Consistently resolve yamllint octal findings

.yamllint

@@ -30,8 +30,10 @@ rules:
   new-line-at-end-of-file: disable
   new-lines:
     type: unix
+  # The following 'forbid-*' rules may not mean what you think they mean.
+  # See: https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.octal_values
   octal-values:
-    forbid-explicit-octal: false
+    forbid-explicit-octal: true
     forbid-implicit-octal: true
   trailing-spaces: disable
   truthy: disable

molecule/branding/converge.yml

@@ -23,7 +23,9 @@
         content: |
           {{ vars | to_yaml }}
         dest: '{{ molecule_ephemeral_directory }}/ansible-vars.yml'
-        mode: 0o600
+        owner: 'root'
+        group: 'root'
+        mode: '0o600'
       changed_when: false
       delegate_to: localhost
 

molecule/default/converge.yml

@@ -38,7 +38,9 @@
         content: |
           {{ vars | to_yaml }}
         dest: '{{ molecule_ephemeral_directory }}/ansible-vars.yml'
-        mode: 0o600
+        owner: 'root'
+        group: 'root'
+        mode: '0o600'
       changed_when: false
       delegate_to: localhost
 

molecule/delegated/converge.yml

@@ -37,7 +37,9 @@
         content: |
           {{ vars | to_yaml }}
         dest: '{{ molecule_ephemeral_directory }}/ansible-vars.yml'
-        mode: 0o600
+        owner: 'root'
+        group: 'root'
+        mode: '0o600'
       changed_when: false
       delegate_to: localhost
 

molecule/dropins/converge.yml

@@ -13,7 +13,9 @@
         content: |
           {{ vars | to_yaml }}
         dest: '{{ molecule_ephemeral_directory }}/ansible-vars.yml'
-        mode: 0o600
+        owner: 'root'
+        group: 'root'
+        mode: '0o600'
       changed_when: false
       delegate_to: localhost
 

molecule/ip_in_issue/converge.yml

@@ -28,7 +28,9 @@
         content: |
           {{ vars | to_yaml }}
         dest: '{{ molecule_ephemeral_directory }}/ansible-vars.yml'
-        mode: 0o600
+        owner: 'root'
+        group: 'root'
+        mode: '0o600'
       changed_when: false
       delegate_to: localhost
 

molecule/kali_like/converge.yml

@@ -13,7 +13,9 @@
         content: |
           {{ vars | to_yaml }}
         dest: '{{ molecule_ephemeral_directory }}/ansible-vars.yml'
-        mode: 0o600
+        owner: 'root'
+        group: 'root'
+        mode: '0o600'
       changed_when: false
       delegate_to: localhost
 

molecule/kdmt/converge.yml

@@ -23,7 +23,9 @@
         content: |
           {{ vars | to_yaml }}
         dest: '{{ molecule_ephemeral_directory }}/ansible-vars.yml'
-        mode: 0o600
+        owner: 'root'
+        group: 'root'
+        mode: '0o600'
       changed_when: false
       delegate_to: localhost
 

molecule/shared/prepare.yml

@@ -17,9 +17,9 @@
       ansible.builtin.copy:
         src: 'config.txt'
         dest: '/boot/config.txt'
-        owner: root
-        group: root
-        mode: 0o640
+        owner: 'root'
+        group: 'root'
+        mode: '0o640'
       when: boot_config.stat.exists is false
 
     - name: Stat `/boot/cmdline.txt` file.
@@ -31,9 +31,9 @@
       ansible.builtin.copy:
         src: 'cmdline.txt'
         dest: '/boot/cmdline.txt'
-        owner: root
-        group: root
-        mode: 0o640
+        owner: 'root'
+        group: 'root'
+        mode: '0o640'
       when: boot_cmdline.stat.exists is false
 
     - name: Include account enumeration tasks.
@@ -45,7 +45,7 @@
         state: directory
         owner: '{{ user }}'
         group: '{{ user }}'
-        mode: 0o700
+        mode: '0o700'
       loop: '{{ accounts }}'
       loop_control:
         loop_var: user

playbooks/install-zaproxy.yml

@@ -70,9 +70,9 @@
           ansible.builtin.copy:
             src: '{{ zaproxy_deb_dir }}{{ zaproxy_deb }}'
             dest: '/tmp//{{ zaproxy_deb }}'
-            owner: root
-            group: root
-            mode: 0o660
+            owner: 'root'
+            group: 'root'
+            mode: '0o660'
           become: true
 
         - name: Ensure zaproxy DEB is installed.

roles/branding/tasks/boot_splash.yml

@@ -14,7 +14,7 @@
     state: present
     owner: 'root'
     group: 'root'
-    mode: 0o640
+    mode: '0o640'
   become: true
   when: branding__boot_config.stat.exists
 
@@ -31,7 +31,7 @@
     state: absent
     owner: 'root'
     group: 'root'
-    mode: 0o640
+    mode: '0o640'
     backup: false
   become: true
   check_mode: true
@@ -49,7 +49,7 @@
     backup: false
     owner: 'root'
     group: 'root'
-    mode: 0o640
+    mode: '0o640'
   become: true
   when: branding__boot_cmdline.stat.exists and not branding__nologo_exists.found
 
