saibotk-de/infrastructure
saibotk-de/infrastructure
1
0
Fork 0
Code Issues Pull requests Releases 42 Activity

mastodon: Adjust directory permissions

Browse source 
This patch reduces the permissions on the install directory to just the root user and also fixes the ansible-lint issue by specifying the `mode`.
For all container mounted volumes, the ansible-lint rule is disabled, as the container takes care of the permissions etc.
This commit is contained in:
saibotk 2020-09-26 21:36:25 +02:00
parent 22302117fa
commit 1d7d56814e
No known key found for this signature in database
GPG key ID: A3299C587D5DF523
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
roles/mastodon/tasks/main.yml
View file

@ -36,12 +36,15 @@
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
mode: '0700'
owner: 'root'
group: 'root'
with_items: with_items:
- "{{ mastodon_install_location }}" - "{{ mastodon_install_location }}"
become: true become: true
- name: Create data directories - name: Create data directories
file: file: # noqa 208 # Container manages permissions on its own
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
setype: "container_file_t" setype: "container_file_t"
@ -56,8 +59,9 @@
- name: Create public data directory - name: Create public data directory
file: file:
path: "{{ mastodon_public_location }}/system" path: "{{ mastodon_public_location }}/system"
owner: "991" mode: '0755'
group: "991" owner: '991'
group: '991'
state: directory state: directory
setype: "container_file_t" setype: "container_file_t"
become: true become: true