diff --git a/tasks/setup_cluster.yml b/tasks/setup_cluster.yml
index c0b1110..9755324 100644
--- a/tasks/setup_cluster.yml
+++ b/tasks/setup_cluster.yml
@@ -77,14 +77,16 @@
         verbosity: 3
 
 - name: setup_cluster | configuring settings for mariadb and galera
-  template:
-    src: "{{ item }}.j2"
-    dest: "/{{ item }}"
-    mode: "0644"
+  ansible.builtin.template:
+    src: "{{ file.name }}.j2"
+    dest: "/{{ file.name }}"
+    mode: "{{ file.mode |default ('0644') }}"
     follow: true
   become: true
   register: "_mariadb_galera_cluster_reconfigured"
   loop: "{{ mariadb_confs }}"
+  loop_control:
+    loop_var: file
 
 - name: setup_cluster | cluster rolling restart - apply config changes (first node)
   include_tasks: manage_node_state.yml
@@ -162,11 +164,13 @@
     not galera_cluster_configured.stat.exists
 
 - name: setup_cluster | cluster bootstrap - configuring final galera config for first node
-  template:
-    src: "{{ item }}.j2"
-    dest: "/{{ item }}"
-    mode: "0644"
+  ansible.builtin.template:
+    src: "{{ file.name }}.j2"
+    dest: "/{{ file.name }}"
+    mode: "{{ file.mode |default ('0644') }}"
   loop: "{{ mariadb_confs }}"
+  loop_control:
+    loop_var: file
   become: true
   when: >
     not galera_cluster_configured.stat.exists and
diff --git a/vars/centos-8.yml b/vars/centos-8.yml
index 1be0749..1fb84fb 100644
--- a/vars/centos-8.yml
+++ b/vars/centos-8.yml
@@ -12,7 +12,7 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/my.cnf.d/certificates"
 mariadb_systemd_service_name: "mariadb"
 mariadb_confs:
-  - "etc/my.cnf.d/server.cnf"
+  - name: "etc/my.cnf.d/server.cnf"
 mariadb_temp_confs:
   - "etc/my.cnf.d/server.cnf"
 galera_wsrep_provider: "/usr/lib64/galera-4/libgalera_smm.so"
diff --git a/vars/debian-11.yml b/vars/debian-11.yml
index 05c77c9..81bf31a 100644
--- a/vars/debian-11.yml
+++ b/vars/debian-11.yml
@@ -14,9 +14,10 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/mysql/certificates"
 mariadb_systemd_service_name: "mariadb"
 mariadb_confs:
-  - "etc/mysql/debian.cnf"
-  - "etc/mysql/my.cnf"
-  - "etc/mysql/conf.d/galera.cnf"
+  - name: "etc/mysql/debian.cnf"
+    mode: "0600"
+  - name: "etc/mysql/my.cnf"
+  - name: "etc/mysql/conf.d/galera.cnf"
 mariadb_temp_confs:
   - "etc/mysql/conf.d/galera.cnf"
 galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"
diff --git a/vars/debian-12.yml b/vars/debian-12.yml
index 05c77c9..81bf31a 100644
--- a/vars/debian-12.yml
+++ b/vars/debian-12.yml
@@ -14,9 +14,10 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/mysql/certificates"
 mariadb_systemd_service_name: "mariadb"
 mariadb_confs:
-  - "etc/mysql/debian.cnf"
-  - "etc/mysql/my.cnf"
-  - "etc/mysql/conf.d/galera.cnf"
+  - name: "etc/mysql/debian.cnf"
+    mode: "0600"
+  - name: "etc/mysql/my.cnf"
+  - name: "etc/mysql/conf.d/galera.cnf"
 mariadb_temp_confs:
   - "etc/mysql/conf.d/galera.cnf"
 galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"
diff --git a/vars/debian.yml b/vars/debian.yml
index 9bc0190..9f7d402 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -15,9 +15,10 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/mysql/certificates"
 mariadb_systemd_service_name: "mysql"
 mariadb_confs:
-  - "etc/mysql/debian.cnf"
-  - "etc/mysql/my.cnf"
