notify:
    - Reload nginx
  tags: ['nginx']
@ -21,4 +21,4 @@
    state: directory
    owner: root
    group: root
-    mode: 0755
+    mode: '0755'
--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@ -263,7 +263,7 @@
    state: touch
    owner: "{{ aurweb_user }}"
    group: http
-    mode: 0644
+    mode: '0644'
  when: git.changed

 - name: Create git repo dir
--- a/roles/borg_server/tasks/main.yml
+++ b/roles/borg_server/tasks/main.yml
@ -12,7 +12,7 @@
    state: directory
    owner: borg
    group: borg
-    mode: 0700
+    mode: '0700'

 - name: Create the root backup directory at {{ backup_dir }}
  file:
@ -20,7 +20,7 @@
    state: directory
    owner: borg
    group: borg
-    mode: 0700
+    mode: '0700'
  with_items: "{{ backup_clients }}"

 - name: Fetch ssh keys from each borg client machine
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@ -11,7 +11,7 @@
    state: "directory"
    owner: "root"
    group: "root"
-    mode: 0755
+    mode: '0755'

 - name: Install systemd unit override file
  template:
@ -19,7 +19,7 @@
    dest: "/etc/systemd/system/fail2ban.service.d/override.conf"
    owner: "root"
    group: "root"
-    mode: 0644
+    mode: '0644'

 - name: Install local config files
  template:
@ -27,7 +27,7 @@
    dest: "/etc/fail2ban/{{ item }}"
    owner: "root"
    group: "root"
-    mode: 0644
+    mode: '0644'
  with_items:
    - "fail2ban.local"
    - "jail.local"
@ -40,7 +40,7 @@
    dest: "/etc/fail2ban/action.d/firewallcmd-allports.local"
    owner: "root"
    group: "root"
-    mode: 0644
+    mode: '0644'
  notify:
    - Restart fail2ban

@ -51,7 +51,7 @@
    dest: "/etc/fail2ban/jail.d/sshd.local"
    owner: "root"
    group: "root"
-    mode: 0644
+    mode: '0644'
  notify:
    - Reload fail2ban jails

@ -62,7 +62,7 @@
    dest: "/etc/fail2ban/jail.d/postfix.local"
    owner: "root"
    group: "root"
-    mode: 0644
+    mode: '0644'
  notify:
    - Reload fail2ban jails

@ -73,7 +73,7 @@
    dest: "/etc/fail2ban/jail.d/dovecot.local"
    owner: "root"
    group: "root"
-    mode: 0644
+    mode: '0644'
  notify:
    - Reload fail2ban jails

@ -84,7 +84,7 @@
    dest: "/etc/fail2ban/jail.d/nginx-limit-req.local"
    owner: "root"
    group: "root"
-    mode: 0644
+    mode: '0644'
  notify:
    - Reload fail2ban jails

--- a/roles/hetzner_storagebox/tasks/main.yml
+++ b/roles/hetzner_storagebox/tasks/main.yml
@ -99,7 +99,7 @@
  blockinfile:
    path: /root/.ssh/config
    create: true
-    mode: 0600
+    mode: '0600'
    block: |
      Host {{ storagebox_hostname }}
        User {{ backup_client_usernames[item] }}
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@ -57,7 +57,7 @@
  get_url:
    url: "{{ item }}"
    dest: /tmp/
-    mode: 0644
+    mode: '0644'
  loop:
    - https://geo.mirror.pkgbuild.com/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.gz
    - https://archlinux.org/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.gz.sig
@ -151,7 +151,7 @@
    path: /mnt/etc/default/grub
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
    regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
    line: "GRUB_CMDLINE_LINUX_DEFAULT=\"rootflags=compress-force=zstd\""
  when: filesystem == "btrfs"
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@ -57,7 +57,7 @@
    password: "{{ vault_keycloak_nginx_passwd }}"
    owner: root
    group: http
-    mode: 0640
+    mode: '0640'

 - name: Create ssl cert
  include_role:
--- a/roles/maintenance/tasks/main.yml
+++ b/roles/maintenance/tasks/main.yml
@ -14,7 +14,7 @@
    dest: "{{ service_nginx_conf }}"
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  notify: Reload nginx
  when: service_nginx_template is not defined and maintenance is defined and maintenance | bool

@ -24,7 +24,7 @@
    dest: "{{ service_nginx_conf }}"
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  notify: Reload nginx
  when: service_nginx_template is defined and maintenance is defined and maintenance | bool

@ -34,7 +34,7 @@
    dest: "{{ maintenance_http_dir }}/{{ service_domain }}/503.html"
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  when: maintenance is defined and maintenance | bool

 - name: Force reload nginx
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@ -238,7 +238,7 @@
    dest: /etc/synapse/{{ matrix_server_name }}.signing.key
    owner: root
    group: synapse
-    mode: 0640
+    mode: '0640'

 - name: Install ircpass key  # noqa template-instead-of-copy
  copy:
@ -246,7 +246,7 @@
    dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key
    owner: root
    group: synapse
-    mode: 0640
+    mode: '0640'

 - name: Make nginx log dir
  file: path=/var/log/nginx/{{ matrix_domain }} state=directory owner=root group=root mode=0755
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@ -14,7 +14,7 @@
    group: postgres
    attributes: "+C"
    path: /var/lib/postgres/data
-    mode: 0700
+    mode: '0700'
  when: filesystem == "btrfs"

 - name: Initialize postgres
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@ -20,7 +20,7 @@
    insertafter: '^# %wheel ALL=\(ALL\) ALL'
    line: '%wheel ALL=(ALL) ALL'
    validate: 'visudo -cf %s'
-    mode: 0440
+    mode: '0440'
    owner: root
    group: root

@ -32,6 +32,6 @@
    insertafter: '^# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
    line: 'Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin"'
    validate: 'visudo -cf %s'
-    mode: 0440
+    mode: '0440'
    owner: root
    group: root