@@ -76,9 +76,9 @@
   ansible.builtin.template:
     src: 'splashscreen.service.j2'
     dest: '/lib/systemd/system/splashscreen.service'
-    owner: root
-    group: root
-    mode: 0o644
+    owner: 'root'
+    group: 'root'
+    mode: '0o644'
   become: true
   notify: Enable splashscreen
 

roles/branding/tasks/check_custom_splash.yml

@@ -38,9 +38,9 @@
         src: '/boot/custom-splash.jpg'
         dest: '/root/custom-splash.jpg'
         remote_src: true
-        owner: root
-        group: root
-        mode: 0o644
+        owner: 'root'
+        group: 'root'
+        mode: '0o644'
 
     - name: Ensure `/boot/custom-splash.jpg` is absent.
       ansible.builtin.file:
@@ -64,9 +64,9 @@
       ansible.builtin.copy:
         src: '{{ branding__custom_splash }}'
         dest: '/root/custom-splash{{ branding__custom_splash_ext }}'
-        owner: root
-        group: root
-        mode: 0o644
+        owner: 'root'
+        group: 'root'
+        mode: '0o644'
 
     - name: Ensure file exists in `.jpg` format.
       ansible.builtin.shell: >

roles/branding/tasks/clipit-nohistory.yml

@@ -15,7 +15,7 @@
     state: directory
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0o750
+    mode: '0o750'
     recurse: false
   become: true
 
@@ -25,7 +25,7 @@
     dest: '{{ homedir[user] }}/.config/clipit/clipitrc'
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0o640
+    mode: '0o640'
   become: true
   when: not branding__clipitrc.stat.exists
 

roles/branding/tasks/lxde-desktop-configure.yml

@@ -67,7 +67,7 @@
     state: directory
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0o750
+    mode: '0o750'
   become: true
   become_user: '{{ user }}'
   loop: '{{ branding__config_templates }}'
@@ -83,7 +83,7 @@
     dest: "{{ branding__dot_config_dir + item | replace('.j2', '') }}"
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0o750
+    mode: '0o750'
   become: true
   become_user: '{{ user }}'
   loop: '{{ branding__config_templates }}'

roles/branding/tasks/main.yml

@@ -95,19 +95,19 @@
   ansible.builtin.file:
     path: '{{ branding__lxde_wallpapers_directory }}'
     state: directory
-    owner: root
-    group: root
-    mode: 0o755
+    owner: 'root'
+    group: 'root'
+    mode: '0o755'
   become: true
 
 - name: Ensure `custom-splash.jpg` is an optional desktop background.
   ansible.builtin.copy:
     src: '/root/custom-splash.jpg'
     dest: '{{ branding__lxde_wallpapers_directory }}/custom-splash.jpg'
     remote_src: true
-    owner: root
-    group: root
-    mode: 0o644
+    owner: 'root'
+    group: 'root'
+    mode: '0o644'
   become: true
 
 # https://martin.hoppenheit.info/blog/2016/where-to-put-application-icons-on-linux/

roles/dropins/tasks/main.yml

@@ -42,9 +42,9 @@
   ansible.builtin.copy:
     src: dotlocal.sh
     dest: /etc/profile.d/dotlocal.sh
-    owner: root
-    group: root
-    mode: 0o644
+    owner: 'root'
+    group: 'root'
+    mode: '0o644'
   become: true
 
 # vim: ft=ansible :

roles/dropins/tasks/setup_dropin.yml

@@ -61,7 +61,7 @@
       ansible.builtin.template:
         dest: '{{ dropins__dropin_path }}'
         src: 'dropin_header.j2'
-        mode: 0o640
+        mode: '0o640'
       register: dropins__copy_result
       when: not dropins__file_result.stat.exists
 

roles/ip_in_issue/tasks/main.yml

@@ -101,9 +101,9 @@
   ansible.builtin.template:
     src: issue.j2
     dest: /etc/issue
-    owner: root
-    group: root
-    mode: 0o644
+    owner: 'root'
+    group: 'root'
+    mode: '0o644'
   register: ip_in_issue__etc_issue
   changed_when:
     - ip_in_issue__etc_issue.changed
@@ -134,9 +134,9 @@
   ansible.builtin.file:
     path: /etc/issue.d
     state: directory
-    owner: root
-    group: root
-    mode: 0o755
+    owner: 'root'
+    group: 'root'
+    mode: '0o755'
   become: true
 
   # NetworkManager randomizes the MAC address on the `wlan0`
@@ -148,9 +148,9 @@
   ansible.builtin.template:
     src: '{{ item }}'
     dest: '/etc/issue.d/{{ item.replace(".j2", "") | basename }}'
-    owner: root
-    group: root
-    mode: 0o644
+    owner: 'root'
+    group: 'root'
+    mode: '0o644'
   with_items: '{{ ip_in_issue__issue_templates }}'
   changed_when: false
   become: true

roles/kali_like/tasks/install_helper_scripts.yml

@@ -24,7 +24,7 @@
     state: directory
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0o750
+    mode: '0o750'
   become: true
   when: not kali_like__dot_local_result.stat.exists
 
@@ -34,7 +34,7 @@
     dest: "{{ kali_like__dot_local_bin + item | replace('.sh.j2', '') }}"
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0o755
+    mode: '0o755'
   become: true
   loop: '{{ kali_like__script_templates }}'
 

roles/kali_like/tasks/main.yml

@@ -66,7 +66,7 @@
     state: directory
     owner: 'root'
     group: 'root'
-    mode: 0o755
+    mode: '0o755'
   become: true
 
 - name: Ensure kali-applications.menu exists.
@@ -75,7 +75,7 @@
     dest: '/etc/xdg/menus/applications-merged/kali-applications.menu'
     owner: 'root'
     group: 'root'
-    mode: 0o644
+    mode: '0o644'
   become: true
 
 - name: Include hostname configuration tasks.