-  - "etc/mysql/conf.d/galera.cnf"
+  - name: "etc/mysql/debian.cnf"
+    mode: 0600
+  - name: "etc/mysql/my.cnf"
+  - name: "etc/mysql/conf.d/galera.cnf"
 mariadb_temp_confs:
   - "etc/mysql/conf.d/galera.cnf"
 galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"
diff --git a/vars/fedora.yml b/vars/fedora.yml
index 475725c..da42ddd 100644
--- a/vars/fedora.yml
+++ b/vars/fedora.yml
@@ -10,7 +10,7 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/my.cnf.d/certificates"
 mariadb_systemd_service_name: "mariadb"
 mariadb_confs:
-  - "etc/my.cnf.d/server.cnf"
+  - name: "etc/my.cnf.d/server.cnf"
 mariadb_temp_confs:
   - "etc/my.cnf.d/server.cnf"
 galera_wsrep_provider: "/usr/lib64/galera-4/libgalera_smm.so"
diff --git a/vars/redhat.yml b/vars/redhat.yml
index ceef253..9852a6d 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -10,7 +10,7 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/my.cnf.d/certificates"
 mariadb_systemd_service_name: "mysql"
 mariadb_confs:
-  - "etc/my.cnf.d/server.cnf"
+  - name: "etc/my.cnf.d/server.cnf"
 mariadb_temp_confs:
   - "etc/my.cnf.d/server.cnf"
 galera_wsrep_provider: "/usr/lib64/galera-4/libgalera_smm.so"
diff --git a/vars/rocky-8.yml b/vars/rocky-8.yml
index 636fc1d..c0f55ad 100644
--- a/vars/rocky-8.yml
+++ b/vars/rocky-8.yml
@@ -13,7 +13,7 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/my.cnf.d/certificates"
 mariadb_systemd_service_name: "mariadb"
 mariadb_confs:
-  - "etc/my.cnf.d/server.cnf"
+  - name: "etc/my.cnf.d/server.cnf"
 mariadb_temp_confs:
   - "etc/my.cnf.d/server.cnf"
 galera_wsrep_provider: "/usr/lib64/galera-4/libgalera_smm.so"
diff --git a/vars/rocky-9.yml b/vars/rocky-9.yml
index 413f1e0..cd755ea 100644
--- a/vars/rocky-9.yml
+++ b/vars/rocky-9.yml
@@ -13,7 +13,7 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/my.cnf.d/certificates"
 mariadb_systemd_service_name: "mariadb"
 mariadb_confs:
-  - "etc/my.cnf.d/server.cnf"
+  - name: "etc/my.cnf.d/server.cnf"
 mariadb_temp_confs:
   - "etc/my.cnf.d/server.cnf"
 galera_wsrep_provider: "/usr/lib64/galera-4/libgalera_smm.so"
diff --git a/vars/ubuntu-20.yml b/vars/ubuntu-20.yml
index 4801609..b5b0caf 100644
--- a/vars/ubuntu-20.yml
+++ b/vars/ubuntu-20.yml
@@ -13,9 +13,9 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/mysql/certificates"
 mariadb_systemd_service_name: "mariadb"
 mariadb_confs:
-  - "etc/mysql/debian.cnf"
-  - "etc/mysql/my.cnf"
-  - "etc/mysql/conf.d/galera.cnf"
+  - name: "etc/mysql/debian.cnf"
+  - name: "etc/mysql/my.cnf"
+  - name: "etc/mysql/conf.d/galera.cnf"
 mariadb_temp_confs:
   - "etc/mysql/conf.d/galera.cnf"
 galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"
diff --git a/vars/ubuntu-22.yml b/vars/ubuntu-22.yml
index 4801609..b5b0caf 100644
--- a/vars/ubuntu-22.yml
+++ b/vars/ubuntu-22.yml
@@ -13,9 +13,9 @@ mariabackup_packages:
 mariadb_certificates_dir: "/etc/mysql/certificates"
 mariadb_systemd_service_name: "mariadb"
 mariadb_confs:
-  - "etc/mysql/debian.cnf"
-  - "etc/mysql/my.cnf"
-  - "etc/mysql/conf.d/galera.cnf"
+  - name: "etc/mysql/debian.cnf"
+  - name: "etc/mysql/my.cnf"
+  - name: "etc/mysql/conf.d/galera.cnf"
 mariadb_temp_confs:
   - "etc/mysql/conf.d/galera.cnf"
 galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"