From a2e60972c72105d7c986fef989d076c05564d1ef Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Sun, 5 Nov 2023 21:34:19 -0500 Subject: [PATCH] Comply with linting on proxy setup --- roles/bitwarden/handlers/main.yml | 14 +++++++++++++- roles/bitwarden/tasks/main.yml | 21 +++++++-------------- roles/gitea/tasks/main.yml | 7 ++++++- roles/mariadb/handlers/main.yml | 2 +- roles/mariadb/tasks/main.yml | 2 +- roles/proxy/handlers/main.yml | 2 +- 6 files changed, 29 insertions(+), 19 deletions(-) diff --git a/roles/bitwarden/handlers/main.yml b/roles/bitwarden/handlers/main.yml index 1253c45..38d39dd 100644 --- a/roles/bitwarden/handlers/main.yml +++ b/roles/bitwarden/handlers/main.yml @@ -5,7 +5,12 @@ listen: rebuild_bitwarden - name: Rebuild Bitwarden - ansible.builtin.shell: "{{ bitwarden_root }}/bitwarden.sh rebuild" + ansible.builtin.command: "{{ bitwarden_root }}/bitwarden.sh rebuild" + listen: rebuild_bitwarden + +- name: Reload systemd manager configuration + ansible.builtin.systemd: + daemon_reload: true listen: rebuild_bitwarden - name: Start Bitwarden after rebuild @@ -14,3 +19,10 @@ state: started enabled: true listen: rebuild_bitwarden + +- name: Create Bitwarden's initial log file + ansible.builtin.file: + path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt" + state: touch + mode: "644" + listen: touch_bitwarden diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index c21d37c..83855cf 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -7,6 +7,7 @@ ansible.builtin.file: path: "{{ bitwarden_root }}" state: directory + mode: "755" - name: Download Bitwarden script ansible.builtin.get_url: @@ -22,7 +23,7 @@ mode: u+x - name: Run Bitwarden installation script - ansible.builtin.shell: "{{ bitwarden_root }}/bw_wrapper" + ansible.builtin.command: "{{ bitwarden_root }}/bw_wrapper" args: creates: "{{ bitwarden_root }}/bwdata/config.yml" @@ -30,6 +31,7 @@ ansible.builtin.template: src: compose.override.yml.j2 dest: "{{ bitwarden_root }}/bwdata/docker/docker-compose.override.yml" + mode: "644" when: bitwarden_override | default(true) notify: rebuild_bitwarden @@ -76,6 +78,7 @@ ansible.builtin.template: src: bitwarden.service.j2 dest: "/etc/systemd/system/{{ bitwarden_name }}.service" + mode: "644" register: bitwarden_systemd notify: rebuild_bitwarden @@ -83,22 +86,12 @@ ansible.builtin.file: path: "{{ bitwarden_logs_identity }}" state: directory - register: bitwarden_logs - -- name: Create Bitwarden's initial log file - ansible.builtin.file: - path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt" - state: touch - when: bitwarden_logs.changed + mode: "755" + notify: touch_bitwarden - name: Install Bitwarden's Fail2ban jail ansible.builtin.template: src: fail2ban-jail.conf.j2 dest: /etc/fail2ban/jail.d/bitwarden.conf + mode: "640" notify: restart_fail2ban - -- name: Reload systemd manager configuration - ansible.builtin.systemd: - daemon_reload: true - when: bitwarden_systemd.changed - notify: rebuild_bitwarden diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 9fb1a24..8d2db15 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -21,6 +21,7 @@ - name: Create git's .ssh directory ansible.builtin.file: path: /home/git/.ssh + mode: "700" state: directory - name: Generate git's SSH keys @@ -40,6 +41,7 @@ - name: Create git's authorized_keys file ansible.builtin.file: path: /home/git/.ssh/authorized_keys + mode: "600" state: touch when: not git_authkeys.stat.exists @@ -53,21 +55,24 @@ ansible.builtin.template: src: gitea.sh.j2 dest: /usr/local/bin/gitea - mode: 0755 + mode: "755" - name: Create Gitea's logging directory ansible.builtin.file: name: /var/log/gitea state: directory + mode: "755" - name: Install Gitea's Fail2ban filter ansible.builtin.template: src: fail2ban-filter.conf.j2 dest: /etc/fail2ban/filter.d/gitea.conf + mode: "644" notify: restart_fail2ban - name: Install Gitea's Fail2ban jail ansible.builtin.template: src: fail2ban-jail.conf.j2 dest: /etc/fail2ban/jail.d/gitea.conf + mode: "640" notify: restart_fail2ban diff --git a/roles/mariadb/handlers/main.yml b/roles/mariadb/handlers/main.yml index 3a13136..3d2ca52 100644 --- a/roles/mariadb/handlers/main.yml +++ b/roles/mariadb/handlers/main.yml @@ -6,7 +6,7 @@ listen: restart_mariadb - name: Set MariaDB as restarted - set_fact: + ansible.builtin.set_fact: mariadb_restarted: true when: not mariadb_restarted listen: restart_mariadb diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index f30b02a..967b56b 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -4,7 +4,7 @@ state: present - name: Set MariaDB restarted fact - set_fact: + ansible.builtin.set_fact: mariadb_restarted: false - name: Regather facts for the potentially new docker0 interface diff --git a/roles/proxy/handlers/main.yml b/roles/proxy/handlers/main.yml index 5edb4b6..5e59514 100644 --- a/roles/proxy/handlers/main.yml +++ b/roles/proxy/handlers/main.yml @@ -12,4 +12,4 @@ ansible.builtin.service: name: nginx state: reloaded - listen: reload_nginx \ No newline at end of file + listen: reload_nginx