From 1d7d56814e2895c4e91a04563f2c3757ae7b15f9 Mon Sep 17 00:00:00 2001
From: saibotk <git@saibotk.de>
Date: Sat, 26 Sep 2020 21:36:25 +0200
Subject: [PATCH] mastodon: Adjust directory permissions

This patch reduces the permissions on the install directory to just the root user and also fixes the ansible-lint issue by specifying the `mode`.
For all container mounted volumes, the ansible-lint rule is disabled, as the container takes care of the permissions etc.
---
 roles/mastodon/tasks/main.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml
index 9833b57..a33250a 100644
--- a/roles/mastodon/tasks/main.yml
+++ b/roles/mastodon/tasks/main.yml
@@ -36,12 +36,15 @@
   file:
     path: "{{ item }}"
     state: directory
+    mode: '0700'
+    owner: 'root'
+    group: 'root'
   with_items:
     - "{{ mastodon_install_location }}"
   become: true
 
 - name: Create data directories
-  file:
+  file: # noqa 208 # Container manages permissions on its own
     path: "{{ item }}"
     state: directory
     setype: "container_file_t"
@@ -56,8 +59,9 @@
 - name: Create public data directory
   file:
     path: "{{ mastodon_public_location }}/system"
-    owner: "991"
-    group: "991"
+    mode: '0755'
+    owner: '991'
+    group: '991'
     state: directory
     setype: "container_file_t"
   become: true