From d821a1646b5c9796e23842232435584b052f2291 Mon Sep 17 00:00:00 2001
From: saibotk <git@saibotk.de>
Date: Sat, 26 Sep 2020 21:32:38 +0200
Subject: [PATCH] gitlab: Adjust directory permissions

This patch reduces the permissions on the install directory to just the root user and also fixes the ansible-lint issue for specifying the `mode`.
For all container mounted volumes, the ansible-lint rule is disabled, as codimd takes care of the permissions etc.
---
 roles/gitlab/tasks/main.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml
index a180581..624eb76 100644
--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
@@ -35,6 +35,9 @@
   file:
     path: "{{ item }}"
     state: directory
+    mode: '0700'
+    owner: 'root'
+    group: 'root'
   with_items:
     - "{{ gitlab_install_location }}"
   tags:
@@ -42,9 +45,11 @@
   become: true
 
 - name: Create data directory
-  file:
+  file: # noqa 208 # Container manages permissions on its own
     path: "{{ item }}"
     state: directory
+    owner: 'root'
+    group: 'root'
     setype: "container_file_t"
   with_items:
     - "{{ gitlab_data_location }}"